user-profile: add authorised-users field

[oliver-sanders]

Add a new field called "authorized users" (or similar) to the user-profile containing all users listed in the user's authentication config when running in multi-user mode.

This field will be used by the Cylc UI to allow quick access to the listed UI Servers via a user-name dropdown/filter box in the top-left of the UI.

Example:

   c.CylcUIServer.user_authorization = {
       "user1": ["read", "pause", "play"],
        "group:group1": ["read"],
   }

In multi-user mode (when the application class is CylcHubApp):

user_profile = {
    'kind': 'user',
    'name': 'me',
    'authorized users': ['user1'],

In single user mode:

user_profile = {
    'kind': 'user',
    'name': 'me',
    'authorized users': [],

Note, we don't need to check that the listed users are authorised, if they are not that will become obvious when the user tries to access their UIS.

Pull requests welcome!

[oliver-sanders]

Second thoughts after a chat with @datamel who pointed out the authorised users list isn't necessarily the most natural choice for this configuration.

Context:

The UI currently has a two boxes in the top left which will say something like my-username@development. The intention here was that these boxes would allow easy switching between UI servers and Hubs.

It should have the format <user>@<hub>.

• You might have two hubs, one for research and one for operations.
• You might want to look at other users UI servers if authorised.

Note that these hubs may not be on the same network and user names may differ.

Here's a revised proposal for a new configuration that configures both the hubs and users in one go:

<config-name> = {
    ('hub-one', 'https://hubone.com/cylc/'): [
        'user-a',
        'user-b',
    ],
    ('hub-two', 'https://two.hub/'): [
        'user-c',
    ]
}

<config-name> = {
    (<hub-name>, <hub-url>): [<user-name>...]
}

This should also provide a solution for #238 and #239.

Some of this should be set by the site, some of it should be set by the user. Needs a little more thought.

[datamel]

Yes thanks @oliver-sanders , sending authorized users across to the UI is not going to provide an accurate drop down box for the ui, since these are users who are able to access this ui-server (not users who the user is permitted to connect to).

With regards to the config suggested above, what if this config, listing possible combinations was set by site, and users just configured usernames they wish to access, the realms could then be auto-filled as a drop down in the ui?

[oliver-sanders]

It might make sense for the site to configure some of the users a well as the hubs.

For example:

<config-name> = {
     ('operations', 'https://cylc.operations'): [
         'operations-user'
    ]
}

[datamel]

Discussed in VC on 18/11/21. This should be configurable, by username. Pass this configurable list of usernames to the ui, to populate the drop down menu for users to access another ui-server.

[oliver-sanders]

This is trickier than anticipated, bumping to 1.x.