Models

This section lists all database models currently used in the application. Since SQLAlchemy is used as an ORM, all database models have corresponding Python classes.

General

class kadi.lib.api.models.AccessToken(**kwargs)[source]

Bases: kadi.lib.utils.SimpleReprMixin, sqlalchemy.orm.decl_api.Model

Model to represent personal access tokens.

class Meta[source]

Bases: object

Container to store meta class attributes.

representation = ['id', 'user_id', 'name']

See SimpleReprMixin.

check_constraints = {'name': {'length': {'max': 150}}}

See kadi.lib.db.generate_check_constraints().

id

The ID of the access token, auto incremented.

user_id

The ID of the user the access token belongs to.

name

The name of the access token.

Restricted to a maximum length of 150 characters.

token_hash

The actual, hashed token.

created_at

The date and time the token was created at.

expires_at

The optional date and time the token expires in.

last_used

The date and time the token was last used.

property is_expired

Check if the access token is expired.

static new_token(num_bytes=24)[source]

Create a new random token.

Parameters

num_bytes – (optional) The number of bytes the generated token should have.

Returns

The hexadecimal string representation of the generated bytes.

static hash_token(token)[source]

Create a secure hash of a token.

Simply uses SHA256 to hash the token, which should be enough in this case since the tokens themselves are randomly generated.

Parameters

token – The token to hash.

Returns

The hexadecimal string representation of the hash.

classmethod get_by_token(token)[source]

Get an access token object from the database using a token.

Parameters

token – The token to search for.

Returns

The access token object or None.

classmethod create(*, user, name, expires_at=None, token=None)[source]

Create a new access token and add it to the database session.

Parameters
  • user – The user the access token should belong to.

  • name – The access token’s name.

  • expires_at – (optional) The access token’s expiration date.

  • token – (optional) The actual token, which will be hashed before persisting. Defaults to a token created by new_token().

Returns

The new AccessToken object.

set_token(token)[source]

Set an access token’s actual token.

Parameters

token – The token, which will be hashed before persisting.

class kadi.lib.api.models.AccessTokenScope(**kwargs)[source]

Bases: kadi.lib.utils.SimpleReprMixin, sqlalchemy.orm.decl_api.Model

Model to represent access token scopes.

class Meta[source]

Bases: object

Container to store meta class attributes.

representation = ['id', 'access_token_id', 'object', 'action']

See SimpleReprMixin.

id

The ID of the scope, auto incremented.

access_token_id

The ID of the access token the scope belongs to.

object

The object the action of the scope relates to.

action

The action the scope allows to do related to its object.

classmethod create(*, access_token, object, action)[source]

Create a new access token scope and add it to the database session.

Parameters
  • access_token – The access token the scope should belong to.

  • object – The object of the scope.

  • action – The action of the scope.

Returns

The new AccessTokenScope object.

class kadi.lib.licenses.models.License(**kwargs)[source]

Bases: kadi.lib.utils.SimpleReprMixin, sqlalchemy.orm.decl_api.Model

Model to represent licenses.

class Meta[source]

Bases: object

Container to store meta class attributes.

representation = ['id', 'name']

See SimpleReprMixin.

id

The ID of the license, auto incremented.

name

The unique name of the license.

title

The title of the license.

url

The optional URL of the license.

classmethod create(*, name, title, url=None)[source]

Create a new license and add it to the database session.

Parameters
  • name – The name of the license.

  • title – The title of the license.

  • url – (optional) The URL of the license.

Returns

The new License object.

class kadi.lib.oauth.models.OAuth2Token(**kwargs)[source]

Bases: kadi.lib.utils.SimpleReprMixin, sqlalchemy.orm.decl_api.Model

Model to represent OAuth2 bearer tokens.

Note that this model uses encrypted fields and can potentially raise a KadiDecryptionKeyError when a value cannot be decrypted.

class Meta[source]

Bases: object

Container to store meta class attributes.

representation = ['id', 'user_id', 'name']

See SimpleReprMixin.

id

The ID of the token, auto incremented.

user_id

The ID of the user the token belongs to.

name

The name of the token.

access_token

The actual access token, stored encrypted.

refresh_token

The optional refresh token, stored encrypted.

expires_at

The optional expiration date and time of the access token.

property is_expired

Check if the OAuth2 token is expired.

to_token()[source]

Convert the OAuth2 token in a format usable by an Authlib client.

Returns

A dictionary representation of the OAuth2 token.

classmethod create(*, user, name, access_token, refresh_token=None, expires_at=None)[source]

Create a new OAuth2 bearer token and add it to the database session.

Parameters
  • user – The user the token should belong to.

  • name – The name of the token.

  • access_token – The actual access token.

  • refresh_token – (optional) The refresh token.

  • expires_at – (optional) The expiration date and time of the access token.

Returns

The new OAuth2Token object.

class kadi.lib.revisions.models.Revision(**kwargs)[source]

Bases: kadi.lib.utils.SimpleReprMixin, sqlalchemy.orm.decl_api.Model

Model to represent general revision metadata.

The actual revision models are created dynamically instead and linked to this model. See kadi.lib.revisions.core.setup_revisions().

class Meta[source]

Bases: object

Container to store meta class attributes.

representation = ['id', 'user_id', 'timestamp']

See SimpleReprMixin.

id

The ID of the revision, auto incremented.

user_id

The ID of the user that triggered the revision.

timestamp

The timestamp of the revision.

classmethod create(*, user)[source]

Create a new revision and add it to the database session.

Parameters

user – The user that triggered the revision.

