Adding all the authentication stuff

2 files changed, 150 insertions, 49 deletions

diff --git a/wqflask/utility/authentication_tools.py b/wqflask/utility/authentication_tools.py
index 537881a5..07ceacc0 100644
--- a/wqflask/utility/authentication_tools.py
+++ b/wqflask/utility/authentication_tools.py
@@ -1,46 +1,86 @@
-from __future__ import absolute_import, print_function, division

-

-import json

-import requests

-

-from base import data_set

-

-from utility import hmac

-from utility.redis_tools import get_redis_conn, get_resource_info, get_resource_id

-

-from flask import Flask, g, redirect, url_for

-

-import logging

-logger = logging.getLogger(__name__ )

-

-def check_resource_availability(dataset, trait_id=None):

-    resource_id = get_resource_id(dataset, trait_id)

-

-    if resource_id:

-        the_url = "http://localhost:8080/available?resource={}&user={}".format(resource_id, g.user_session.user_id)

-        try:

-            response = json.loads(requests.get(the_url).content)['data']

-        except:

-            resource_info = get_resource_info(resource_id)

-            response = resource_info['default_mask']['data']

-

-        if 'view' in response:

-            return True

-        else:

-            return redirect(url_for("no_access_page"))

-

-    return True

-

-def check_owner(dataset=None, trait_id=None, resource_id=None):

-    if resource_id:

-        resource_info = get_resource_info(resource_id)

-        if g.user_session.user_id == resource_info['owner_id']:

-            return resource_id

-    else:

-        resource_id = get_resource_id(dataset, trait_id)

-        if resource_id:

-            resource_info = get_resource_info(resource_id)

-            if g.user_session.user_id == resource_info['owner_id']:

-                return resource_id

-

-    return False
\ No newline at end of file
+from __future__ import absolute_import, print_function, division
+
+import json
+import requests
+
+from base import data_set
+
+from utility import hmac
+from utility.redis_tools import get_redis_conn, get_resource_info, get_resource_id
+
+from flask import Flask, g, redirect, url_for
+
+import logging
+logger = logging.getLogger(__name__ )
+
+def check_resource_availability(dataset, trait_id=None):
+    resource_id = get_resource_id(dataset, trait_id)
+
+    response = None
+    if resource_id:
+        resource_info = get_resource_info(resource_id)
+
+        the_url = "http://localhost:8080/available?resource={}&user={}".format(resource_id, g.user_session.user_id)
+        try:
+            response = json.loads(requests.get(the_url).content)['data']
+        except:
+            response = resource_info['default_mask']['data']
+
+        if 'edit' in response:
+            return "edit"
+        elif 'view' in response:
+            return "view"
+        else:
+            return "no-access"
+
+    return False
+
+def check_admin(resource_id=None):
+
+    return "not-admin"
+
+    # ZS: commented out until proxy can return this
+    # the_url = "http://localhost:8080/available?resource={}&user={}".format(resource_id, g.user_session.user_id)
+    # try:
+    #     response = json.loads(requests.get(the_url).content)
+    # except:
+    #     response = resource_info['default_mask']['admin']
+
+    # if 'edit-admins' in response:
+    #     return "edit-admins"
+    # elif 'edit-access' in response:
+    #     return "edit-access"
+    # else:
+    #     return "not-admin"
+
+def check_owner(dataset=None, trait_id=None, resource_id=None):
+    if resource_id:
+        resource_info = get_resource_info(resource_id)
+        if g.user_session.user_id == resource_info['owner_id']:
+            return resource_id
+    else:
+        resource_id = get_resource_id(dataset, trait_id)
+        if resource_id:
+            resource_info = get_resource_info(resource_id)
+            if g.user_session.user_id == resource_info['owner_id']:
+                return resource_id
+
+    return False
+
+def check_owner_or_admin(dataset=None, trait_id=None, resource_id=None):
+    if resource_id:
+        resource_info = get_resource_info(resource_id)
+        if g.user_session.user_id == resource_info['owner_id']:
+            return [resource_id, "owner"]
+        else:
+            return [resource_id, check_admin(resource_id)]
+    else:
+        resource_id = get_resource_id(dataset, trait_id)
+        if resource_id:
+            resource_info = get_resource_info(resource_id)
+            if g.user_session.user_id == resource_info['owner_id']:
+                return [resource_id, "owner"]
+            else:
+                return [resource_id, check_admin(resource_id)]
+
+    return [resource_id, "not-admin"]
\ No newline at end of file
diff --git a/wqflask/utility/redis_tools.py b/wqflask/utility/redis_tools.py
index bc30a0af..c6d221ff 100644
--- a/wqflask/utility/redis_tools.py
+++ b/wqflask/utility/redis_tools.py
@@ -16,7 +16,7 @@ from utility.logger import getLogger
 logger = getLogger(__name__)
 
 def get_redis_conn():
-    Redis = redis.StrictRedis(port=6380)
+    Redis = redis.StrictRedis(port=6379)
     return Redis
 
