aboutsummaryrefslogtreecommitdiff
path: root/wqflask
diff options
context:
space:
mode:
authorBonfaceKilz2021-10-28 17:03:21 +0300
committerBonfaceKilz2021-11-04 15:22:41 +0300
commit1c456c5a394d4ba77ccc1858b11798ecac062e97 (patch)
tree28d5f77db8e42d55e597b433ff7c9834679921ed /wqflask
parent6d496d5734f48ed8477ad0666af77c377a9185df (diff)
downloadgenenetwork2-1c456c5a394d4ba77ccc1858b11798ecac062e97.tar.gz
Move authentication logic to gn3
Diffstat (limited to 'wqflask')
-rw-r--r--wqflask/wqflask/__init__.py2
-rw-r--r--wqflask/wqflask/access_roles.py30
-rw-r--r--wqflask/wqflask/decorators.py4
-rw-r--r--wqflask/wqflask/resource_manager.py68
-rw-r--r--wqflask/wqflask/show_trait/show_trait.py8
5 files changed, 14 insertions, 98 deletions
diff --git a/wqflask/wqflask/__init__.py b/wqflask/wqflask/__init__.py
index 169192c7..7d46fbad 100644
--- a/wqflask/wqflask/__init__.py
+++ b/wqflask/wqflask/__init__.py
@@ -9,7 +9,7 @@ from typing import Tuple
from urllib.parse import urlparse
from utility import formatting
-from wqflask.access_roles import DataRole, AdminRole
+from gn3.authentication import DataRole, AdminRole
from wqflask.resource_manager import resource_management
from wqflask.metadata_edits import metadata_edit
diff --git a/wqflask/wqflask/access_roles.py b/wqflask/wqflask/access_roles.py
deleted file mode 100644
index 6cffbc81..00000000
--- a/wqflask/wqflask/access_roles.py
+++ /dev/null
@@ -1,30 +0,0 @@
-import functools
-from enum import Enum, unique
-
-
-@functools.total_ordering
-class OrderedEnum(Enum):
- @classmethod
- @functools.lru_cache(None)
- def _member_list(cls):
- return list(cls)
-
- def __lt__(self, other):
- if self.__class__ is other.__class__:
- member_list = self.__class__._member_list()
- return member_list.index(self) < member_list.index(other)
- return NotImplemented
-
-
-@unique
-class DataRole(OrderedEnum):
- NO_ACCESS = "no-access"
- VIEW = "view"
- EDIT = "edit"
-
-
-@unique
-class AdminRole(OrderedEnum):
- NOT_ADMIN = "not-admin"
- EDIT_ACCESS = "edit-access"
- EDIT_ADMINS = "edit-admins"
diff --git a/wqflask/wqflask/decorators.py b/wqflask/wqflask/decorators.py
index 319d9bd4..41d23084 100644
--- a/wqflask/wqflask/decorators.py
+++ b/wqflask/wqflask/decorators.py
@@ -5,8 +5,8 @@ from flask import current_app, g, redirect, request, url_for
from typing import Dict
from urllib.parse import urljoin
from functools import wraps
-from wqflask.access_roles import AdminRole
-from wqflask.access_roles import DataRole
+from gn3.authentication import AdminRole
+from gn3.authentication import DataRole
import json
import requests
diff --git a/wqflask/wqflask/resource_manager.py b/wqflask/wqflask/resource_manager.py
index e338a22d..c0717314 100644
--- a/wqflask/wqflask/resource_manager.py
+++ b/wqflask/wqflask/resource_manager.py
@@ -11,11 +11,15 @@ from flask import render_template
from flask import request
from flask import url_for
+from gn3.authentication import AdminRole
+from gn3.authentication import DataRole
+from gn3.authentication import get_user_membership
+from gn3.authentication import get_highest_user_access_role
+
from typing import Dict, Tuple
from urllib.parse import urljoin
-from wqflask.access_roles import AdminRole
-from wqflask.access_roles import DataRole
+
from wqflask.decorators import edit_access_required
from wqflask.decorators import edit_admins_access_required
from wqflask.decorators import login_required
@@ -24,64 +28,6 @@ from wqflask.decorators import login_required
resource_management = Blueprint('resource_management', __name__)
-def get_user_membership(conn: redis.Redis, user_id: str,
- group_id: str) -> Dict:
- """Return a dictionary that indicates whether the `user_id` is a
- member or admin of `group_id`.