Returns

The new Revision object.

class kadi.lib.tags.models.Tag(**kwargs)[source]

Bases: kadi.lib.utils.SimpleReprMixin, sqlalchemy.orm.decl_api.Model

Model to represent object tags.

class Meta[source]

Bases: object

Container to store meta class attributes.

representation = ['id', 'name']

See SimpleReprMixin.

check_constraints = {'name': {'length': {'max': 50}}}

See kadi.lib.db.generate_check_constraints().

id

The ID of the tag, auto incremented.

name

The unique name of the tag.

Restricted to a maximum length of 50 characters.

classmethod create(*, name)[source]

Create a new tag and add it to the database session.

Parameters

name – The name of the tag.

Returns

The new Tag object.

classmethod get_or_create(name)[source]

Return an existing tag or create one if it does not exist yet.

Parameters

name – The name of the tag.

Returns

The new or existing Tag object.

class kadi.lib.tasks.models.Task(**kwargs)[source]

Bases: kadi.lib.utils.SimpleReprMixin, kadi.lib.db.TimestampMixin, sqlalchemy.orm.decl_api.Model

Model to represent tasks.

class Meta[source]

Bases: object

Container to store meta class attributes.

representation = ['id', 'user_id', 'name', 'state']

See SimpleReprMixin.

check_constraints = {'progress': {'range': {'max': 100, 'min': 0}}, 'state': {'values': ['pending', 'running', 'revoked', 'success', 'failure']}}

See kadi.lib.db.generate_check_constraints().

id

The ID of the task, auto incremented.

user_id

The ID of the user that started the task.

name

The name/type of the task.

arguments

The arguments of the task.

Stored in the following form as JSON:

{
    "args": ["value_1"],
    "kwargs": {"arg_2": "value_2"},
}
progress

The progress of the task.

Needs to be an integer value between 0 and 100.

created_at

The date and time an object has been created at.

Always uses the current UTC time.

last_modified

The date and time an object was last modified.

After calling register_timestamp_listener() this timestamp will automatically get updated if any column (including multivalued relationships) of the model using this mixin is updated. Always uses the current UTC time as initial value.

result

The optional result of the task, depending on the type of task.

state

The state of the task.

One of "pending", "running", "revoked", "success" or "failure".

property is_revoked

Check if a task is revoked.

Will always refresh the task object to get up to date values, as revoking usually happens outside the current database session context (e.g. in another process).

property pretty_state

Return the state of a task in a human-readable and translated format.

classmethod create(*, creator, name, args=None, kwargs=None, state='pending')[source]

Create a new task and add it to the database session.

Parameters
  • creator – The user that started the task.

  • name – The name/type of the task.

  • args – (optional) The positional arguments of the task as list.

  • kwargs – (optional) The keyword arguments of the task as dictionary.

  • state – (optional) The state of the task.

Returns

The new Task object.

revoke()[source]

Revoke a task.

Changes the task’s state to "revoked" if the task is still "pending" or "running".

update_progress(percent)[source]

Update a tasks progress.

Parameters

percent – The progress in percent, which needs to be an integer or float value between 0 and 100.

Modules

class kadi.modules.accounts.models.User(**kwargs)[source]

Bases: kadi.lib.utils.SimpleReprMixin, kadi.lib.db.TimestampMixin, flask_login.mixins.UserMixin, sqlalchemy.orm.decl_api.Model

Model to represent users.

In general, every resource that a user “owns” should be linked to this model. Each user can also potentially have multiple identities associated with it, all pointing to the same user.

class Meta[source]

Bases: object

Container to store meta class attributes.

representation = ['id', 'new_user_id', 'latest_identity_id', 'is_sysadmin', 'state']

See SimpleReprMixin.

check_constraints = {'about': {'length': {'max': 10000}}, 'state': {'values': ['active', 'inactive', 'deleted']}}

See kadi.lib.db.generate_check_constraints().

id

The ID of the user, auto incremented.

about

Additional personal information.

Restricted to a maximum length of 10000 characters.

image_name

The optional name of a user’s profile image.

This name is used to build the local file path (inside MISC_UPLOADS_PATH) where the actual image is stored.

email_is_private

Flag indicating whether a user’s email address is private.

A private email is only visible to the user themselves, while a public one is visible to every logged in user.

new_user_id

Points to a new user ID when the user was merged with another one.

latest_identity_id

Points to the ID of the latest identity the user logged in with.

is_sysadmin

Flag indicating whether a user is a system administrator.

System administrators are allowed to perform certain administrative actions separately from any permissions.

state

The state of the user.

One of "active", "inactive" or "deleted".

property is_merged

Check if a user was merged.

property email_confirmed

Check if a local user’s email is confirmed.

This is the case if the user’s current identity is not of type “local” or if their email address was confirmed.

property needs_email_confirmation

Check if a user needs email confirmation.

This is the case if the user’s email has not yet been confirmed and email confirmation is required by the local authentication provider.

classmethod create(state='active')[source]

Create a new user and add it to the database session.

Parameters

state – (optional) The state of the user.

Returns

The new User object.

created_at

The date and time an object has been created at.

Always uses the current UTC time.

last_modified

The date and time an object was last modified.

After calling register_timestamp_listener() this timestamp will automatically get updated if any column (including multivalued relationships) of the model using this mixin is updated. Always uses the current UTC time as initial value.

class kadi.modules.accounts.models.Identity(**kwargs)[source]

Bases: kadi.lib.utils.SimpleReprMixin, kadi.lib.db.TimestampMixin, sqlalchemy.orm.decl_api.Model

Model to represent base identities.

