Vault¶

class dlkit.services.authorization.Vault(provider_manager, catalog, runtime, proxy, **kwargs)¶

Bases: dlkit.osid.objects.OsidCatalog, dlkit.osid.sessions.OsidSession

A vault defines a collection of authorizations and functions.

get_vault_record(vault_record_type)¶

Gets the vault record corresponding to the given Vault record Type.

This method is used to retrieve an object implementing the requested record. The vault_record_type may be the Type returned in get_record_types() or any of its parents in a Type hierarchy where has_record_type(vault_record_type) is true .

Parameters:	vault_record_type (`osid.type.Type`) – a vault record type
Returns:	the vault record
Return type:	`osid.authorization.records.VaultRecord`
Raise:	`NullArgument` – `vault_record_type` is `null`
Raise:	`OperationFailed` – unable to complete request
Raise:	`Unsupported` – `has_record_type(vault_record_type)` is `false`

compliance: mandatory – This method must be implemented.

Authorization Methods¶

Vault.vault_id¶

Gets the Vault Id associated with this session.

Returns: the Vault Id associated with this session

Return type: osid.id.Id

compliance: mandatory – This method must be implemented.

Vault.vault¶

Gets the Vault associated with this session.

Returns: the Vault associated with this session

Return type: osid.authorization.Vault

Raise: OperationFailed – unable to complete request

Raise: PermissionDenied – authorization failure

compliance: mandatory – This method must be implemented.

Vault.can_access_authorizations()¶

Tests if this user can perform authorization checks.

A return of true does not guarantee successful authorization. A return of false indicates that it is known all methods in this session will result in a PermissionDenied. This is intended as a hint to an application that may opt not to offer lookup operations to unauthorized users.

Returns: false if authorization methods are not authorized, true otherwise

Return type: boolean

compliance: mandatory – This method must be implemented.

Vault.is_authorized(agent_id, function_id, qualifier_id)¶

Determines if the given agent is authorized.

An agent is authorized if an active authorization exists whose Agent, Function and Qualifier matches the supplied parameters. Authorizations may be defined using groupings or hieratchical structures for both the Agent and the Qualifier but are queried in the de-nornmalized form.

The Agent is generally determined through the use of an Authentication OSID. The Function and Qualifier are already known as they map to the desired authorization to validate.

Parameters:

agent_id (osid.id.Id) – the Id of an Agent

function_id (osid.id.Id) – the Id of a Function

qualifier_id (osid.id.Id) – the Id of a Qualifier

Returns:
true if the user is authorized, false othersise

Return type:
boolean

Raise:
NotFound – function_id is not found

Raise:
NullArgument – agent_id , function_id or qualifier_id is null

Raise:
OperationFailed – unable to complete request

Raise:
PermissionDenied – authorization failure making request

compliance: mandatory – This method must be implemented. implementation notes: Authorizations may be stored in a normalized form with respect to various Resources and created using specific nodes in a Function or Qualifer hierarchy. The provider needs to maintain a de-normalized implicit authorization store or expand the applicable hierarchies on the fly to honor this query. Querying the authorization service may in itself require a separate authorization. A PermissionDenied is a result of this authorization failure. If no explicit or implicit authorization exists for the queried tuple, this method should return false.

Vault.get_authorization_condition(function_id)¶

Gets the AuthorizationCondition for making conditional authorization checks.

Parameters: function_id (osid.id.Id) – the Id of a Function

Returns: an authorization condition

Return type: osid.authorization.AuthorizationCondition

Raise: NotFound – function_id is not found

Raise: NullArgument – function_id is null

Raise: OperationFailed – unable to complete request

Raise: PermissionDenied – authorization failure making request

compliance: mandatory – This method must be implemented.

Vault.is_authorized_on_condition(agent_id, function_id, qualifier_id, condition)¶

Determines if the given agent is authorized.