-
- Args:
- - conn: a Redis Connection with the responses decoded.
- - user_id: a user's unique id
- e.g. '8ad942fe-490d-453e-bd37-56f252e41603'
- - group_id: a group's unique id
- e.g. '7fa95d07-0e2d-4bc5-b47c-448fdc1260b2'
-
- Returns:
- A dict indicating whether the user is an admin or a member of
- the group: {"member": True, "admin": False}
-
- """
- results = {"member": False, "admin": False}
- for key, value in conn.hgetall('groups').items():
- if key == group_id:
- group_info = json.loads(value)
- if user_id in group_info.get("admins"):
- results["admin"] = True
- if user_id in group_info.get("members"):
- results["member"] = True
- break
- return results
-
-
-def get_user_access_roles(
- resource_id: str,
- user_id: str,
- gn_proxy_url: str = "http://localhost:8080") -> Dict:
- """Get the highest access roles for a given user
-
- Args:
- - resource_id: The unique id of a given resource.
- - user_id: The unique id of a given user.
- - gn_proxy_url: The URL where gn-proxy is running.
-
- Returns:
- A dict indicating the highest access role the user has.
-
- """
- role_mapping = {}
- for x, y in zip(DataRole, AdminRole):
- role_mapping.update({x.value: x, })
- role_mapping.update({y.value: y, })
- access_role = {}
- for key, value in json.loads(
- requests.get(urljoin(
- gn_proxy_url,
- ("available?resource="
- f"{resource_id}&user={user_id}"))).content).items():
- access_role[key] = max(map(lambda x: role_mapping[x], value))
- return access_role
-
-
def add_extra_resource_metadata(conn: redis.Redis,
resource_id: str,
resource: Dict) -> Dict:
@@ -144,7 +90,7 @@ def view_resource(resource_id: str):
conn=redis_conn,
resource_id=resource_id,
resource=json.loads(resource))),
- access_role=get_user_access_roles(
+ access_role=get_highest_user_access_role(
resource_id=resource_id,
user_id=user_id,
gn_proxy_url=current_app.config.get("GN2_PROXY")))
diff --git a/wqflask/wqflask/show_trait/show_trait.py b/wqflask/wqflask/show_trait/show_trait.py
index fa1206c9..6020bc16 100644
--- a/wqflask/wqflask/show_trait/show_trait.py
+++ b/wqflask/wqflask/show_trait/show_trait.py
@@ -23,9 +23,9 @@ from utility.tools import locate_ignore_error
from utility.tools import GN_PROXY_URL
from utility.redis_tools import get_redis_conn, get_resource_id
-from wqflask.access_roles import AdminRole
-from wqflask.access_roles import DataRole
-from wqflask.resource_manager import get_user_access_roles
+from gn3.authentication import AdminRole
+from gn3.authentication import DataRole
+from gn3.authentication import get_highest_user_access_role
Redis = get_redis_conn()
ONE_YEAR = 60 * 60 * 24 * 365
@@ -73,7 +73,7 @@ class ShowTrait:
self.trait_vals = Redis.get(self.trait_id).split()
self.resource_id = get_resource_id(self.dataset,
self.trait_id)
- self.admin_status = get_user_access_roles(
+ self.admin_status = get_highest_user_access_role(
user_id=user_id,
resource_id=(self.resource_id or ""),
gn_proxy_url=GN_PROXY_URL)