This model uses its type column to specify different types of identities. Each specific identity (i.e. each subclass of this model) needs at least a unique username, a displayname and an email column.

class Meta[source]

Bases: object

Container to store meta class attributes.

representation = ['id', 'user_id', 'type']

See SimpleReprMixin.

id

The ID of the identity, auto incremented.

user_id

The ID of the user the identity belongs to.

type

The identity type.

Used by SQLAlchemy to distinguish between different identity types and to automatically select from the correct identity table using joined table inheritance.

created_at

The date and time an object has been created at.

Always uses the current UTC time.

last_modified

The date and time an object was last modified.

After calling register_timestamp_listener() this timestamp will automatically get updated if any column (including multivalued relationships) of the model using this mixin is updated. Always uses the current UTC time as initial value.

class kadi.modules.accounts.models.LocalIdentity(**kwargs)[source]

Bases: kadi.modules.accounts.models.Identity

Model to represent local identities.

class Meta[source]

Bases: object

Container to store meta class attributes.

representation = ['id', 'username', 'email']

See SimpleReprMixin.

identity_type = {'name': l'Local', 'type': 'local'}

The type and full name of the identity.

check_constraints = {'displayname': {'length': {'max': 150}}, 'email': {'length': {'max': 256}}, 'username': {'length': {'max': 50, 'min': 3}}}

See kadi.lib.db.generate_check_constraints().

id

The ID of the local identity and of the associated identity.

username

Unique username.

Restricted to a minimum length of 3 and a maximum length of 50 characters.

email

Email address.

Restricted to a maximum length of 256 characters.

displayname

Display name.

Restricted to a maximum length of 150 characters.

password_hash

Hashed password using PBKDF2 with SHA256 and a salt of 8 chars.

email_confirmed

Indicates whether the user’s email has been confirmed or not.

classmethod decode_email_confirmation_token(token)[source]

Decode the given JWT of type “email_confirmation”.

Parameters

token – The token to decode.

Returns

The tokens decoded payload or None if its type or the token itself is incorrect.

classmethod decode_password_reset_token(token)[source]

Decode the given JWT of type “password_reset”.

Parameters

token – The token to decode.

Returns

The tokens decoded payload or None if its type or the token itself is incorrect.

classmethod create(*, user, username, email, displayname, password)[source]

Create a new local identity and add it to the database session.

Parameters
  • user – The user the identity should belong to.

  • username – The identity’s unique username.

  • email – The identity’s email.

  • displayname – The identity’s display name.

  • password – The identity’s password, which will be hashed securely before persisting.

Returns

The new LocalIdentity object.

set_password(password)[source]

Set an identity’s password.

Parameters

password – The password, which will be hashed securely before persisting.

check_password(password)[source]

Check if an identity’s password matches the given password.

The given password will be hashed and checked against the stored password hash.

Parameters

password – The password to check.

Returns

True if the passwords match, False otherwise.

get_email_confirmation_token(email=None)[source]

Create a new JWT of type “email_confirmation”.

Parameters

email – (optional) An email to include in the payload, which can be used to change an identity’s email on confirmation. Defaults to the identity’s current email.

Returns

The encoded token.

get_password_reset_token()[source]

Create a new JWT of type “password_reset”.

Returns

The encoded token.

created_at

The date and time an object has been created at.

Always uses the current UTC time.

last_modified

The date and time an object was last modified.

After calling register_timestamp_listener() this timestamp will automatically get updated if any column (including multivalued relationships) of the model using this mixin is updated. Always uses the current UTC time as initial value.

class kadi.modules.accounts.models.LDAPIdentity(**kwargs)[source]

Bases: kadi.modules.accounts.models.Identity

Model to represent LDAP identities.

class Meta[source]

Bases: object

Container to store meta class attributes.

representation = ['id', 'username', 'email']

See SimpleReprMixin.

identity_type = {'name': l'LDAP', 'type': 'ldap'}

The type and full name of the identity.

check_constraints = {'displayname': {'length': {'max': 150}}}

See kadi.lib.db.generate_check_constraints().

created_at

The date and time an object has been created at.

Always uses the current UTC time.

last_modified

The date and time an object was last modified.

After calling register_timestamp_listener() this timestamp will automatically get updated if any column (including multivalued relationships) of the model using this mixin is updated. Always uses the current UTC time as initial value.

id

The ID of the LDAP identity and of the associated identity.

username

Unique username.

email

Email address.

displayname

Display name.

Restricted to a maximum length of 150 characters.

classmethod create(*, user, username, email, displayname)[source]

Create a new LDAP identity and add it to the database session.

Parameters
  • user – The user the identity should belong to.

  • username – The identity’s unique username.

  • email – The identity’s email.

  • displayname – The identity’s display name.

Returns

The new LDAPIdentity object.

class kadi.modules.accounts.models.ShibIdentity(**kwargs)[source]

Bases: kadi.modules.accounts.models.Identity

Model to represent Shibboleth identities.

created_at

The date and time an object has been created at.

Always uses the current UTC time.

last_modified

The date and time an object was last modified.

After calling register_timestamp_listener() this timestamp will automatically get updated if any column (including multivalued relationships) of the model using this mixin is updated. Always uses the current UTC time as initial value.

class Meta[source]

Bases: object

Container to store meta class attributes.

representation = ['id', 'username', 'email']

See SimpleReprMixin.

identity_type = {'name': l'Shibboleth', 'type': 'shib'}

The type and full name of the identity.

check_constraints = {'displayname': {'length': {'max': 150}}}

See kadi.lib.db.generate_check_constraints().

id

The ID of the Shibboleth identity and of the associated identity.

username

Unique username.

email

Email address.

displayname

Display name.

