This is an automated email from the ASF dual-hosted git repository.
yasithdev pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airavata-portals.git
The following commit(s) were added to refs/heads/main by this push:
new f3545655d feat(portal): migrate project userHasWriteAccess to gRPC
sharing (Track D) (#161)
f3545655d is described below
commit f3545655de05a822da331ecd1a96f889008f6a76
Author: Yasith Jayawardana <[email protected]>
AuthorDate: Mon Jun 8 18:34:00 2026 -0400
feat(portal): migrate project userHasWriteAccess to gRPC sharing (Track D)
(#161)
Completes the de-Thrift of the projects read path: ProjectSerializer's
userHasWriteAccess now uses the gRPC sharing facade instead of the Thrift
request.airavata_client.userHasAccess. Adds a reusable
serializers.user_has_access
helper for the remaining families.
Format confirmed against the backend impl
(SharingGrpcService.userHasAccess):
permission_type is the ResourcePermissionType enum name ('WRITE'), and the
acting
user is taken from the authenticated token context server-side (the user_id
field
is passed for the facade signature but ignored). Runtime-validated against
the
live backend: user_has_access(resource_id, 'WRITE') -> True for the owner
(an
earlier 'gatewayId:WRITE' guess was rejected as an invalid enum constant).
---
.../django_airavata/apps/api/serializers.py | 19 +++++++++++++++----
1 file changed, 15 insertions(+), 4 deletions(-)
diff --git a/airavata-django-portal/django_airavata/apps/api/serializers.py
b/airavata-django-portal/django_airavata/apps/api/serializers.py
index 128d5b20b..658612f7b 100644
--- a/airavata-django-portal/django_airavata/apps/api/serializers.py
+++ b/airavata-django-portal/django_airavata/apps/api/serializers.py
@@ -80,6 +80,20 @@ from . import models, thrift_utils, view_utils
log = logging.getLogger(__name__)
+def user_has_access(request, resource_id, permission="WRITE"):
+ """gRPC sharing access check (Track D — replaces the Thrift userHasAccess).
+
+ ``permission`` is the ResourcePermissionType enum name (WRITE/READ/OWNER/
+ MANAGE_SHARING); the backend prefixes the gateway internally. The acting
user
+ is taken from the authenticated token context server-side, so ``user_id``
is
+ passed for the facade signature but ignored by the backend.
+ """
+ return request.airavata.sharing.user_has_access(
+ resource_id=resource_id,
+ user_id=request.user.username,
+ permission_type=permission)
+
+
class FullyEncodedHyperlinkedIdentityField(
serializers.HyperlinkedIdentityField):
def get_url(self, obj, view_name, request, format):
@@ -282,10 +296,7 @@ class ProjectSerializer(
return instance
def get_userHasWriteAccess(self, project):
- request = self.context['request']
- return request.airavata_client.userHasAccess(
- request.authz_token, project.projectID,
- ResourcePermissionType.WRITE)
+ return user_has_access(self.context['request'], project.projectID)
def get_isOwner(self, project):
request = self.context['request']
