Move authentication logic to gn3

author: BonfaceKilz 2021-10-28 17:03:21 +0300
committer: BonfaceKilz 2021-11-04 15:22:41 +0300
commit: 1c456c5a394d4ba77ccc1858b11798ecac062e97 (patch)
tree: 28d5f77db8e42d55e597b433ff7c9834679921ed /wqflask
parent: 6d496d5734f48ed8477ad0666af77c377a9185df (diff)
download: genenetwork2-1c456c5a394d4ba77ccc1858b11798ecac062e97.tar.gz
5 files changed, 14 insertions, 98 deletions
diff --git a/wqflask/wqflask/__init__.py b/wqflask/wqflask/__init__.py
index 169192c7..7d46fbad 100644
--- a/wqflask/wqflask/__init__.py
+++ b/wqflask/wqflask/__init__.py
@@ -9,7 +9,7 @@ from typing import Tuple
 from urllib.parse import urlparse
 from utility import formatting
 
-from wqflask.access_roles import DataRole, AdminRole
+from gn3.authentication import DataRole, AdminRole
 from wqflask.resource_manager import resource_management
 
 from wqflask.metadata_edits import metadata_edit
diff --git a/wqflask/wqflask/access_roles.py b/wqflask/wqflask/access_roles.py
deleted file mode 100644
index 6cffbc81..00000000
--- a/wqflask/wqflask/access_roles.py
+++ /dev/null
@@ -1,30 +0,0 @@
-import functools
-from enum import Enum, unique
-
-
-@functools.total_ordering
-class OrderedEnum(Enum):
-    @classmethod
-    @functools.lru_cache(None)
-    def _member_list(cls):
-        return list(cls)
-
-    def __lt__(self, other):
-        if self.__class__ is other.__class__:
-            member_list = self.__class__._member_list()
-            return member_list.index(self) < member_list.index(other)
-        return NotImplemented
-
-
-@unique
-class DataRole(OrderedEnum):
-    NO_ACCESS = "no-access"
-    VIEW = "view"
-    EDIT = "edit"
-
-
-@unique
-class AdminRole(OrderedEnum):
-    NOT_ADMIN = "not-admin"
-    EDIT_ACCESS = "edit-access"
-    EDIT_ADMINS = "edit-admins"
diff --git a/wqflask/wqflask/decorators.py b/wqflask/wqflask/decorators.py
index 319d9bd4..41d23084 100644
--- a/wqflask/wqflask/decorators.py
+++ b/wqflask/wqflask/decorators.py
@@ -5,8 +5,8 @@ from flask import current_app, g, redirect, request, url_for
 from typing import Dict
 from urllib.parse import urljoin
 from functools import wraps
-from wqflask.access_roles import AdminRole
-from wqflask.access_roles import DataRole
+from gn3.authentication import AdminRole
+from gn3.authentication import DataRole
 
 import json
 import requests
diff --git a/wqflask/wqflask/resource_manager.py b/wqflask/wqflask/resource_manager.py
index e338a22d..c0717314 100644
--- a/wqflask/wqflask/resource_manager.py
+++ b/wqflask/wqflask/resource_manager.py
@@ -11,11 +11,15 @@ from flask import render_template
 from flask import request
 from flask import url_for
 
+from gn3.authentication import AdminRole
+from gn3.authentication import DataRole
+from gn3.authentication import get_user_membership
+from gn3.authentication import get_highest_user_access_role
+
 from typing import Dict, Tuple
 from urllib.parse import urljoin
 
-from wqflask.access_roles import AdminRole
-from wqflask.access_roles import DataRole
+
 from wqflask.decorators import edit_access_required
 from wqflask.decorators import edit_admins_access_required
 from wqflask.decorators import login_required
@@ -24,64 +28,6 @@ from wqflask.decorators import login_required
 resource_management = Blueprint('resource_management', __name__)
 
