From fcb3cb1105cf2a1d97c1a08fa636b118ed231ffa Mon Sep 17 00:00:00 2001
From: zsloan
Date: Wed, 17 Jun 2020 16:28:15 -0500
Subject: A user's id is now set as a parameter if it doesn't already exist

---
 wqflask/maintenance/set_resource_defaults.py       |  8 +++---
 wqflask/utility/authentication_tools.py            | 30 ++++++++++++----------
 wqflask/utility/redis_tools.py                     |  4 +++
 wqflask/wqflask/group_manager.py                   |  4 +--
 wqflask/wqflask/templates/admin/group_manager.html | 16 +++++++-----
 5 files changed, 36 insertions(+), 26 deletions(-)

diff --git a/wqflask/maintenance/set_resource_defaults.py b/wqflask/maintenance/set_resource_defaults.py
index 344e6a23..0c221bbf 100644
--- a/wqflask/maintenance/set_resource_defaults.py
+++ b/wqflask/maintenance/set_resource_defaults.py
@@ -27,8 +27,9 @@ sys.path.insert(0,'./')
 # NEW: import app to avoid a circular dependency on utility.tools
 from wqflask import app
 
+from utility import hmac
 from utility.tools import SQL_URI
-from utility.redis_tools import get_redis_conn, get_user_id, add_resource, get_resources
+from utility.redis_tools import get_redis_conn, get_user_id, add_resource, get_resources, get_resource_info
 Redis = get_redis_conn()
 
 import MySQLdb
@@ -117,7 +118,7 @@ def insert_geno_resources(default_owner_id):
         resource_ob = {}
         resource_ob['name'] = resource[1]
         if resource[1] == "HET3-ITPGeno":
-            resource_ob['owner_id'] = "73a3f093-ca13-4ae0-a179-9a446f709f6e"
+            resource_ob['owner_id'] = "c5ce8c56-78a6-474f-bcaf-7129d97f56ae"
         else:
             resource_ob['owner_id'] = default_owner_id
         resource_ob['data'] = { "dataset" : str(resource[0]) }
@@ -145,7 +146,8 @@ def main():
 
     Redis.delete("resources")
 
-    owner_id = get_user_id("email_address", "zachary.a.sloan@gmail.com")
+    owner_id = "c5ce8c56-78a6-474f-bcaf-7129d97f56ae"
+
     insert_resources(owner_id)
 
 if __name__ == '__main__':
diff --git a/wqflask/utility/authentication_tools.py b/wqflask/utility/authentication_tools.py
index 07ceacc0..dfa0e2d9 100644
--- a/wqflask/utility/authentication_tools.py
+++ b/wqflask/utility/authentication_tools.py
@@ -7,6 +7,7 @@ from base import data_set
 
 from utility import hmac
 from utility.redis_tools import get_redis_conn, get_resource_info, get_resource_id
+Redis = get_redis_conn()
 
 from flask import Flask, g, redirect, url_for
 
@@ -14,8 +15,12 @@ import logging
 logger = logging.getLogger(__name__ )
 
 def check_resource_availability(dataset, trait_id=None):
-    resource_id = get_resource_id(dataset, trait_id)
 
+    #ZS: Check if super-user - we should probably come up with some way to integrate this into the proxy
+    if g.user_session.user_id in Redis.smembers("super_users"):
+        return "edit"
+
+    resource_id = get_resource_id(dataset, trait_id)
     response = None
     if resource_id:
         resource_info = get_resource_info(resource_id)
@@ -68,19 +73,16 @@ def check_owner(dataset=None, trait_id=None, resource_id=None):
     return False
 
 def check_owner_or_admin(dataset=None, trait_id=None, resource_id=None):
-    if resource_id:
-        resource_info = get_resource_info(resource_id)
-        if g.user_session.user_id == resource_info['owner_id']:
-            return [resource_id, "owner"]
-        else:
-            return [resource_id, check_admin(resource_id)]
-    else:
+    if not resource_id:
         resource_id = get_resource_id(dataset, trait_id)
-        if resource_id:
-            resource_info = get_resource_info(resource_id)
-            if g.user_session.user_id == resource_info['owner_id']:
-                return [resource_id, "owner"]
-            else:
-                return [resource_id, check_admin(resource_id)]
+
+    if g.user_session.user_id in Redis.smembers("super_users"):
+        return [resource_id, "owner"]
+
+    resource_info = get_resource_info(resource_id)
+    if g.user_session.user_id == resource_info['owner_id']:
+        return [resource_id, "owner"]
+    else:
+        return [resource_id, check_admin(resource_id)]
 