Restricted to a maximum length of 150 characters.

classmethod create(*, user, username, email, displayname)[source]

Create a new Shibboleth identity and add it to the database session.

Parameters
  • user – The user the identity should belong to.

  • username – The identity’s unique username.

  • email – The identity’s email.

  • displayname – The identity’s display name.

Returns

The new ShibIdentity object.

class kadi.modules.collections.models.Collection(**kwargs)[source]

Bases: kadi.lib.utils.SimpleReprMixin, kadi.lib.search.core.SearchableMixin, kadi.lib.db.TimestampMixin, kadi.lib.tags.core.TaggingMixin, sqlalchemy.orm.decl_api.Model

Model to represent record collections.

class Meta[source]

Bases: object

Container to store meta class attributes.

representation = ['id', 'user_id', 'parent_id', 'identifier', 'visibility', 'state']

See SimpleReprMixin.

search_mapping = 'kadi.modules.collections.mappings.CollectionMapping'

See SearchableMixin.

revision = ['identifier', 'title', 'description', 'visibility', 'state', 'tags[name]']

See kadi.lib.revisions.core.setup_revisions().

permissions = {'actions': [('read', 'View this collection.'), ('update', 'Edit this collection.'), ('link', 'Manage links of this collection with other resources.'), ('permissions', 'Manage permissions of this collection.'), ('delete', 'Delete this collection.')], 'default_permissions': {'read': {'visibility': 'public'}}, 'global_actions': [('create', 'Create collections.'), ('read', 'View any collection.'), ('update', 'Edit any collection.'), ('link', 'Manage links of any collection with other resources.'), ('permissions', 'Manage permissions of any collection.'), ('delete', 'Delete any collection.')], 'roles': [('member', ['read']), ('editor', ['read', 'update', 'link']), ('admin', ['read', 'update', 'link', 'permissions', 'delete'])]}

Possible permissions and roles for collections.

See kadi.modules.permissions.

check_constraints = {'description': {'length': {'max': 10000}}, 'identifier': {'length': {'max': 50}}, 'state': {'values': ['active', 'deleted']}, 'title': {'length': {'max': 150}}, 'visibility': {'values': ['private', 'public']}}

See kadi.lib.db.generate_check_constraints().

id

The ID of the collection, auto incremented.

user_id

The ID of the user that created the collection.

parent_id

The optional ID of the parent collection.

identifier

The unique identifier of the collection.

Restricted to a maximum length of 50 characters.

created_at

The date and time an object has been created at.

Always uses the current UTC time.

last_modified

The date and time an object was last modified.

After calling register_timestamp_listener() this timestamp will automatically get updated if any column (including multivalued relationships) of the model using this mixin is updated. Always uses the current UTC time as initial value.

title

The title of the collection.

Restricted to a maximum length of 150 characters.

description

The description of the collection.

Restricted to a maximum length of 10000 characters.

plain_description

The plain description of the collection.

Equal to the normal description with the difference that most markdown is stripped out.

visibility

The default visibility of the collection.

One of "private" or "public".

state

The state of the collection.

One of "active" or "deleted".

classmethod create(*, creator, identifier, title, description='', plain_description='', visibility='private', state='active')[source]

Create a new collection and add it to the database session.

Parameters
  • creator – The user that created the collection.

  • identifier – The unique identifier of the collection.

  • title – The title of the collection.

  • description – (optional) The description of the collection.

  • plain_description – (optional) The plain description of the collection.

  • visibility – (optional) The default visibility of the collection.

  • state – (optional) The state of the collection.

Returns

The new Collection object.

class kadi.modules.groups.models.Group(**kwargs)[source]

Bases: kadi.lib.utils.SimpleReprMixin, kadi.lib.search.core.SearchableMixin, kadi.lib.db.TimestampMixin, sqlalchemy.orm.decl_api.Model

Model to represent user groups.

class Meta[source]

Bases: object

Container to store meta class attributes.

representation = ['id', 'user_id', 'identifier', 'visibility', 'state']

See SimpleReprMixin.

search_mapping = 'kadi.modules.groups.mappings.GroupMapping'

See SearchableMixin.

revision = ['identifier', 'title', 'description', 'visibility', 'state']

See kadi.lib.revisions.core.setup_revisions().

permissions = {'actions': [('read', 'View this group.'), ('update', 'Edit this group.'), ('members', 'Manage members of this group.'), ('delete', 'Delete this group.')], 'default_permissions': {'read': {'visibility': 'public'}}, 'global_actions': [('create', 'Create groups.'), ('read', 'View any group.'), ('update', 'Edit any group.'), ('members', 'Manage members of any group.'), ('delete', 'Delete any group.')], 'roles': [('member', ['read']), ('editor', ['read', 'update']), ('admin', ['read', 'update', 'members', 'delete'])]}

Possible permissions and roles for groups.

See kadi.modules.permissions.

check_constraints = {'description': {'length': {'max': 10000}}, 'identifier': {'length': {'max': 50}}, 'state': {'values': ['active', 'deleted']}, 'title': {'length': {'max': 150}}, 'visibility': {'values': ['private', 'public']}}

See kadi.lib.db.generate_check_constraints().

id

The ID of the group, auto incremented.

user_id

The ID of the user that created the group.

identifier

The unique identifier of the group.

Restricted to a maximum length of 50 characters.

title

The title of the group.

Restricted to a maximum length of 150 characters.

created_at

The date and time an object has been created at.

