This is an automated email from the ASF dual-hosted git repository. machristie pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/airavata-django-portal.git
commit 43848871c7d55bc633352733af55acd99cac73a0 Author: Marcus Christie <[email protected]> AuthorDate: Wed Jul 24 11:38:00 2019 -0400 AIRAVATA-3177 Allow Read Only admins to see user mgmt screen --- django_airavata/apps/admin/apps.py | 3 ++- .../users/IdentityServiceUserManagementContainer.vue | 2 +- .../users/UnverifiedEmailUserManagementContainer.vue | 2 +- django_airavata/apps/api/serializers.py | 10 ++++++++++ .../api/static/django_airavata_api/js/models/IAMUserProfile.js | 5 +++-- .../js/models/UnverifiedEmailUserProfile.js | 1 + django_airavata/apps/api/view_utils.py | 9 +++++++-- 7 files changed, 25 insertions(+), 7 deletions(-) diff --git a/django_airavata/apps/admin/apps.py b/django_airavata/apps/admin/apps.py index d5d9b8b..91b3752 100644 --- a/django_airavata/apps/admin/apps.py +++ b/django_airavata/apps/admin/apps.py @@ -26,7 +26,8 @@ class AdminConfig(AiravataAppConfig): 'icon': 'fa fa-users', 'url': 'django_airavata_admin:users', 'active_prefixes': ['users'], - 'enabled': lambda req: req.is_gateway_admin, + 'enabled': lambda req: (req.is_gateway_admin or + req.is_read_only_gateway_admin), }, { 'label': 'Experiment Statistics', diff --git a/django_airavata/apps/admin/static/django_airavata_admin/src/components/users/IdentityServiceUserManagementContainer.vue b/django_airavata/apps/admin/static/django_airavata_admin/src/components/users/IdentityServiceUserManagementContainer.vue index 974468d..fc303d2 100644 --- a/django_airavata/apps/admin/static/django_airavata_admin/src/components/users/IdentityServiceUserManagementContainer.vue +++ b/django_airavata/apps/admin/static/django_airavata_admin/src/components/users/IdentityServiceUserManagementContainer.vue @@ -47,7 +47,7 @@ slot="action" slot-scope="data" > - <b-button @click="toggleDetails(data)"> + <b-button v-if="data.item.userHasWriteAccess" @click="toggleDetails(data)"> Edit </b-button> </template> diff --git a/django_airavata/apps/admin/static/django_airavata_admin/src/components/users/UnverifiedEmailUserManagementContainer.vue b/django_airavata/apps/admin/static/django_airavata_admin/src/components/users/UnverifiedEmailUserManagementContainer.vue index 606346e..f3e82b2 100644 --- a/django_airavata/apps/admin/static/django_airavata_admin/src/components/users/UnverifiedEmailUserManagementContainer.vue +++ b/django_airavata/apps/admin/static/django_airavata_admin/src/components/users/UnverifiedEmailUserManagementContainer.vue @@ -19,7 +19,7 @@ slot="action" slot-scope="data" > - <b-button @click="toggleDetails(data)"> + <b-button v-if="data.item.userHasWriteAccess" @click="toggleDetails(data)"> Edit </b-button> </template> diff --git a/django_airavata/apps/api/serializers.py b/django_airavata/apps/api/serializers.py index 39d7d9c..5ba819d 100644 --- a/django_airavata/apps/api/serializers.py +++ b/django_airavata/apps/api/serializers.py @@ -893,6 +893,7 @@ class IAMUserProfile(serializers.Serializer): view_name='django_airavata_api:iam-user-profile-detail', lookup_field='userId', lookup_url_kwarg='user_id') + userHasWriteAccess = serializers.SerializerMethodField() def update(self, instance, validated_data): existing_group_ids = [group.id for group in instance['groups']] @@ -903,6 +904,10 @@ class IAMUserProfile(serializers.Serializer): set(existing_group_ids) - set(new_group_ids)) return instance + def get_userHasWriteAccess(self, userProfile): + request = self.context['request'] + return request.is_gateway_admin + class AckNotificationSerializer(serializers.ModelSerializer): class Meta: @@ -944,6 +949,11 @@ class UnverifiedEmailUserProfile(serializers.Serializer): view_name='django_airavata_api:unverified-email-user-profile-detail', lookup_field='userId', lookup_url_kwarg='user_id') + userHasWriteAccess = serializers.SerializerMethodField() + + def get_userHasWriteAccess(self, userProfile): + request = self.context['request'] + return request.is_gateway_admin class LogRecordSerializer(serializers.Serializer): diff --git a/django_airavata/apps/api/static/django_airavata_api/js/models/IAMUserProfile.js b/django_airavata/apps/api/static/django_airavata_api/js/models/IAMUserProfile.js index 2b2e6f5..23d7dff 100644 --- a/django_airavata/apps/api/static/django_airavata_api/js/models/IAMUserProfile.js +++ b/django_airavata/apps/api/static/django_airavata_api/js/models/IAMUserProfile.js @@ -14,13 +14,14 @@ const FIELDS = [ "airavataUserProfileExists", { name: "creationTime", - type: 'date', + type: "date" }, { name: "groups", type: Group, list: true - } + }, + "userHasWriteAccess" ]; export default class IAMUserProfile extends BaseModel { diff --git a/django_airavata/apps/api/static/django_airavata_api/js/models/UnverifiedEmailUserProfile.js b/django_airavata/apps/api/static/django_airavata_api/js/models/UnverifiedEmailUserProfile.js index 1b1b59b..c190246 100644 --- a/django_airavata/apps/api/static/django_airavata_api/js/models/UnverifiedEmailUserProfile.js +++ b/django_airavata/apps/api/static/django_airavata_api/js/models/UnverifiedEmailUserProfile.js @@ -12,6 +12,7 @@ const FIELDS = [ name: "creationTime", type: 'date', }, + "userHasWriteAccess" ]; export default class UnverifiedEmailUserProfile extends BaseModel { diff --git a/django_airavata/apps/api/view_utils.py b/django_airavata/apps/api/view_utils.py index 3ad0e34..7886ff3 100644 --- a/django_airavata/apps/api/view_utils.py +++ b/django_airavata/apps/api/view_utils.py @@ -197,7 +197,12 @@ def convert_utc_iso8601_to_date(iso8601_utc_string): class IsInAdminsGroupPermission(permissions.BasePermission): - message = "User must be member of the Admins group." + message = "User must be member of the Admins or Read Only Admins groups." def has_permission(self, request, view): - return request.is_gateway_admin + # Read Only Admins can make GET requests only + if request.method in permissions.SAFE_METHODS: + return (request.is_gateway_admin or + request.is_read_only_gateway_admin) + else: + return request.is_gateway_admin