     return [resource_id, "not-admin"]
\ No newline at end of file
diff --git a/wqflask/utility/redis_tools.py b/wqflask/utility/redis_tools.py
index c6d221ff..9d09a66b 100644
--- a/wqflask/utility/redis_tools.py
+++ b/wqflask/utility/redis_tools.py
@@ -30,6 +30,7 @@ def is_redis_available():
 
 def get_user_id(column_name, column_value):
     user_list = Redis.hgetall("users")
+    key_list = []
     for key in user_list:
         user_ob = json.loads(user_list[key])
         if column_name in user_ob and user_ob[column_name] == column_value:
@@ -62,6 +63,9 @@ def get_users_like_unique_column(column_name, column_value):
         if column_name != "user_id":
             for key in user_list:
                 user_ob = json.loads(user_list[key])
+                if "user_id" not in user_ob:
+                    set_user_attribute(key, "user_id", key)
+                    user_ob["user_id"] = key
                 if column_name in user_ob:
                     if column_value in user_ob[column_name]:
                         matched_users.append(user_ob)
diff --git a/wqflask/wqflask/group_manager.py b/wqflask/wqflask/group_manager.py
index 9afc016b..24848ed8 100644
--- a/wqflask/wqflask/group_manager.py
+++ b/wqflask/wqflask/group_manager.py
@@ -19,8 +19,8 @@ def manage_groups():
    if "add_new_group" in params:
       return redirect(url_for('add_group'))
    else:
-      admin_groups, user_groups = get_user_groups(g.user_session.user_id)
-      return render_template("admin/group_manager.html", admin_groups=admin_groups, user_groups=user_groups)
+      admin_groups, member_groups = get_user_groups(g.user_session.user_id)
+      return render_template("admin/group_manager.html", admin_groups=admin_groups, member_groups=member_groups)
 
 @app.route("/groups/view", methods=('GET', 'POST'))
 def view_group():
diff --git a/wqflask/wqflask/templates/admin/group_manager.html b/wqflask/wqflask/templates/admin/group_manager.html
index 70d55684..c8ed6851 100644
--- a/wqflask/wqflask/templates/admin/group_manager.html
+++ b/wqflask/wqflask/templates/admin/group_manager.html
@@ -10,18 +10,20 @@
     <div class="container">
         <div class="page-header">
             <h1>Manage Groups</h1>
+            {% if admin_groups|length != 0 or member_groups|length != 0 %}
             <div style="display: inline;">
                 <button type="button" id="create_group" class="btn btn-primary" data-url="/groups/create">Create Group</button>
                 <button type="button" id="remove_groups" class="btn btn-primary" data-url="/groups/remove">Remove Selected Groups</button>
             </div>
+            {% endif %}
         </div>
         <form id="groups_form" action="/groups/manage" method="POST">
             <input type="hidden" name="selected_group_ids" value="">
             <div style="min-width: 800px; max-width: 1000px;">
-                {% if admin_groups|length == 0 and user_groups|length == 0 %}
+                {% if admin_groups|length == 0 and member_groups|length == 0 %}
                 <h4>You currently aren't a member or admin of any groups.</h4>
                 <br>
-                <button type="submit" name="add_new_group" class="btn btn-primary">Create a new group</button>
+                <button type="button" id="create_group" class="btn btn-primary" data-url="/groups/create">Create a new group</button>
                 {% else %}
                 <div style="margin-top: 20px;"><h2>Admin Groups</h2></div>
                 <hr>
@@ -60,10 +62,10 @@
             <div style="min-width: 800px; max-width: 1000px;">
                 <div><h2>User Groups</h2></div>
                 <hr>
-                {% if user_groups|length == 0 %}
+                {% if member_groups|length == 0 %}
                 <h4>You currently aren't a member of any groups.</h4>
                 {% else %}
-                <table id="user_groups" class="table-hover table-striped cell-border" style="float: left;">
+                <table id="member_groups" class="table-hover table-striped cell-border" style="float: left;">
                     <thead>
                         <tr>
                             <th></th>
@@ -75,7 +77,7 @@
                         </tr>
                     </thead>
                     <tbody>
-                        {% for group in user_groups %}
+                        {% for group in member_groups %}
                         <tr>
                             <td><input type="checkbox" name="read" value="{{ group.id }}"></td>
                             <td>{{ loop.index }}</td>
@@ -107,8 +109,8 @@
                 'sDom': 'tr'
             });
             {% endif %}
-            {% if user_groups|length != 0 %}
-            $('#user_groups').dataTable({
+            {% if member_groups|length != 0 %}
+            $('#member_groups').dataTable({
                 'sDom': 'tr'
             });
             {% endif %}
-- 
cgit v1.2.3