This is an automated email from the ASF dual-hosted git repository. machristie pushed a commit to branch AIRAVATA-3682 in repository https://gitbox.apache.org/repos/asf/airavata-django-portal.git
commit a786ef7e839a99e61ecf83fcb92425a7c1348ef2 Author: Marcus Christie <[email protected]> AuthorDate: Tue Feb 21 11:07:04 2023 -0500 AIRAVATA-3682 Set admin group attributes when authenticating with token --- django_airavata/apps/api/authentication.py | 4 ++++ django_airavata/apps/auth/middleware.py | 26 +++++++++++++++----------- 2 files changed, 19 insertions(+), 11 deletions(-) diff --git a/django_airavata/apps/api/authentication.py b/django_airavata/apps/api/authentication.py index 9e12b941..226b5e58 100644 --- a/django_airavata/apps/api/authentication.py +++ b/django_airavata/apps/api/authentication.py @@ -3,6 +3,8 @@ import logging from django.contrib.auth import authenticate from rest_framework import authentication, exceptions +from django_airavata.apps.auth.middleware import set_admin_group_attributes + logger = logging.getLogger(__name__) @@ -18,6 +20,8 @@ class OAuthAuthentication(authentication.BaseAuthentication): _, token = request.META.get('HTTP_AUTHORIZATION').split() logger.debug(f"OAuthAuthentication authenticated user {user}") + # Set request attributes that are normally set by middleware + set_admin_group_attributes(request) return (user, token) except Exception as e: raise exceptions.AuthenticationFailed( diff --git a/django_airavata/apps/auth/middleware.py b/django_airavata/apps/auth/middleware.py index 8e374051..46a0d08a 100644 --- a/django_airavata/apps/auth/middleware.py +++ b/django_airavata/apps/auth/middleware.py @@ -31,6 +31,20 @@ def authz_token_middleware(get_response): return middleware +def set_admin_group_attributes(request, gateway_groups=None): + """Set is_gateway_admin and is_read_only_gateway_admin request attrs.""" + if gateway_groups is None: + gateway_groups = request.airavata_client.getGatewayGroups(request.authz_token) + admins_group_id = gateway_groups['adminsGroupId'] + read_only_admins_group_id = gateway_groups['readOnlyAdminsGroupId'] + group_manager_client = request.profile_service['group_manager'] + group_memberships = group_manager_client.getAllGroupsUserBelongs( + request.authz_token, request.user.username + "@" + settings.GATEWAY_ID) + group_ids = [group.id for group in group_memberships] + request.is_gateway_admin = admins_group_id in group_ids + request.is_read_only_gateway_admin = read_only_admins_group_id in group_ids + + def gateway_groups_middleware(get_response): """Add 'is_gateway_admin' and 'is_read_only_gateway_admin' to request.""" def middleware(request): @@ -52,17 +66,7 @@ def gateway_groups_middleware(get_response): request.authz_token) gateway_groups_dict = copy.deepcopy(gateway_groups.__dict__) request.session['GATEWAY_GROUPS'] = gateway_groups_dict - gateway_groups = request.session['GATEWAY_GROUPS'] - admins_group_id = gateway_groups['adminsGroupId'] - read_only_admins_group_id = gateway_groups['readOnlyAdminsGroupId'] - group_manager_client = request.profile_service[ - 'group_manager'] - group_memberships = group_manager_client.getAllGroupsUserBelongs( - request.authz_token, request.user.username + "@" + settings.GATEWAY_ID) - group_ids = [group.id for group in group_memberships] - request.is_gateway_admin = admins_group_id in group_ids - request.is_read_only_gateway_admin = \ - read_only_admins_group_id in group_ids + set_admin_group_attributes(request, request.session.get("GATEWAY_GROUPS")) # Gateway Admins are made 'superuser' in Django so they can edit # pages in the CMS if request.is_gateway_admin and (