 
-def get_user_membership(conn: redis.Redis, user_id: str,
-                        group_id: str) -> Dict:
-    """Return a dictionary that indicates whether the `user_id` is a
-    member or admin of `group_id`.
-
-    Args:
-      - conn: a Redis Connection with the responses decoded.
-      - user_id: a user's unique id
-        e.g. '8ad942fe-490d-453e-bd37-56f252e41603'
-      - group_id: a group's unique id
-      e.g. '7fa95d07-0e2d-4bc5-b47c-448fdc1260b2'
-
-    Returns:
-      A dict indicating whether the user is an admin or a member of
-      the group: {"member": True, "admin": False}
-
-    """
-    results = {"member": False, "admin": False}
-    for key, value in conn.hgetall('groups').items():
-        if key == group_id:
-            group_info = json.loads(value)
-            if user_id in group_info.get("admins"):
-                results["admin"] = True
-            if user_id in group_info.get("members"):
-                results["member"] = True
-            break
-    return results
-
-
-def get_user_access_roles(
-        resource_id: str,
-        user_id: str,
-        gn_proxy_url: str = "http://localhost:8080") -> Dict:
-    """Get the highest access roles for a given user
-
-    Args:
-      - resource_id: The unique id of a given resource.
-      - user_id: The unique id of a given user.
-      - gn_proxy_url: The URL where gn-proxy is running.
-
-    Returns:
-      A dict indicating the highest access role the user has.
-
-    """
-    role_mapping = {}
-    for x, y in zip(DataRole, AdminRole):
-        role_mapping.update({x.value: x, })
-        role_mapping.update({y.value: y, })
-    access_role = {}
-    for key, value in json.loads(
-        requests.get(urljoin(
-            gn_proxy_url,
-            ("available?resource="
-             f"{resource_id}&user={user_id}"))).content).items():
-        access_role[key] = max(map(lambda x: role_mapping[x], value))
-    return access_role
-
-
 def add_extra_resource_metadata(conn: redis.Redis,
                                 resource_id: str,
                                 resource: Dict) -> Dict:
@@ -144,7 +90,7 @@ def view_resource(resource_id: str):
             conn=redis_conn,
             resource_id=resource_id,
             resource=json.loads(resource))),
-        access_role=get_user_access_roles(
+        access_role=get_highest_user_access_role(
             resource_id=resource_id,
             user_id=user_id,
             gn_proxy_url=current_app.config.get("GN2_PROXY")))
diff --git a/wqflask/wqflask/show_trait/show_trait.py b/wqflask/wqflask/show_trait/show_trait.py
index fa1206c9..6020bc16 100644
--- a/wqflask/wqflask/show_trait/show_trait.py
+++ b/wqflask/wqflask/show_trait/show_trait.py
@@ -23,9 +23,9 @@ from utility.tools import locate_ignore_error
 from utility.tools import GN_PROXY_URL
 from utility.redis_tools import get_redis_conn, get_resource_id
 
-from wqflask.access_roles import AdminRole
-from wqflask.access_roles import DataRole
-from wqflask.resource_manager import get_user_access_roles
+from gn3.authentication import AdminRole
+from gn3.authentication import DataRole
+from gn3.authentication import get_highest_user_access_role
 
 Redis = get_redis_conn()
 ONE_YEAR = 60 * 60 * 24 * 365
@@ -73,7 +73,7 @@ class ShowTrait:
             self.trait_vals = Redis.get(self.trait_id).split()
         self.resource_id = get_resource_id(self.dataset,
                                            self.trait_id)
-        self.admin_status = get_user_access_roles(
+        self.admin_status = get_highest_user_access_role(
                 user_id=user_id,
                 resource_id=(self.resource_id or ""),
                 gn_proxy_url=GN_PROXY_URL)
author	BonfaceKilz	2021-10-28 17:03:21 +0300
committer	BonfaceKilz	2021-11-04 15:22:41 +0300
commit	1c456c5a394d4ba77ccc1858b11798ecac062e97 (patch)
tree	28d5f77db8e42d55e597b433ff7c9834679921ed /wqflask
parent	6d496d5734f48ed8477ad0666af77c377a9185df (diff)
download	genenetwork2-1c456c5a394d4ba77ccc1858b11798ecac062e97.tar.gz