aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorzsloan2020-06-17 16:28:15 -0500
committerzsloan2020-06-17 16:28:15 -0500
commitfcb3cb1105cf2a1d97c1a08fa636b118ed231ffa (patch)
treecab30579676503bef2596206684a66783bde6832
parent15f5df7fe795a32e2d61dd11f825e53b1a1175ec (diff)
downloadgenenetwork2-authentication_test.tar.gz
A user's id is now set as a parameter if it doesn't already existauthentication_test
-rw-r--r--wqflask/maintenance/set_resource_defaults.py8
-rw-r--r--wqflask/utility/authentication_tools.py30
-rw-r--r--wqflask/utility/redis_tools.py4
-rw-r--r--wqflask/wqflask/group_manager.py4
-rw-r--r--wqflask/wqflask/templates/admin/group_manager.html16
5 files changed, 36 insertions, 26 deletions
diff --git a/wqflask/maintenance/set_resource_defaults.py b/wqflask/maintenance/set_resource_defaults.py
index 344e6a23..0c221bbf 100644
--- a/wqflask/maintenance/set_resource_defaults.py
+++ b/wqflask/maintenance/set_resource_defaults.py
@@ -27,8 +27,9 @@ sys.path.insert(0,'./')
# NEW: import app to avoid a circular dependency on utility.tools
from wqflask import app
+from utility import hmac
from utility.tools import SQL_URI
-from utility.redis_tools import get_redis_conn, get_user_id, add_resource, get_resources
+from utility.redis_tools import get_redis_conn, get_user_id, add_resource, get_resources, get_resource_info
Redis = get_redis_conn()
import MySQLdb
@@ -117,7 +118,7 @@ def insert_geno_resources(default_owner_id):
resource_ob = {}
resource_ob['name'] = resource[1]
if resource[1] == "HET3-ITPGeno":
- resource_ob['owner_id'] = "73a3f093-ca13-4ae0-a179-9a446f709f6e"
+ resource_ob['owner_id'] = "c5ce8c56-78a6-474f-bcaf-7129d97f56ae"
else:
resource_ob['owner_id'] = default_owner_id
resource_ob['data'] = { "dataset" : str(resource[0]) }
@@ -145,7 +146,8 @@ def main():
Redis.delete("resources")
- owner_id = get_user_id("email_address", "zachary.a.sloan@gmail.com")
+ owner_id = "c5ce8c56-78a6-474f-bcaf-7129d97f56ae"
+
insert_resources(owner_id)
if __name__ == '__main__':
diff --git a/wqflask/utility/authentication_tools.py b/wqflask/utility/authentication_tools.py
index 07ceacc0..dfa0e2d9 100644
--- a/wqflask/utility/authentication_tools.py
+++ b/wqflask/utility/authentication_tools.py
@@ -7,6 +7,7 @@ from base import data_set
from utility import hmac
from utility.redis_tools import get_redis_conn, get_resource_info, get_resource_id
+Redis = get_redis_conn()
from flask import Flask, g, redirect, url_for
@@ -14,8 +15,12 @@ import logging
logger = logging.getLogger(__name__ )
def check_resource_availability(dataset, trait_id=None):
- resource_id = get_resource_id(dataset, trait_id)
+ #ZS: Check if super-user - we should probably come up with some way to integrate this into the proxy
+ if g.user_session.user_id in Redis.smembers("super_users"):
+ return "edit"
+
+ resource_id = get_resource_id(dataset, trait_id)
response = None
if resource_id:
resource_info = get_resource_info(resource_id)
@@ -68,19 +73,16 @@ def check_owner(dataset=None, trait_id=None, resource_id=None):
return False
def check_owner_or_admin(dataset=None, trait_id=None, resource_id=None):
- if resource_id:
- resource_info = get_resource_info(resource_id)
- if g.user_session.user_id == resource_info['owner_id']:
- return [resource_id, "owner"]
- else:
- return [resource_id, check_admin(resource_id)]
- else:
+ if not resource_id:
resource_id = get_resource_id(dataset, trait_id)
- if resource_id:
- resource_info = get_resource_info(resource_id)
- if g.user_session.user_id == resource_info['owner_id']:
- return [resource_id, "owner"]
- else:
- return [resource_id, check_admin(resource_id)]
+
+ if g.user_session.user_id in Redis.smembers("super_users"):
+ return [resource_id, "owner"]
+
+ resource_info = get_resource_info(resource_id)
+ if g.user_session.user_id == resource_info['owner_id']:
+ return [resource_id, "owner"]
+ else:
