diff options
author | BonfaceKilz | 2021-10-28 17:03:21 +0300 |
---|---|---|
committer | BonfaceKilz | 2021-11-04 15:22:41 +0300 |
commit | 1c456c5a394d4ba77ccc1858b11798ecac062e97 (patch) | |
tree | 28d5f77db8e42d55e597b433ff7c9834679921ed | |
parent | 6d496d5734f48ed8477ad0666af77c377a9185df (diff) | |
download | genenetwork2-1c456c5a394d4ba77ccc1858b11798ecac062e97.tar.gz |
Move authentication logic to gn3
-rw-r--r-- | wqflask/wqflask/__init__.py | 2 | ||||
-rw-r--r-- | wqflask/wqflask/access_roles.py | 30 | ||||
-rw-r--r-- | wqflask/wqflask/decorators.py | 4 | ||||
-rw-r--r-- | wqflask/wqflask/resource_manager.py | 68 | ||||
-rw-r--r-- | wqflask/wqflask/show_trait/show_trait.py | 8 |
5 files changed, 14 insertions, 98 deletions
diff --git a/wqflask/wqflask/__init__.py b/wqflask/wqflask/__init__.py index 169192c7..7d46fbad 100644 --- a/wqflask/wqflask/__init__.py +++ b/wqflask/wqflask/__init__.py @@ -9,7 +9,7 @@ from typing import Tuple from urllib.parse import urlparse from utility import formatting -from wqflask.access_roles import DataRole, AdminRole +from gn3.authentication import DataRole, AdminRole from wqflask.resource_manager import resource_management from wqflask.metadata_edits import metadata_edit diff --git a/wqflask/wqflask/access_roles.py b/wqflask/wqflask/access_roles.py deleted file mode 100644 index 6cffbc81..00000000 --- a/wqflask/wqflask/access_roles.py +++ /dev/null @@ -1,30 +0,0 @@ -import functools -from enum import Enum, unique - - -@functools.total_ordering -class OrderedEnum(Enum): - @classmethod - @functools.lru_cache(None) - def _member_list(cls): - return list(cls) - - def __lt__(self, other): - if self.__class__ is other.__class__: - member_list = self.__class__._member_list() - return member_list.index(self) < member_list.index(other) - return NotImplemented - - -@unique -class DataRole(OrderedEnum): - NO_ACCESS = "no-access" - VIEW = "view" - EDIT = "edit" - - -@unique -class AdminRole(OrderedEnum): - NOT_ADMIN = "not-admin" - EDIT_ACCESS = "edit-access" - EDIT_ADMINS = "edit-admins" diff --git a/wqflask/wqflask/decorators.py b/wqflask/wqflask/decorators.py index 319d9bd4..41d23084 100644 --- a/wqflask/wqflask/decorators.py +++ b/wqflask/wqflask/decorators.py @@ -5,8 +5,8 @@ from flask import current_app, g, redirect, request, url_for from typing import Dict from urllib.parse import urljoin from functools import wraps -from wqflask.access_roles import AdminRole -from wqflask.access_roles import DataRole +from gn3.authentication import AdminRole +from gn3.authentication import DataRole import json import requests diff --git a/wqflask/wqflask/resource_manager.py b/wqflask/wqflask/resource_manager.py index e338a22d..c0717314 100644 --- a/wqflask/wqflask/resource_manager.py +++ b/wqflask/wqflask/resource_manager.py @@ -11,11 +11,15 @@ from flask import render_template from flask import request from flask import url_for +from gn3.authentication import AdminRole +from gn3.authentication import DataRole +from gn3.authentication import get_user_membership +from gn3.authentication import get_highest_user_access_role + from typing import Dict, Tuple from urllib.parse import urljoin -from wqflask.access_roles import AdminRole -from wqflask.access_roles import DataRole + from wqflask.decorators import edit_access_required from wqflask.decorators import edit_admins_access_required from wqflask.decorators import login_required @@ -24,64 +28,6 @@ from wqflask.decorators import login_required resource_management = Blueprint('resource_management', __name__) -def get_user_membership(conn: redis.Redis, user_id: str, - group_id: str) -> Dict: - """Return a dictionary that indicates whether the `user_id` is a - member or admin of `group_id`. - - Args: - - conn: a Redis Connection with the responses decoded. - - user_id: a user's unique id - e.g. '8ad942fe-490d-453e-bd37-56f252e41603' - - group_id: a group's unique id - e.g. '7fa95d07-0e2d-4bc5-b47c-448fdc1260b2' - - Returns: - A dict indicating whether the user is an admin or a member of - the group: {"member": True, "admin": False} - - """ - results = {"member": False, "admin": False} - for key, value in conn.hgetall('groups').items(): - if key == group_id: - group_info = json.loads(value) - if user_id in group_info.get("admins"): - results["admin"] = True - if user_id in group_info.get("members"): - results["member"] = True - break - return results - - -def get_user_access_roles( - resource_id: str, - user_id: str, - gn_proxy_url: str = "http://localhost:8080") -> Dict: - """Get the highest access roles for a given user - - Args: - - resource_id: The unique id of a given resource. - - user_id: The unique id of a given user. - - gn_proxy_url: The URL where gn-proxy is running. - - Returns: - A dict indicating the highest access role the user has. - - """ - role_mapping = {} - for x, y in zip(DataRole, AdminRole): - role_mapping.update({x.value: x, }) - role_mapping.update({y.value: y, }) - access_role = {} - for key, value in json.loads( - requests.get(urljoin( - gn_proxy_url, - ("available?resource=" - f"{resource_id}&user={user_id}"))).content).items(): - access_role[key] = max(map(lambda x: role_mapping[x], value)) - return access_role - - def add_extra_resource_metadata(conn: redis.Redis, resource_id: str, resource: Dict) -> Dict: @@ -144,7 +90,7 @@ def view_resource(resource_id: str): conn=redis_conn, resource_id=resource_id, resource=json.loads(resource))), - access_role=get_user_access_roles( + access_role=get_highest_user_access_role( resource_id=resource_id, user_id=user_id, gn_proxy_url=current_app.config.get("GN2_PROXY"))) diff --git a/wqflask/wqflask/show_trait/show_trait.py b/wqflask/wqflask/show_trait/show_trait.py index fa1206c9..6020bc16 100644 --- a/wqflask/wqflask/show_trait/show_trait.py +++ b/wqflask/wqflask/show_trait/show_trait.py @@ -23,9 +23,9 @@ from utility.tools import locate_ignore_error from utility.tools import GN_PROXY_URL from utility.redis_tools import get_redis_conn, get_resource_id -from wqflask.access_roles import AdminRole -from wqflask.access_roles import DataRole -from wqflask.resource_manager import get_user_access_roles +from gn3.authentication import AdminRole +from gn3.authentication import DataRole +from gn3.authentication import get_highest_user_access_role Redis = get_redis_conn() ONE_YEAR = 60 * 60 * 24 * 365 @@ -73,7 +73,7 @@ class ShowTrait: self.trait_vals = Redis.get(self.trait_id).split() self.resource_id = get_resource_id(self.dataset, self.trait_id) - self.admin_status = get_user_access_roles( + self.admin_status = get_highest_user_access_role( user_id=user_id, resource_id=(self.resource_id or ""), gn_proxy_url=GN_PROXY_URL) |