Always uses the current UTC time.

last_modified

The date and time an object was last modified.

After calling register_timestamp_listener() this timestamp will automatically get updated if any column (including multivalued relationships) of the model using this mixin is updated. Always uses the current UTC time as initial value.

description

The description of the group.

Restricted to a maximum length of 10000 characters.

plain_description

The plain description of the group.

Equal to the normal description with the difference that most markdown is stripped out.

image_name

The optional name of a groups’s profile image.

This name is used to build the local file path (inside MISC_UPLOADS_PATH) where the actual image is stored.

visibility

The default visibility of the group.

One of "private" or "public".

state

The state of the group.

One of "active" or "deleted".

classmethod create(*, creator, identifier, title, description='', plain_description='', visibility='private', state='active')[source]

Create a new group and add it to the database session.

Parameters
  • creator – The user that created the group.

  • identifier – The unique identifier of the group.

  • title – The title of the group.

  • description – (optional) The description of the group.

  • plain_description – (optional) The plain description of the group.

  • visibility – (optional) The default visibility of the group.

  • state – (optional) The state of the group.

Returns

The new Group object.

class kadi.modules.notifications.models.Notification(**kwargs)[source]

Bases: kadi.lib.utils.SimpleReprMixin, sqlalchemy.orm.decl_api.Model

Model to represent user notifications.

class Meta[source]

Bases: object

Container to store meta class attributes.

representation = ['id', 'user_id', 'name']

See SimpleReprMixin.

id

The ID of the notification, auto incremented.

user_id

The ID of the user that should receive the notification.

name

The name/type of the notification.

data

The data of the notification, depending on its type.

created_at

The date and time the notification was created at.

classmethod create(*, user, name, data=None)[source]

Create a new notification and add it to the database session.

Parameters
  • user – The user that should receive the notification.

  • name – The name/type of the notification.

  • data – (optional) The data of the notification.

Returns

The new Notification object.

class kadi.modules.permissions.models.Permission(**kwargs)[source]

Bases: kadi.lib.utils.SimpleReprMixin, sqlalchemy.orm.decl_api.Model

Model representing fine-grained permissions.

Each permission is associated with a specific type of object, a related action and optionally an ID referring to a specific object instance.

class Meta[source]

Bases: object

Container to store meta class attributes.

representation = ['id', 'action', 'object', 'object_id']

See SimpleReprMixin.

id

The ID of the permission, auto incremented.

action

The action the permission refers to with respect to its object type.

object

The type of object the permission refers to.

Currently always refers to a specific model, in which case the object type is equal to that model’s table name.

object_id

The ID of an object the permission refers to.

If not set, the permission counts for all object instances of its type.

classmethod create(*, action, object, object_id=None)[source]

Create a new permission and add it to the database session.

Parameters
  • action – The action the permission refers to.

  • object – The object the permission refers to.

  • object_id – (optional) The ID of an object.

Returns

The new Permission object.

class kadi.modules.permissions.models.Role(**kwargs)[source]

Bases: kadi.lib.utils.SimpleReprMixin, sqlalchemy.orm.decl_api.Model

Model representing roles.

A role is a grouping of multiple permissions. There are two kinds of roles specified through this model:

  • Roles belonging to a specific object instance. Both its object and object_id are set in this case and all permissions that belong to this role have to refer to the same object instance.

  • Global system roles. Both the object and object_id are not set in this case and the permissions that belong to this role can refer to multiple object types and instances (usually to all instances of a specific object type).

class Meta[source]

Bases: object

Container to store meta class attributes.

representation = ['id', 'name', 'object', 'object_id']

See SimpleReprMixin.

id

The ID of the role, auto incremented.

name

The name of the role.

object

The type of object the role refers to.

Currently always refers to a specific model, in which case the object type is equal to that model’s table name. If not set, object_id has to be None as well.

object_id

The ID of an object the role refers to.

If not set, the object has to be None as well.

classmethod create(*, name, object=None, object_id=None)[source]

Create a new role and add it to the database session.

Parameters
  • name – The name of the role.

  • object – (optional) The object the role refers to.

  • object_id – (optional) The ID of an object.

Returns

The new Role object.

class kadi.modules.permissions.models.RoleRule(**kwargs)[source]

Bases: kadi.lib.utils.SimpleReprMixin, kadi.lib.db.TimestampMixin, sqlalchemy.orm.decl_api.Model

Model to represent role rules.

Role rules can be used to automate permission management by automatically granting users or groups roles for different resources based on different conditions.

class Meta[source]

Bases: object

Container to store meta class attributes.

representation = ['id', 'role_id', 'type', 'condition']

See SimpleReprMixin.

created_at

The date and time an object has been created at.

Always uses the current UTC time.

last_modified

The date and time an object was last modified.

After calling register_timestamp_listener() this timestamp will automatically get updated if any column (including multivalued relationships) of the model using this mixin is updated. Always uses the current UTC time as initial value.

id

The ID of the role rule, auto incremented.

role_id

The ID of the role the role rule refers to.

type

The type of the role rule.

condition

The condition of the role rule, depending on its type.

classmethod create(*, role, type, condition)[source]

Create a new role rule and add it to the database session.

Parameters
  • role – The role the role rule refers to.

  • type – The type of the role rule.

  • condition – The condition of the role rule.

