restauth-group

restauth-group manages groups in RestAuth. Groups are a powerful but simple way for managing permissions. A user can be a member in one or more groups, which grants her/him certain rights. Analogous concepts are used on many systems, such as Unix and Windows systems and most content management systems.

A group may itself also be a member of one or more groups, making it the subgroup of the groups of which it is a member, which are in turn called metagroups. A subgroup automatically inherits all memberships from all metagroups. This way you can easily grant users multiple memberships at once.

A group is associated with at most one service that uses RestAuth. A service can only see the groups associated with it. If a group is not associated with any service, the group can not be seen by any service, the only way to modify them is via this script.

Note that a group can be a member of any other group, even it is associated with a different service or none at all. A common use-case would be to have a metagroup called admin that is either not associated with any service or with some central management service. Any other services using RestAuth have their own admin group (which can each have a different name, whatever suits the service best), which are subgroups to the global admin group.

Name of restauth-group

If you installed from source or with pip, the script is installed as restauth-group.py. If you installed RestAuth via your distributions package management system, the script is usually called restauth-group.

Usage

restauth-group [-h] {add,ls,view,set-service,add-user,rename,add-group,rm-user,rm-group,rm} ...

Use one of the commands (either add, add-group, add-user, list, rm, rm-group, rm-user or view) to perform the respective operation. Each command usually requires more arguments to it, see the respective section for arguments (and possible options) for each command.

Getting runtime help

To get an authoritative list of available commands, use:

restauth-group --help

If you want more information on a specific comannd, do:

restauth-group <command> --help

... or see the Available commands section below.

Examples

restauth-group add global_admin_group
Create a group called global_admin_group that is not associated with any service.
restauth-group add --service=example.com local_admin_group
Create a group called local_admin_group that is associated with the service called example.com.
restauth-group view* global_admin_group
View all details of the group global_admin_group.
restauth-group ls
List all groups not associated with any service.
restauth-group ls --service=example.com
List all groups associated with the service example.com.
restauth-group add-user global_admin_group admin_user
Add admin_user to the global_admin_group group.
restauth-group add-user --service=example.com local_admin_group local_admin
Add local_admin to the local_admin_group group.
restauth-group add-group --sub-service=example.com global_admin_group local_admin_group
Make the group local_admin_group a member of the global_admin_group. Any user that is a member of the latter is now automatically a member of the former.
restauth-group rm-group --sub-group=example.com global_admin_group local_admin_group
Remove local_admin_group‘s membership in the global_admin_group.
restauth-group rm-user global_admin_group admin_user
Remove the membership of the user admin_user from the group global_admin_group.
restauth-group rm global_admin_group
Remove the group global_admin_group.

Available commands

The following subsections never document the ‘-h’ parameter for clarity.

add

add [-h] [--service SERVICE] group

Add a new group.

--service SERVICE

Act as if restauth-group was SERVICE.

GROUP

The name of the group.

add-group

add-group [-h] [--service SERVICE] [--sub-service SUBSERVICE] group subgroup

Make a group a subgroup of another group. The subgroup will inherit all memberships from the parent group.

--service SERVICE

Act as if restauth-group was SERVICE.

--sub-service SUBSERVICE

Assume that the named subgroup is from SUBSERVICE.

GROUP

The name of the group.

SUBGROUP

The name of the subgroup.

add-user

add-user [-h] [--service SERVICE] group user

Add a user to a group.

--service SERVICE

Act as if restauth-group was SERVICE.

GROUP

The name of the group.

USER

The name of the user.

ls

ls [-h] [--service SERVICE]

List all groups.

--service SERVICE

Act as if restauth-group was SERVICE.

rename

rename [-h] [--service SERVICE] group NAME

Rename a group.

--service SERVICE

Act as if restauth-group was SERVICE.

GROUP

The name of the group.

NAME

The new name for the group.

rm

rm [-h] [--service SERVICE] group

Remove a group.

--service SERVICE

Act as if restauth-group was SERVICE.

GROUP

The name of the group.

rm-group

rm-group [-h] [--service SERVICE] [--sub-service SUBSERVICE] group subgroup

Remove a subgroup from a group. The subgroup will no longer inherit all memberships from a parent group.

--service SERVICE

Act as if restauth-group was SERVICE.

--sub-service SUBSERVICE

Assume that the named subgroup is from SUBSERVICE.

GROUP

The name of the group.

SUBGROUP

The name of the subgroup.

rm-user

rm-user [-h] [--service SERVICE] group user

Remove a user from a group.

--service SERVICE

Act as if restauth-group was SERVICE.

GROUP

The name of the group.

USER

The name of the user.

set-service

set-service [-h] [--service SERVICE] group [NEW_SERVICE]

Set service of a group.

--service SERVICE

Act as if restauth-group was SERVICE.

GROUP

The name of the group.

[NEW_SERVICE]

New service. If omitted, group will have no service.

view

view [-h] [--service SERVICE] group

View details of a group.

--service SERVICE

Act as if restauth-group was SERVICE.

GROUP

The name of the group.

Influential environment variables

DJANGO_SETTINGS_MODULE

The path to the Django settings module. If not set, RestAuth.settings is used, which should be fine in most cases. For more information, please read the Django documentation.

PYTHONPATH

A semi-colon (‘;’) seperated list of additional directories to search for python modules. The RestAuth installation must be in the module search path for any commands to work. For more information, please read the official python documentation.