An agent is authorized if an active authorization exists whose Agent, Function and Qualifier matches the supplied parameters. Authorizations may be defined using groupings or hieratchical structures for both the Agent and the Qualifier but are queried in the de-nornmalized form.

The Agent is generally determined through the use of an Authentication OSID. The Function and Qualifier are already known as they map to the desired authorization to validate.

Parameters:

agent_id (osid.id.Id) – the Id of an Agent

function_id (osid.id.Id) – the Id of a Function

qualifier_id (osid.id.Id) – the Id of a Qualifier

condition (osid.authorization.AuthorizationCondition) – an authorization condition

Returns:
true if the user is authorized, false othersise

Return type:
boolean

Raise:
NotFound – function_id is not found

Raise:
NullArgument – agent_id , function_id, qualifier_id , or condition is null

Raise:
OperationFailed – unable to complete request

Raise:
PermissionDenied – authorization failure making request

Raise:
Unsupported – condition is not of this service

compliance: mandatory – This method must be implemented. implementation notes: Authorizations may be stored in a normalized form with respect to various Resources and created using specific nodes in a Function or Qualifer hierarchy. The provider needs to maintain a de-normalized implicit authorization store or expand the applicable hierarchies on the fly to honor this query. Querying the authorization service may in itself require a separate authorization. A PermissionDenied is a result of this authorization failure. If no explicit or implicit authorization exists for the queried tuple, this method should return false.

Authorization Lookup Methods¶

Vault.vault_id

Gets the Vault Id associated with this session.

Returns: the Vault Id associated with this session

Return type: osid.id.Id

compliance: mandatory – This method must be implemented.

Vault.vault

Gets the Vault associated with this session.

Returns: the Vault associated with this session

Return type: osid.authorization.Vault

Raise: OperationFailed – unable to complete request

Raise: PermissionDenied – authorization failure

compliance: mandatory – This method must be implemented.

Vault.can_lookup_authorizations()¶

Tests if this user can perform authorization lookups.

A return of true does not guarantee successful authorization. A return of false indicates that it is known all methods in this session will result in a PermissionDenied. This is intended as a hint to an application that may opt not to offer lookup operations to unauthorized users.

Returns: false if lookup methods are not authorized, true otherwise

Return type: boolean

compliance: mandatory – This method must be implemented.

Vault.use_comparative_authorization_view()¶

The returns from the lookup methods may omit or translate elements based on this session, such as authorization, and not result in an error.

This view is used when greater interoperability is desired at the expense of precision.

compliance: mandatory – This method is must be implemented.

Vault.use_plenary_authorization_view()¶

A complete view of the Authorization returns is desired.

Methods will return what is requested or result in an error. This view is used when greater precision is desired at the expense of interoperability.

compliance: mandatory – This method is must be implemented.

Vault.use_federated_vault_view()¶

Federates the view for methods in this session.

A federated view will include authorizations in vaults which are children of this vault in the vault hierarchy.

compliance: mandatory – This method is must be implemented.

Vault.use_isolated_vault_view()¶

Isolates the view for methods in this session.

An isolated view restricts searches to this vault only.

compliance: mandatory – This method is must be implemented.

Vault.use_effective_authorization_view()¶

Only authorizations whose effective dates are current are returned by methods in this session.

compliance: mandatory – This method is must be implemented.

Vault.use_any_effective_authorization_view()¶

All authorizations of any effective dates are returned by all methods in this session.

compliance: mandatory – This method is must be implemented.

Vault.use_implicit_authorization_view()¶

Sets the view for methods in this session to implicit authorizations.

An implicit view will include authorizations derived from other authorizations as a result of the Qualifier, Function or Resource hierarchies. This method is the opposite of explicit_aut

compliance: mandatory – This method is must be implemented.

Vault.use_explicit_authorization_view()¶

Sets the view for methods in this session to explicit authorizations.

An explicit view includes only those authorizations that were explicitly defined and not implied. This method is the opposite of implicitAuthorizationView().

compliance: mandatory – This method is must be implemented.