Returns

The new RoleRule object.

class kadi.modules.records.models.Record(**kwargs)[source]

Bases: kadi.lib.utils.SimpleReprMixin, kadi.lib.search.core.SearchableMixin, kadi.lib.db.TimestampMixin, kadi.lib.tags.core.TaggingMixin, sqlalchemy.orm.decl_api.Model

Model to represent records.

class Meta[source]

Bases: object

Container to store meta class attributes.

representation = ['id', 'user_id', 'identifier', 'visibility', 'state']

See SimpleReprMixin.

search_mapping = 'kadi.modules.records.mappings.RecordMapping'

See SearchableMixin.

revision = ['identifier', 'title', 'type', 'description', 'extras', 'visibility', 'state', 'license[name]', 'tags[name]']

See kadi.lib.revisions.core.setup_revisions().

permissions = {'actions': [('read', 'View this record and its files.'), ('update', 'Edit this record and its files.'), ('link', 'Manage links of this record with other resources.'), ('permissions', 'Manage permissions of this record.'), ('delete', 'Delete this record.')], 'default_permissions': {'read': {'visibility': 'public'}}, 'global_actions': [('create', 'Create records.'), ('read', 'View any record and its files.'), ('update', 'Edit any record and its files.'), ('link', 'Manage links of any record with other resources.'), ('permissions', 'Manage permissions of any record.'), ('delete', 'Delete any record.')], 'roles': [('member', ['read']), ('editor', ['read', 'update', 'link']), ('admin', ['read', 'update', 'link', 'permissions', 'delete'])]}

Possible permissions and roles for records.

See kadi.modules.permissions.

check_constraints = {'description': {'length': {'max': 10000}}, 'identifier': {'length': {'max': 50}}, 'state': {'values': ['active', 'deleted', 'purged']}, 'title': {'length': {'max': 150}}, 'type': {'length': {'max': 50}}, 'visibility': {'values': ['private', 'public']}}

See kadi.lib.db.generate_check_constraints().

id

The ID of the record, auto incremented.

user_id

The ID of the user that created the record.

identifier

The unique identifier of the record.

Restricted to a maximum length of 50 characters.

title

The title of the record.

Restricted to a maximum length of 150 characters.

type

The optional type of the record.

Restricted to a maximum length of 50 characters.

description

The description of the record.

Restricted to a maximum length of 10000 characters.

plain_description

The plain description of the record.

Equal to the normal description with the difference that most markdown is stripped out.

license_id

The ID of the optional license of the record.

extras

The extra metadata of the record.

The extras are stored in JSON format as an array of objects. Each object contains some or all of the following properties:

  • type: The type of the extra, which is always present and is one of "str", "int", "float", "bool", "date", "dict" or "list". Dictionaries and lists contain nested values, the only difference between these types is that list values have no keys.

  • key: The key of the extra as string, which needs to be unique inside each array. Except for list values, it always needs to be present.

  • value: The value of the extra depending on its type. Defaults to null for simple values and an empty array for nested types.

  • unit: The optional unit of the value, which is only present when the type is one of "int" or "float". Defaults to null.

  • validation: An object containing additional validation instructions for the values of non-nested types. Currently, "required" and "options" are supported.

visibility

The default visibility of the record.

One of "private" or "public".

state

The state of the record.

One of "active", "deleted" or "purged".

property active_files

Get all active files of a record as a query.

classmethod create(*, creator, identifier, title, type=None, description='', plain_description='', license=None, extras=None, visibility='private', state='active')[source]

Create a new record and add it to the database session.

Parameters
  • creator – The user that created the record.

  • identifier – The unique identifier of the record.

  • title – The title of the record.

  • type – (optional) The type of the record.

  • description – (optional) The description of the record.

  • plain_description – (optional) The plain description of the record.

  • license – (optional) The license of the record.

  • extras – (optional) The extra metadata of the record.

  • visibility – (optional) The default visibility of the record.

  • state – (optional) The state of the record.

Returns

The new Record object.

created_at

The date and time an object has been created at.

Always uses the current UTC time.

last_modified

The date and time an object was last modified.

After calling register_timestamp_listener() this timestamp will automatically get updated if any column (including multivalued relationships) of the model using this mixin is updated. Always uses the current UTC time as initial value.

Bases: kadi.lib.utils.SimpleReprMixin, kadi.lib.db.TimestampMixin, sqlalchemy.orm.decl_api.Model

Model to represent directional links between records containing metadata.

class Meta[source]

Bases: object

Container to store meta class attributes.

representation = ['id', 'name', 'record_from_id', 'record_to_id']

See SimpleReprMixin.

check_constraints = {'name': {'length': {'max': 150}}}

See kadi.lib.db.generate_check_constraints().

id

The ID of the link, auto incremented.

name

The name or type of the link.

Restricted to a maximum length of 150 characters.

record_from_id

The ID of the record the link points from.

record_to_id

The ID of the record the link points to.

classmethod create(*, name, record_from, record_to)[source]

Create a new record link and add it to the database session.

Parameters
  • name – The name or type of the link.

  • record_from – The record the link points from.

  • record_to – The record the link points to.

Returns

The new RecordLink object.

created_at

The date and time an object has been created at.

Always uses the current UTC time.

last_modified

The date and time an object was last modified.