 Redis = get_redis_conn()
@@ -51,6 +51,27 @@ def get_user_by_unique_column(column_name, column_value):
 
     return item_details
 
+def get_users_like_unique_column(column_name, column_value):
+    """
+    Like previous function, but this only checks if the input is a subset of a field and can return multiple results
+    """
+    matched_users = []
+
+    if column_value != "":
+        user_list = Redis.hgetall("users")
+        if column_name != "user_id":
+            for key in user_list:
+                user_ob = json.loads(user_list[key])
+                if column_name in user_ob:
+                    if column_value in user_ob[column_name]:
+                        matched_users.append(user_ob)
+        else:
+            matched_users.append(json.loads(user_list[column_value]))
+
+    return matched_users
+
+# def search_users_by_unique_column(column_name, column_value):
+
 def set_user_attribute(user_id, column_name, column_value):
     user_info = json.loads(Redis.hget("users", user_id))
     user_info[column_name] = column_value
@@ -142,6 +163,28 @@ def get_group_by_unique_column(column_name, column_value):
 
     return matched_groups
 
+def get_groups_like_unique_column(column_name, column_value):
+    """
+    Like previous function, but this only checks if the input is a subset of a field and can return multiple results
+    """
+    matched_groups = []
+
+    if column_value != "":
+        group_list = Redis.hgetall("groups")
+        if column_name != "group_id":
+            for key in group_list:
+                group_info = json.loads(group_list[key])
+                if column_name == "admins" or column_name == "members": #ZS: Since these fields are lists, search in the list
+                    if column_value in group_info[column_name]:
+                        matched_groups.append(group_info)
+                else:
+                    if column_name in group_info:
+                        if column_value in group_info[column_name]:
+                            matched_groups.append(group_info)
+        else:
+            matched_groups.append(json.loads(group_list[column_value]))
+
+    return matched_groups
 
 def create_group(admin_user_ids, member_user_ids = [], group_name = "Default Group Name"):
     group_id = str(uuid.uuid4())
@@ -192,9 +235,13 @@ def add_users_to_group(user_id, group_id, user_emails = [], admins = False): #ZS
 
 def remove_users_from_group(user_id, users_to_remove_ids, group_id, user_type = "members"): #ZS: User type is because I assume admins can remove other admins
     group_info = get_group_info(group_id)
+
     if user_id in group_info["admins"]:
+        users_to_remove_set = set(users_to_remove_ids)
+        if user_type == "admins" and user_id in users_to_remove_set: #ZS: Make sure an admin can't remove themselves from a group, since I imagine we don't want groups to be able to become admin-less
+            users_to_remove_set.remove(user_id)
         group_users = set(group_info[user_type])
-        group_users -= set(users_to_remove_ids)
+        group_users -= users_to_remove_set
         group_info[user_type] = list(group_users)
         group_info["changed_timestamp"] = datetime.datetime.utcnow().strftime('%b %d %Y %I:%M%p')
         Redis.hset("groups", group_id, json.dumps(group_info))
@@ -232,7 +279,6 @@ def get_resource_info(resource_id):
     return json.loads(resource_info)
 
 def add_resource(resource_info):
-
     if 'trait' in resource_info['data']:
         resource_id = hmac.hmac_creation('{}:{}:{}'.format(str(resource_info['type']), str(resource_info['data']['dataset']), str(resource_info['data']['trait'])))
     else:
@@ -241,3 +287,18 @@ def add_resource(resource_info):
     Redis.hset("resources", resource_id, json.dumps(resource_info))
 
     return resource_info
+
+def add_access_mask(resource_id, group_id, access_mask):
+    the_resource = get_resource_info(resource_id)
+    the_resource['group_masks'][group_id] = access_mask
+
+    Redis.hset("resources", resource_id, json.dumps(the_resource))
+
+    return the_resource
+
+def change_resource_owner(resource_id, new_owner_id):
+    the_resource= get_resource_info(resource_id)
+    the_resource['owner_id'] = new_owner_id
+
+    Redis.delete("resource")
+    Redis.hset("resources", resource_id, json.dumps(the_resource))
\ No newline at end of file