Vault.get_authorization(authorization_id)¶

Gets the Authorization specified by its Id.

In plenary mode, the exact Id is found or a NotFound results. Otherwise, the returned Authorization may have a different Id than requested, such as the case where a duplicate Id was assigned to an Authorization and retained for compatibility.

Parameters: authorization_id (osid.id.Id) – the Id of the Authorization to retrieve

Returns: the returned Authorization

Return type: osid.authorization.Authorization

Raise: NotFound – no Authorization found with the given Id

Raise: NullArgument – authorization_id is null

Raise: OperationFailed – unable to complete request

Raise: PermissionDenied – authorization failure

compliance: mandatory – This method must be implemented.

Vault.get_authorizations_by_ids(authorization_ids)¶

Gets an AuthorizationList corresponding to the given IdList.

In plenary mode, the returned list contains all of the authorizations specified in the Id list, in the order of the list, including duplicates, or an error results if an Id in the supplied list is not found or inaccessible. Otherwise, inaccessible Authorizations may be omitted from the list and may present the elements in any order including returning a unique set.

Parameters: authorization_ids (osid.id.IdList) – the list of Ids to retrieve

Returns: the returned Authorization list

Return type: osid.authorization.AuthorizationList

Raise: NotFound – an Id was not found

Raise: NullArgument – authorization_ids is null

Raise: OperationFailed – unable to complete request

Raise: PermissionDenied – authorization failure

compliance: mandatory – This method must be implemented.

Vault.get_authorizations_by_genus_type(authorization_genus_type)¶

Gets an AuthorizationList corresponding to the given authorization genus Type which does not include authorizations of genus types derived from the specified Type.

In plenary mode, the returned list contains all known authorizations or an error results. Otherwise, the returned list may contain only those authorizations that are accessible through this session.

Parameters: authorization_genus_type (osid.type.Type) – an authorization genus type

Returns: the returned Authorization list

Return type: osid.authorization.AuthorizationList

Raise: NullArgument – authorization_genus_type is null

Raise: OperationFailed – unable to complete request

Raise: PermissionDenied – authorization failure occurred

compliance: mandatory – This method must be implemented.

Vault.get_authorizations_by_parent_genus_type(authorization_genus_type)¶

Gets an AuthorizationList corresponding to the given authorization genus Type and include authorizations of genus types derived from the specified Type.

In plenary mode, the returned list contains all known authorizations or an error results. Otherwise, the returned list may contain only those authorizations that are accessible through this session.

Parameters: authorization_genus_type (osid.type.Type) – an authorization genus type

Returns: the returned Authorization list

Return type: osid.authorization.AuthorizationList

Raise: NullArgument – authorization_genus_type is null

Raise: OperationFailed – unable to complete request

Raise: PermissionDenied – authorization failure occurred

compliance: mandatory – This method must be implemented.

Vault.get_authorizations_by_record_type(authorization_record_type)¶

Gets an AuthorizationList containing the given authorization record Type.

In plenary mode, the returned list contains all known authorizations or an error results. Otherwise, the returned list may contain only those authorizations that are accessible through this session.

Parameters: authorization_record_type (osid.type.Type) – an authorization record type

Returns: the returned Authorization list

Return type: osid.authorization.AuthorizationList

Raise: NullArgument – authorization_record_type is null

Raise: OperationFailed – unable to complete request

Raise: PermissionDenied – authorization failure occurred

compliance: mandatory – This method must be implemented.

Vault.get_authorizations_on_date(from_, to)¶

Gets an AuthorizationList effective during the entire given date range inclusive but not confined to the date range.

Parameters:

from (osid.calendaring.DateTime) – starting date

to (osid.calendaring.DateTime) – ending date

Returns:
the returned Authorization list

Return type:
osid.authorization.AuthorizationList

Raise:
InvalidArgument – from is greater than to

Raise:
NullArgument – from or to is null

Raise:
OperationFailed – unable to complete request

Raise:
PermissionDenied – authorization failure occurred

compliance: mandatory – This method must be implemented.