After calling register_timestamp_listener() this timestamp will automatically get updated if any column (including multivalued relationships) of the model using this mixin is updated. Always uses the current UTC time as initial value.

class kadi.modules.records.models.File(**kwargs)[source]

Bases: kadi.lib.utils.SimpleReprMixin, kadi.lib.db.TimestampMixin, sqlalchemy.orm.decl_api.Model

Model to represent files belonging to records.

class Meta[source]

Bases: object

Container to store meta class attributes.

representation = ['id', 'user_id', 'record_id', 'name', 'size', 'mimetype', 'state']

See SimpleReprMixin.

revision = ['name', 'size', 'mimetype', 'checksum', 'state']

See kadi.lib.revisions.core.setup_revisions().

check_constraints = {'checksum': {'length': {'max': 256}}, 'mimetype': {'length': {'max': 256}}, 'name': {'length': {'max': 256}}, 'size': {'range': {'min': 0}}, 'state': {'values': ['active', 'inactive', 'deleted']}, 'storage_type': {'values': ['local']}}

See kadi.lib.db.generate_check_constraints().

id

The UUID of the file.

user_id

The ID of the user that created the file.

record_id

The ID of the record the file belongs to.

name

The name of the file.

Restricted to a maximum length of 256 characters.

size

The size of the file in bytes.

Must be a value >= 0.

checksum

MD5 checksum to verify the integrity of the file.

Restricted to a maximum length of 256 characters.

mimetype

Regular MIME type of the file, possibly user-provided.

Restricted to a maximum length of 256 characters.

magic_mimetype

MIME type based on magic numbers in a file’s content.

storage_type

Storage type of the file.

Currently only "local".

state

The state of the file.

One of "active", "inactive" or "deleted".

classmethod create(*, creator, record, name, size, checksum=None, mimetype='application/octet-stream', magic_mimetype=None, storage_type='local', state='inactive')[source]

Create a new file and add it to the database session.

Parameters
  • creator – The user that created the file.

  • record – The record the file belongs to.

  • name – The name of the file.

  • size – The size of the file in bytes.

  • checksum – (optional) The checksum of the file.

  • mimetype – (optional) The regular MIME type of the file.

  • magic_mimetype – (optional) The MIME type of the file based on its content.

  • storage_type – (optional) The storage type of the file.

  • state – (optional) The state of the file.

Returns

The new File object.

created_at

The date and time an object has been created at.

Always uses the current UTC time.

last_modified

The date and time an object was last modified.

After calling register_timestamp_listener() this timestamp will automatically get updated if any column (including multivalued relationships) of the model using this mixin is updated. Always uses the current UTC time as initial value.

class kadi.modules.records.models.TemporaryFile(**kwargs)[source]

Bases: kadi.lib.utils.SimpleReprMixin, kadi.lib.db.TimestampMixin, sqlalchemy.orm.decl_api.Model

Model to represent temporary files.

class Meta[source]

Bases: object

Container to store meta class attributes.

representation = ['id', 'user_id', 'record_id', 'type', 'name', 'size', 'mimetype', 'state']

See SimpleReprMixin.

check_constraints = {'mimetype': {'length': {'max': 256}}, 'name': {'length': {'max': 256}}, 'size': {'range': {'min': 0}}, 'state': {'values': ['active', 'inactive']}}

See kadi.lib.db.generate_check_constraints().

id

The UUID of the temporary file.

user_id

The ID of the user that created the temporary file.

record_id

The ID of the record the temporary file belongs to.

type

The optional type of the temporary file.

name

The name of the temporary file.

Restricted to a maximum length of 256 characters.

created_at

The date and time an object has been created at.

Always uses the current UTC time.

last_modified

The date and time an object was last modified.

After calling register_timestamp_listener() this timestamp will automatically get updated if any column (including multivalued relationships) of the model using this mixin is updated. Always uses the current UTC time as initial value.

size

The size of the temporary file in bytes.

Must be a value >= 0.

mimetype

MIME type of the temporary file.

Restricted to a maximum length of 256 characters.

state

The state of the temporary file.

One of "active" or "inactive".

classmethod create(*, creator, record, name, size, type=None, mimetype=None, state='inactive')[source]

Create a new temporary file and add it to the database session.

Parameters
  • creator – The user that created the temporary file.

  • record – The record the temporary file belongs to.

  • name – The name of the temporary file.

  • size – The size of the temporary file in bytes.

  • type – (optional) The type of the temporary file.

  • mimetype – (optional) The MIME type of the temporary file. Defaults to a MIME type based on the filename or "application/octet-stream" if it cannot be guessed.

  • state – (optional) The state of the temporary file.

Returns

The new TemporaryFile object.

class kadi.modules.records.models.Upload(**kwargs)[source]

Bases: kadi.lib.utils.SimpleReprMixin, kadi.lib.db.TimestampMixin, sqlalchemy.orm.decl_api.Model

Model to represent uploads of local files belonging to records.

created_at

The date and time an object has been created at.

Always uses the current UTC time.

last_modified

The date and time an object was last modified.

After calling register_timestamp_listener() this timestamp will automatically get updated if any column (including multivalued relationships) of the model using this mixin is updated. Always uses the current UTC time as initial value.

class Meta[source]

Bases: object

Container to store meta class attributes.

representation = ['id', 'user_id', 'record_id', 'file_id', 'name', 'chunk_count', 'size', 'mimetype', 'state']

See SimpleReprMixin.

check_constraints = {'checksum': {'length': {'max': 256}}, 'chunk_count': {'range': {'min': 1}}, 'mimetype': {'length': {'max': 256}}, 'name': {'length': {'max': 256}}, 'size': {'range': {'min': 0}}, 'state': {'values': ['active', 'inactive', 'processing']}}

See kadi.lib.db.generate_check_constraints().

id

The UUID of the upload.

user_id

The ID of the user that initiated the upload.

record_id

The ID of the record the upload belongs to.

file_id

The ID of a file to be overwritten the upload belongs to.

name

The filename of the upload.

Restricted to a maximum length of 256 characters.

chunk_count

Number of chunks an upload is split into.

