yasithdev opened a new pull request, #222:
URL: https://github.com/apache/airavata-portals/pull/222

   Replaces the portal's per-request sharing-registry group-membership lookup 
for `is_gateway_admin` / `is_read_only_gateway_admin` with local parsing of the 
JWT realm roles (`admin-rw` → gateway admin, `admin-ro` → read-only admin). 
Adds `KeycloakUser.realm_roles` and an `admin_flags_middleware` (replacing 
`gateway_groups_middleware`) so the session and bearer auth paths set the flags 
consistently, and removes the fragile two-call gRPC round-trip plus the 
`GATEWAY_GROUPS` session cache. Fine-grained per-entity sharing ACLs are 
unchanged; the group-listing facades (`get_gateway_groups`, 
`gm_get_all_groups_user_belongs`) remain for their legitimate uses.
   
   Test plan: with the realm granting `default-admin` the `admin-rw` role, a 
`default-admin` bearer request to an admin-gated endpoint now passes 
`IsInAdminsGroupPermission` (e.g. `GET /api/experiment-statistics/` returns 200 
instead of 403). A user without `admin-rw`/`admin-ro` resolves to non-admin.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to