Users:v2 expand access rights and user attributes

[obervinov]

Context For more flexible management of telegram bot users and their rights to the bot, it is necessary to expand user attributes, add additional methods for working with these attributes and rewrite existing class methods for a new model.

Data structure requirements

• role attributes (configuration)

  {'roles': ['role_admin', 'role_guest'']}

• rate limit attributes (configuration)

  {'requests': {'requests_per_day': 10, 'requests_per_hour': 1, 'random_shift_minutes': 15}}

• rate limit history (data)

  {'requests_ counters': {'requests_per_day': 9, 'requests_per_hour': 1}}

• rate limit applied (data)

  {'rate_limits': {'end_time': '2023-08-07 10:39:00.000000' }}

  Requirements

• [x] add a rate limit check method for an account: if rl is applied, return the end time, if not applied, none
• [x] the rights check method should accept user_id and role_name as input: return allowed if user_id contains role_name and denied if not
• [x] for the convenience of using the module by bots, select an entry point in a separate method that will immediately call all three methods: authentication(), authorization(), rl_controller() - aggregate the responses of these methods into a single dictionary and give in the response
• [x] if the authorization of the role and user was successful, write +1 request to the request counter
• [x] if the incoming role is startup, the rate limit counter should not be taken into account
• [x] if the hourly rate_limit + random_shift_minutes has expired, reset the hourly rate_limit counter

Data structure in vault For configuration:

• configuration/users/{user_id}:status -> authentication()
• configuration/users/{user_id}:roles -> authorization()
• configuration/users/{user_id}:requests -> rl_controller()

For dynamic data:

• data/users/{user_id}:requests_counters -> rl_controller()
• data/users/{user_id}:rate_limits -> rl_controller()
• data/users/{user_id}:authorization -> authorization()
• data/users/{user_id}:authentication -> authentication()

New methods:

• [x] user_access_check() - an entry point that aggregates function calls and responses for unification and ease of use in bots.
• [x] authentication() - method for checking user access rights to the bot
• [x] authorization() - method for checking access rights to a specific bot functionality (assigning roles)
• [x] rl_controller() - method for implementing request accounting and request rate limiting in the context of users

Documentation:

• [x] Assigning methods
• [x] General concept of the module
• [x] Configuration Structure
• [x] Persistent data structure
• [x] Usage examples
• [x] Diagram with the logic of the module
• [x] More information about vault client and module

[obervinov]

done https://github.com/obervinov/users-package/pull/24/commits/49119230afd84a13695c3d1297ce8d72c63cefc3 https://github.com/obervinov/users-package/pull/24/commits/ee18c20752d915e21938c5c6be5329861081dac3 https://github.com/obervinov/users-package/pull/24/commits/48966d496ff0b017b1790f191f3f7d18609aedab https://github.com/obervinov/users-package/pull/24/commits/0b2a79d00f3b63dce0fb03e6f89752ea3fa95ef6 https://github.com/obervinov/users-package/pull/24/commits/ec24cd1e58fd6e2b996997a3e621d700341fb070 https://github.com/obervinov/users-package/pull/24/commits/1cf6d6737c8dd96ffe49047005c7601a267ee14f https://github.com/obervinov/users-package/pull/24/commits/8d0a568b18e83254b645759d236ccd6e0b50ac88 https://github.com/obervinov/users-package/pull/24/commits/dd5163a7aca4fd72d4a97c8f4f753aa9cd842bc1