Must be a value >= 1.

size

The total size of the upload in bytes.

Must be a value >= 0.

checksum

Optional MD5 checksum to verify the integrity of the upload.

Restricted to a maximum length of 256 characters.

mimetype

MIME type of the upload, possibly user-provided.

Restricted to a maximum length of 256 characters.

state

The state of the upload.

One of "active", "inactive" or "processing".

property active_chunks

Get all active chunks of an upload as query.

classmethod create(*, creator, record, name, size, file=None, chunk_count=None, checksum=None, mimetype='application/octet-stream', state='active')[source]

Create a new upload and add it to the database session.

Parameters
  • creator – The user that initiated the upload.

  • record – The record the upload belongs to.

  • name – The name of the upload.

  • size – The total size of the upload in bytes.

  • file – (optional) A file the upload should replace.

  • chunk_count – (optional) The number of chunks of the upload. If not provided explicitely it will be calculated based on the upload’s size and the chunk size configured in the application’s configuration.

  • checksum – (optional) The checksum of the upload.

  • mimetype – (optional) The MIME type of the upload.

  • state – The state of the upload.

Returns

The new Upload object.

class kadi.modules.records.models.Chunk(**kwargs)[source]

Bases: kadi.lib.utils.SimpleReprMixin, sqlalchemy.orm.decl_api.Model

Model to represent file chunks.

class Meta[source]

Bases: object

Container to store meta class attributes.

representation = ['id', 'upload_id', 'index', 'size', 'state']

See SimpleReprMixin.

check_constraints = {'index': {'range': {'min': 0}}, 'size': {'range': {'min': 0}}, 'state': {'values': ['active', 'inactive']}}

See kadi.lib.db.generate_check_constraints().

id

The ID of the chunk, auto incremented.

upload_id

The ID of the upload the chunk belongs to.

index

The index of the chunk inside its upload.

Must be a value >= 0.

size

The size of the chunk in bytes.

Must be a value >= 0.

state

The state of the chunk.

One of "active" or "inactive".

classmethod create(*, upload, index, size, state='inactive')[source]

Create a new chunk and add it to the database session.

Parameters
  • upload – The upload the chunk belongs to.

  • index – The index of the chunk.

  • size – The size of the chunk in bytes.

  • state – (optional) The state of the chunk.

Returns

The new Chunk object.

classmethod update_or_create(*, upload, index, size, state='inactive')[source]

Update an existing chunk or create one if it does not exist yet.

Parameters
  • upload – The upload the chunk belongs to.

  • index – The index of the chunk.

  • size – The size of the chunk in bytes.

  • state – (optional) The state of the chunk.

Returns

The new or updated Chunk object.

class kadi.modules.templates.models.Template(**kwargs)[source]

Bases: kadi.lib.utils.SimpleReprMixin, kadi.lib.db.TimestampMixin, sqlalchemy.orm.decl_api.Model

Model to represent generic templates.

class Meta[source]

Bases: object

Container to store meta class attributes.

representation = ['id', 'user_id', 'identifier', 'visibility', 'type']

See SimpleReprMixin.

permissions = {'actions': [('read', 'View this template.'), ('update', 'Edit this template.'), ('permissions', 'Manage permissions of this template.'), ('delete', 'Delete this template.')], 'default_permissions': {'read': {'visibility': 'public'}}, 'global_actions': [('create', 'Create templates.'), ('read', 'View any template.'), ('update', 'Edit any template.'), ('permissions', 'Manage permissions of any template.'), ('delete', 'Delete any template.')], 'roles': [('member', ['read']), ('editor', ['read', 'update']), ('admin', ['read', 'update', 'permissions', 'delete'])]}

Possible permissions and roles for templates.

See kadi.modules.permissions.

check_constraints = {'description': {'length': {'max': 10000}}, 'identifier': {'length': {'max': 50}}, 'title': {'length': {'max': 150}}, 'type': {'values': ['record', 'extras']}, 'visibility': {'values': ['private', 'public']}}

See kadi.lib.db.generate_check_constraints().

id

The ID of the template, auto incremented.

user_id

The ID of the user that created the template.

identifier

The unique identifier of the template.

Restricted to a maximum length of 50 characters.

title

The title of the template.

Restricted to a maximum length of 150 characters.

created_at

The date and time an object has been created at.

Always uses the current UTC time.

last_modified

The date and time an object was last modified.

After calling register_timestamp_listener() this timestamp will automatically get updated if any column (including multivalued relationships) of the model using this mixin is updated. Always uses the current UTC time as initial value.

description

The description of the template.

Restricted to a maximum length of 10000 characters.

plain_description

The plain description of the template.

Equal to the normal description with the difference that most markdown is stripped out.

visibility

The default visibility of the template.

One of "private" or "public".

type

The type of the template.

One of "record" or "extras".

data

The data of the template depending on its type.

For each of the template types, the data consists of:

  • "record": A JSON object containing all relevant record properties as keys with corresponding values. See also Record.

  • "extras": An array of JSON objects containing the extra metadata of a record. See also Record.extras.

classmethod create(*, creator, identifier, title, type, data, description='', plain_description='', visibility='private')[source]

Create a new template and add it to the database session.

Parameters
  • creator – The user that created the template.

  • identifier – The identifier of the template.

  • title – The title of the template.

  • type – The type of the template.

  • data – The data of the template.

  • description – (optional) The description of the template.

  • plain_description – (optional) The plain description of the template.

  • visibility – (optional) The default visibility of the template.

Returns

The new Template object.