Vault.get_authorizations_for_resource(resource_id)¶

Gets a list of Authorizations associated with a given resource.

Authorizations related to the given resource, including those related through an Agent, are returned. In plenary mode, the returned list contains all known authorizations or an error results. Otherwise, the returned list may contain only those authorizations that are accessible through this session.

Parameters: resource_id (osid.id.Id) – a resource Id

Returns: the returned Authorization list

Return type: osid.authorization.AuthorizationList

Raise: NullArgument – resource_id is null

Raise: OperationFailed – unable to complete request

Raise: PermissionDenied – authorization failure

compliance: mandatory – This method must be implemented.

Vault.get_authorizations_for_resource_on_date(resource_id, from_, to)¶

Gets an AuthorizationList effective during the entire given date range inclusive but not confined to the date range.

Authorizations related to the given resource, including those related through an Agent, are returned.

In plenary mode, the returned list contains all known authorizations or an error results. Otherwise, the returned list may contain only those authorizations that are accessible through this session.

In effective mode, authorizations are returned that are currently effective. In any effective mode, active authorizations and those currently expired are returned.

Parameters:

resource_id (osid.id.Id) – a resource Id

from (osid.calendaring.DateTime) – starting date

to (osid.calendaring.DateTime) – ending date

Returns:
the returned Authorization list

Return type:
osid.authorization.AuthorizationList

Raise:
InvalidArgument – from is greater than to

Raise:
NullArgument – resource_id, from or to is null

Raise:
OperationFailed – unable to complete request

Raise:
PermissionDenied – authorization failure occurred

compliance: mandatory – This method must be implemented.

Vault.get_authorizations_for_agent(agent_id)¶

Gets a list of Authorizations associated with a given agent.

In plenary mode, the returned list contains all known authorizations or an error results. Otherwise, the returned list may contain only those authorizations that are accessible through this session.

Parameters: agent_id (osid.id.Id) – an agent Id

Returns: the returned Authorization list

Return type: osid.authorization.AuthorizationList

Raise: NullArgument – agent_id is null

Raise: OperationFailed – unable to complete request

Raise: PermissionDenied – authorization failure

compliance: mandatory – This method must be implemented.

Vault.get_authorizations_for_agent_on_date(agent_id, from_, to)¶

Gets an AuthorizationList for the given agent and effective during the entire given date range inclusive but not confined to the date range.

Parameters:

agent_id (osid.id.Id) – an agent Id

from (osid.calendaring.DateTime) – starting date

to (osid.calendaring.DateTime) – ending date

Returns:
the returned Authorization list

Return type:
osid.authorization.AuthorizationList

Raise:
InvalidArgument – from is greater than to

Raise:
NullArgument – agent_id, from or to is null

Raise:
OperationFailed – unable to complete request

Raise:
PermissionDenied – authorization failure occurred

compliance: mandatory – This method must be implemented.

Vault.get_authorizations_for_function(function_id)¶

Gets a list of Authorizations associated with a given function.

In plenary mode, the returned list contains all known authorizations or an error results. Otherwise, the returned list may contain only those authorizations that are accessible through this session.

Parameters: function_id (osid.id.Id) – a function Id

Returns: the returned Authorization list

Return type: osid.authorization.AuthorizationList

Raise: NullArgument – function_id is null

Raise: OperationFailed – unable to complete request

Raise: PermissionDenied – authorization failure

compliance: mandatory – This method must be implemented.

Vault.get_authorizations_for_function_on_date(function_id, from_, to)¶

Gets an AuthorizationList for the given function and effective during the entire given date range inclusive but not confined to the date range.

Parameters:

function_id (osid.id.Id) – a function Id

from (osid.calendaring.DateTime) – starting date

to (osid.calendaring.DateTime) – ending date

Returns:
the returned Authorization list

Return type:
osid.authorization.AuthorizationList

Raise:
InvalidArgument – from is greater than to

Raise:
NullArgument – function_id, from or to is null

Raise:
OperationFailed – unable to complete request

Raise:
PermissionDenied – authorization failure occurred

compliance: mandatory – This method must be implemented.