+ return [resource_id, check_admin(resource_id)]
return [resource_id, "not-admin"] \ No newline at end of file
diff --git a/wqflask/utility/redis_tools.py b/wqflask/utility/redis_tools.py
index c6d221ff..9d09a66b 100644
--- a/wqflask/utility/redis_tools.py
+++ b/wqflask/utility/redis_tools.py
@@ -30,6 +30,7 @@ def is_redis_available():
def get_user_id(column_name, column_value):
user_list = Redis.hgetall("users")
+ key_list = []
for key in user_list:
user_ob = json.loads(user_list[key])
if column_name in user_ob and user_ob[column_name] == column_value:
@@ -62,6 +63,9 @@ def get_users_like_unique_column(column_name, column_value):
if column_name != "user_id":
for key in user_list:
user_ob = json.loads(user_list[key])
+ if "user_id" not in user_ob:
+ set_user_attribute(key, "user_id", key)
+ user_ob["user_id"] = key
if column_name in user_ob:
if column_value in user_ob[column_name]:
matched_users.append(user_ob)
diff --git a/wqflask/wqflask/group_manager.py b/wqflask/wqflask/group_manager.py
index 9afc016b..24848ed8 100644
--- a/wqflask/wqflask/group_manager.py
+++ b/wqflask/wqflask/group_manager.py
@@ -19,8 +19,8 @@ def manage_groups():
if "add_new_group" in params:
return redirect(url_for('add_group'))
else:
- admin_groups, user_groups = get_user_groups(g.user_session.user_id)
- return render_template("admin/group_manager.html", admin_groups=admin_groups, user_groups=user_groups)
+ admin_groups, member_groups = get_user_groups(g.user_session.user_id)
+ return render_template("admin/group_manager.html", admin_groups=admin_groups, member_groups=member_groups)
@app.route("/groups/view", methods=('GET', 'POST'))
def view_group():
diff --git a/wqflask/wqflask/templates/admin/group_manager.html b/wqflask/wqflask/templates/admin/group_manager.html
index 70d55684..c8ed6851 100644
--- a/wqflask/wqflask/templates/admin/group_manager.html
+++ b/wqflask/wqflask/templates/admin/group_manager.html
@@ -10,18 +10,20 @@
<div class="container">
<div class="page-header">
<h1>Manage Groups</h1>
+ {% if admin_groups|length != 0 or member_groups|length != 0 %}
<div style="display: inline;">
<button type="button" id="create_group" class="btn btn-primary" data-url="/groups/create">Create Group</button>
<button type="button" id="remove_groups" class="btn btn-primary" data-url="/groups/remove">Remove Selected Groups</button>
</div>
+ {% endif %}
</div>
<form id="groups_form" action="/groups/manage" method="POST">
<input type="hidden" name="selected_group_ids" value="">
<div style="min-width: 800px; max-width: 1000px;">
- {% if admin_groups|length == 0 and user_groups|length == 0 %}
+ {% if admin_groups|length == 0 and member_groups|length == 0 %}
<h4>You currently aren't a member or admin of any groups.</h4>
<br>
- <button type="submit" name="add_new_group" class="btn btn-primary">Create a new group</button>
+ <button type="button" id="create_group" class="btn btn-primary" data-url="/groups/create">Create a new group</button>
{% else %}
<div style="margin-top: 20px;"><h2>Admin Groups</h2></div>
<hr>
@@ -60,10 +62,10 @@
<div style="min-width: 800px; max-width: 1000px;">
<div><h2>User Groups</h2></div>
<hr>
- {% if user_groups|length == 0 %}
+ {% if member_groups|length == 0 %}
<h4>You currently aren't a member of any groups.</h4>
{% else %}
- <table id="user_groups" class="table-hover table-striped cell-border" style="float: left;">
+ <table id="member_groups" class="table-hover table-striped cell-border" style="float: left;">
<thead>
<tr>
<th></th>
@@ -75,7 +77,7 @@
</tr>
</thead>
<tbody>
- {% for group in user_groups %}
+ {% for group in member_groups %}
<tr>
<td><input type="checkbox" name="read" value="{{ group.id }}"></td>
<td>{{ loop.index }}</td>
@@ -107,8 +109,8 @@
'sDom': 'tr'
});
{% endif %}
- {% if user_groups|length != 0 %}
- $('#user_groups').dataTable({
+ {% if member_groups|length != 0 %}
+ $('#member_groups').dataTable({
'sDom': 'tr'
});
{% endif %}