yasithdev opened a new pull request, #222: URL: https://github.com/apache/airavata-portals/pull/222
Replaces the portal's per-request sharing-registry group-membership lookup for `is_gateway_admin` / `is_read_only_gateway_admin` with local parsing of the JWT realm roles (`admin-rw` → gateway admin, `admin-ro` → read-only admin). Adds `KeycloakUser.realm_roles` and an `admin_flags_middleware` (replacing `gateway_groups_middleware`) so the session and bearer auth paths set the flags consistently, and removes the fragile two-call gRPC round-trip plus the `GATEWAY_GROUPS` session cache. Fine-grained per-entity sharing ACLs are unchanged; the group-listing facades (`get_gateway_groups`, `gm_get_all_groups_user_belongs`) remain for their legitimate uses. Test plan: with the realm granting `default-admin` the `admin-rw` role, a `default-admin` bearer request to an admin-gated endpoint now passes `IsInAdminsGroupPermission` (e.g. `GET /api/experiment-statistics/` returns 200 instead of 403). A user without `admin-rw`/`admin-ro` resolves to non-admin. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