Vault.get_authorizations_for_resource_and_function(resource_id, function_id)¶

Gets a list of Authorizations associated with a given resource.

Authorizations related to the given resource, including those related through an Agent, are returned. In plenary mode, the returned list contains all known authorizations or an error results. Otherwise, the returned list may contain only those authorizations that are accessible through this session.

Parameters:

resource_id (osid.id.Id) – a resource Id

function_id (osid.id.Id) – a function Id

Returns:
the returned Authorization list

Return type:
osid.authorization.AuthorizationList

Raise:
NullArgument – resource_id or function_id is null

Raise:
OperationFailed – unable to complete request

Raise:
PermissionDenied – authorization failure

compliance: mandatory – This method must be implemented.

Vault.get_authorizations_for_resource_and_function_on_date(resource_id, function_id, from_, to)¶

Gets an AuthorizationList effective during the entire given date range inclusive but not confined to the date range.

Authorizations related to the given resource, including those related through an Agent, are returned.

In plenary mode, the returned list contains all known authorizations or an error results. Otherwise, the returned list may contain only those authorizations that are accessible through this session.

In effective mode, authorizations are returned that are currently effective. In any effective mode, active authorizations and those currently expired are returned.

Parameters:

resource_id (osid.id.Id) – a resource Id

function_id (osid.id.Id) – a function Id

from (osid.calendaring.DateTime) – starting date

to (osid.calendaring.DateTime) – ending date

Returns:
the returned Authorization list

Return type:
osid.authorization.AuthorizationList

Raise:
InvalidArgument – from is greater than to

Raise:
NullArgument – resource_id, function_id, from or to is null

Raise:
OperationFailed – unable to complete request

Raise:
PermissionDenied – authorization failure occurred

compliance: mandatory – This method must be implemented.

Vault.get_authorizations_for_agent_and_function(agent_id, function_id)¶

Gets a list of Authorizations associated with a given agent.

Authorizations related to the given resource, including those related through an Agent, are returned. In plenary mode, the returned list contains all known authorizations or an error results. Otherwise, the returned list may contain only those authorizations that are accessible through this session.

Parameters:

agent_id (osid.id.Id) – an agent Id

function_id (osid.id.Id) – a function Id

Returns:
the returned Authorization list

Return type:
osid.authorization.AuthorizationList

Raise:
NullArgument – agent_id or function_id is null

Raise:
OperationFailed – unable to complete request

Raise:
PermissionDenied – authorization failure

compliance: mandatory – This method must be implemented.

Vault.get_authorizations_for_agent_and_function_on_date(agent_id, function_id, from_, to)¶

Gets an AuthorizationList for the given agent and effective during the entire given date range inclusive but not confined to the date range.

Parameters:

agent_id (osid.id.Id) – an agent Id

function_id (osid.id.Id) – a function Id

from (osid.calendaring.DateTime) – starting date

to (osid.calendaring.DateTime) – ending date

Returns:
the returned Authorization list

Return type:
osid.authorization.AuthorizationList

Raise:
InvalidArgument – from is greater than to

Raise:
NullArgument – agent_id, function_id, from or to is null

Raise:
OperationFailed – unable to complete request

Raise:
PermissionDenied – authorization failure occurred

compliance: mandatory – This method must be implemented.

Vault.get_authorizations_by_qualifier(qualifier_id)¶

Gets a list of Authorizations associated with a given qualifier.

In plenary mode, the returned list contains all known authorizations or an error results. Otherwise, the returned list may contain only those authorizations that are accessible through this session.

Parameters: qualifier_id (osid.id.Id) – a qualifier Id

Returns: the returned Authorization list

Return type: osid.authorization.AuthorizationList

Raise: NullArgument – qualifier_id is null

Raise: OperationFailed – unable to complete request

Raise: PermissionDenied – authorization failure

compliance: mandatory – This method must be implemented.

Vault.get_explicit_authorization(authorization_id)¶

Gets the explicit Authorization that generated the given implicit authorization.

If the given Authorization is explicit, then the same Authorization is returned.

Parameters: authorization_id (osid.id.Id) – an authorization

Returns: the explicit Authorization

Return type: osid.authorization.Authorization

Raise: NotFound – authorization_id is not found

Raise: NullArgument – authorization_id is null

Raise: OperationFailed – unable to complete request

Raise: PermissionDenied – authorization failure

compliance: mandatory – This method must be implemented.

Vault.authorizations¶

Geta all Authorizations.

In plenary mode, the returned list contains all known authorizations or an error results. Otherwise, the returned list may contain only those authorizations that are accessible through this session.

Returns: a list of Authorizations

Return type: osid.authorization.AuthorizationList

Raise: OperationFailed – unable to complete request

Raise: PermissionDenied – authorization failure

compliance: mandatory – This method must be implemented.

Authorization Query Methods¶

Vault.vault_id

Gets the Vault Id associated with this session.

Returns: the Vault Id associated with this session

Return type: osid.id.Id

compliance: mandatory – This method must be implemented.

Vault.vault

Gets the Vault associated with this session.

Returns: the Vault associated with this session

Return type: osid.authorization.Vault

Raise: OperationFailed – unable to complete request

Raise: PermissionDenied – authorization failure

compliance: mandatory – This method must be implemented.

Vault.can_search_authorizations()¶

Tests if this user can perform authorization searches.

A return of true does not guarantee successful authorization. A return of false indicates that it is known all methods in this session will result in a PermissionDenied. This is intended as a hint to an application that may opt not to offer search operations to unauthorized users.

Returns: false if search methods are not authorized, true otherwise

Return type: boolean

compliance: mandatory – This method must be implemented.

Vault.use_federated_vault_view()

Federates the view for methods in this session.

A federated view will include authorizations in vaults which are children of this vault in the vault hierarchy.

compliance: mandatory – This method is must be implemented.

Vault.use_isolated_vault_view()

Isolates the view for methods in this session.

An isolated view restricts searches to this vault only.

compliance: mandatory – This method is must be implemented.

Vault.use_implicit_authorization_view()

Sets the view for methods in this session to implicit authorizations.

An implicit view will include authorizations derived from other authorizations as a result of the Qualifier, Function or Resource hierarchies. This method is the opposite of explicit_aut

compliance: mandatory – This method is must be implemented.

Vault.use_explicit_authorization_view()

Sets the view for methods in this session to explicit authorizations.

An explicit view includes only those authorizations that were explicitly defined and not implied. This method is the opposite of implicitAuthorizationView().

compliance: mandatory – This method is must be implemented.

Vault.authorization_query¶

Gets an authorization query.

Returns: the authorization query

Return type: osid.authorization.AuthorizationQuery

compliance: mandatory – This method must be implemented.

Vault.get_authorizations_by_query(authorization_query)¶

Gets a list of Authorizations matching the given query.

Parameters: authorization_query (osid.authorization.AuthorizationQuery) – the authorization query

Returns: the returned AuthorizationList

Return type: osid.authorization.AuthorizationList

Raise: NullArgument – authorization_query is null

Raise: OperationFailed – unable to complete request

Raise: PermissionDenied – authorization failure

Raise: Unsupported – authorization_query is not of this service

compliance: mandatory – This method must be implemented.

Authorization Admin Methods¶

Vault.vault_id

Gets the Vault Id associated with this session.

Returns: the Vault Id associated with this session

Return type: osid.id.Id

compliance: mandatory – This method must be implemented.

Vault.vault

Gets the Vault associated with this session.

Returns: the Vault associated with this session

Return type: osid.authorization.Vault

Raise: OperationFailed – unable to complete request

Raise: PermissionDenied – authorization failure

compliance: mandatory – This method must be implemented.

Vault.can_create_authorizations()¶

Tests if this user can create Authorizations.

A return of true does not guarantee successful authorization. A return of false indicates that it is known all methods in this session will result in a PermissionDenied. This is intended as a hint to an application that may opt not to offer create operations to unauthorized users.

Returns: false if Authorization creation is not authorized, true otherwise

Return type: boolean

compliance: mandatory – This method must be implemented.

Vault.can_create_authorization_with_record_types(authorization_record_types)¶

Tests if this user can create a single Authorization using the desired record types.

While AuthorizationManager.getAuthorizationRecordTypes() can be used to examine which records are supported, this method tests which record(s) are required for creating a specific Authorization. Providing an empty array tests if an Authorization can be created with no records.

Parameters: authorization_record_types (osid.type.Type[]) – array of authorization record types

Returns: true if Authorization creation using the specified Types is supported, false otherwise

Return type: boolean

Raise: NullArgument – authorization_record_types is null

compliance: mandatory – This method must be implemented.

Vault.get_authorization_form_for_create_for_agent(agent_id, function_id, qualifier_id, authorization_record_types)¶

Gets the authorization form for creating new authorizations.

A new form should be requested for each create transaction.

Parameters:

agent_id (osid.id.Id) – the agent Id

function_id (osid.id.Id) – the function Id

qualifier_id (osid.id.Id) – the qualifier Id

authorization_record_types (osid.type.Type[]) – array of authorization record types

Returns:
the authorization form

Return type:
osid.authorization.AuthorizationForm

Raise:
NotFound – agent_id, function_id or qualifier_id is not found

Raise:
NullArgument – agent_id, function_id, qualifier_id or authorization_record_types is null

Raise:
OperationFailed – unable to complete request

Raise:
PermissionDenied – authorization failure

Raise:
Unsupported – unable to get form with requested record types

compliance: mandatory – This method must be implemented.

Vault.get_authorization_form_for_create_for_resource(resource_id, function_id, qualifier_id, authorization_record_types)¶

Gets the authorization form for creating new authorizations.

A new form should be requested for each create transaction.

Parameters:

resource_id (osid.id.Id) – the resource Id

function_id (osid.id.Id) – the function Id

qualifier_id (osid.id.Id) – the qualifier Id

authorization_record_types (osid.type.Type[]) – array of authorization record types

Returns:
the authorization form

Return type:
osid.authorization.AuthorizationForm

Raise:
NotFound – resource_id, function_id or qualifier_id is not found

Raise:
NullArgument – resource_id, function_id, qualifier_id, or authorization_record_types is null

Raise:
OperationFailed – unable to complete request

Raise:
PermissionDenied – authorization failure

Raise:
Unsupported – unable to get form with requested record types

compliance: mandatory – This method must be implemented.

Vault.get_authorization_form_for_create_for_resource_and_trust(resource_id, trust_id, function_id, qualifier_id, authorization_record_types)¶

Gets the authorization form for creating new authorizations.

A new form should be requested for each create transaction.

Parameters:

resource_id (osid.id.Id) – a resource Id

trust_id (osid.id.Id) – an Id for a circle of trust

function_id (osid.id.Id) – a function Id

qualifier_id (osid.id.Id) – the qualifier Id

authorization_record_types (osid.type.Type[]) – array of authorization record types

Returns:
the authorization form

Return type:
osid.authorization.AuthorizationForm

Raise:
NotFound – resource_id, trust_id, function_id , or qualifierid is not found

Raise:
NullArgument – resource_id, trust_id , resource_id, qualifier_id or authorization_record_types is null

Raise:
OperationFailed – unable to complete request

Raise:
PermissionDenied – authorization failure

Raise:
Unsupported – unable to get form with requested record types

compliance: mandatory – This method must be implemented.

Vault.create_authorization(authorization_form)¶

Creates a new explicit Authorization.

Parameters: authorization_form (osid.authorization.AuthorizationForm) – the authorization form

Returns: t he new Authorization

Return type: osid.authorization.Authorization

Raise: IllegalState – authorization_form already used in a create transaction

Raise: InvalidArgument – one or more of the form elements is invalid

Raise: NullArgument – authorization_form is null

Raise: OperationFailed – unable to complete request

Raise: PermissionDenied – authorization failure

Raise: Unsupported – authorization_form did not originate from this service

compliance: mandatory – This method must be implemented.

Vault.can_update_authorizations()¶

Tests if this user can update Authorizations.

A return of true does not guarantee successful authorization. A return of false indicates that it is known updating an Authorization will result in a PermissionDenied. This is intended as a hint to an application that may opt not to offer update operations to an unauthorized user.

Returns: false if authorization modification is not authorized, true otherwise

Return type: boolean

compliance: mandatory – This method must be implemented.

Vault.get_authorization_form_for_update(authorization_id)¶

Gets the authorization form for updating an existing authorization.

A new authorization form should be requested for each update transaction.

Parameters: authorization_id (osid.id.Id) – the Id of the Authorization

Returns: the authorization form

Return type: osid.authorization.AuthorizationForm

Raise: NotFound – authorization_id is not found

Raise: NullArgument – authorization_id is null

Raise: OperationFailed – unable to complete request

Raise: PermissionDenied – authorization failure

compliance: mandatory – This method must be implemented.

Vault.update_authorization(authorization_form)¶

Updates an existing authorization.

Parameters: authorization_form (osid.authorization.AuthorizationForm) – the authorization Id

Raise: IllegalState – authorization_form already used in an update transaction

Raise: InvalidArgument – one or more of the form elements is invalid

Raise: NullArgument – authorization_form is null

Raise: OperationFailed – unable to complete request

Raise: PermissionDenied – authorization failure

Raise: Unsupported – authorization_form did not originate from get_authorization_form_for_update()

compliance: mandatory – This method must be implemented.

Vault.can_delete_authorizations()¶

Tests if this user can delete Authorizations.

A return of true does not guarantee successful authorization. A return of false indicates that it is known deleting an Authorization will result in a PermissionDenied. This is intended as a hint to an application that may opt not to offer delete operations to an unauthorized user.

Returns: false if Authorization deletion is not authorized, true otherwise

Return type: boolean

compliance: mandatory – This method must be implemented.

Vault.delete_authorization(authorization_id)¶

Deletes the Authorization identified by the given Id.

Parameters: authorization_id (osid.id.Id) – the Id of the Authorization to delete

Raise: NotFound – an Authorization was not found identified by the given Id

Raise: NullArgument – authorization_id is null

Raise: OperationFailed – unable to complete request

Raise: PermissionDenied – authorization failure

compliance: mandatory – This method must be implemented.

Vault.can_manage_authorization_aliases()¶

Tests if this user can manage Id aliases for Authorizations.

A return of true does not guarantee successful authorization. A return of false indicates that it is known changing an alias will result in a PermissionDenied. This is intended as a hint to an application that may opt not to offer alias operations to an unauthorized user.

Returns: false if Authorization aliasing is not authorized, true otherwise

Return type: boolean

compliance: mandatory – This method must be implemented.

Vault.alias_authorization(authorization_id, alias_id)¶

Adds an Id to an Authorization for the purpose of creating compatibility.

The primary Id of the Authorization is determined by the provider. The new Id performs as an alias to the primary Id. If the alias is a pointer to another authorization. it is reassigned to the given authorization Id.

Parameters:

authorization_id (osid.id.Id) – the Id of an Authorization

alias_id (osid.id.Id) – the alias Id

Raise:
AlreadyExists – alias_id is already assigned

Raise:
NotFound – authorization_id not found

Raise:
NullArgument – authorization_id or alias_id is null

Raise:
OperationFailed – unable to complete request

Raise:
PermissionDenied – authorization failure

compliance: mandatory – This method must be implemented.