From 21bf6af02e33865f00319467ba4670fa3d872961 Mon Sep 17 00:00:00 2001
From: BonfaceKilz
Date: Fri, 29 Oct 2021 08:33:37 +0300
Subject: Add auth module

---
 gn3/authentication.py | 94 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 94 insertions(+)
 create mode 100644 gn3/authentication.py

(limited to 'gn3/authentication.py')

diff --git a/gn3/authentication.py b/gn3/authentication.py
new file mode 100644
index 0000000..baf2c7a
--- /dev/null
+++ b/gn3/authentication.py
@@ -0,0 +1,94 @@
+import functools
+import json
+import redis
+import requests
+
+from typing import Dict
+from enum import Enum, unique
+from urllib.parse import urljoin
+
+
+@functools.total_ordering
+class OrderedEnum(Enum):
+    @classmethod
+    @functools.lru_cache(None)
+    def _member_list(cls):
+        return list(cls)
+
+    def __lt__(self, other):
+        if self.__class__ is other.__class__:
+            member_list = self.__class__._member_list()
+            return member_list.index(self) < member_list.index(other)
+        return NotImplemented
+
+
+@unique
+class DataRole(OrderedEnum):
+    NO_ACCESS = "no-access"
+    VIEW = "view"
+    EDIT = "edit"
+
+
+@unique
+class AdminRole(OrderedEnum):
+    NOT_ADMIN = "not-admin"
+    EDIT_ACCESS = "edit-access"
+    EDIT_ADMINS = "edit-admins"
+
+
+def get_user_membership(conn: redis.Redis, user_id: str,
+                        group_id: str) -> Dict:
+    """Return a dictionary that indicates whether the `user_id` is a
+    member or admin of `group_id`.
+
+    Args:
+      - conn: a Redis Connection with the responses decoded.
+      - user_id: a user's unique id
+        e.g. '8ad942fe-490d-453e-bd37-56f252e41603'
+      - group_id: a group's unique id
+      e.g. '7fa95d07-0e2d-4bc5-b47c-448fdc1260b2'
+
+    Returns:
+      A dict indicating whether the user is an admin or a member of
+      the group: {"member": True, "admin": False}
+
+    """
+    results = {"member": False, "admin": False}
+    for key, value in conn.hgetall('groups').items():
+        if key == group_id:
+            group_info = json.loads(value)
+            if user_id in group_info.get("admins"):
+                results["admin"] = True
+            if user_id in group_info.get("members"):
+                results["member"] = True
+            break
+    return results
+
+
+def get_highest_user_access_role(
+        resource_id: str,
+        user_id: str,
+        gn_proxy_url: str = "http://localhost:8080") -> Dict:
+    """Get the highest access roles for a given user
+
+    Args:
+      - resource_id: The unique id of a given resource.
+      - user_id: The unique id of a given user.
+      - gn_proxy_url: The URL where gn-proxy is running.
+
+    Returns:
+      A dict indicating the highest access role the user has.
+
+    """
+    role_mapping = {}
+    for x, y in zip(DataRole, AdminRole):
+        role_mapping.update({x.value: x, })
+        role_mapping.update({y.value: y, })
+    access_role = {}
+    for key, value in json.loads(
+        requests.get(urljoin(
+            gn_proxy_url,
+            ("available?resource="
+             f"{resource_id}&user={user_id}"))).content).items():
+        access_role[key] = max(map(lambda x: role_mapping[x], value))
+    return access_role
-- 
cgit v1.2.3


From a74df27eae7481cc8f1f12cc8a0adcc06cd1a984 Mon Sep 17 00:00:00 2001
From: BonfaceKilz
Date: Sun, 31 Oct 2021 15:58:18 +0300
Subject: Fix pylint issues in gn3.authentication

---
 gn3/authentication.py | 29 ++++++++++++++++-------------
 1 file changed, 16 insertions(+), 13 deletions(-)

(limited to 'gn3/authentication.py')

diff --git a/gn3/authentication.py b/gn3/authentication.py
index baf2c7a..892aa8f 100644
--- a/gn3/authentication.py
+++ b/gn3/authentication.py
@@ -1,15 +1,17 @@
+"""Methods for interacting with gn-proxy."""
 import functools
 import json
+from urllib.parse import urljoin
+from enum import Enum, unique
+from typing import Dict
+
 import redis
 import requests
 
-from typing import Dict
-from enum import Enum, unique
-from urllib.parse import urljoin
-
 
 @functools.total_ordering
 class OrderedEnum(Enum):
+    """A class that ordered Enums in order of position"""
     @classmethod
     @functools.lru_cache(None)
     def _member_list(cls):
@@ -24,6 +26,7 @@ class OrderedEnum(Enum):
 
 @unique
 class DataRole(OrderedEnum):
+    """Enums for Data Access"""
     NO_ACCESS = "no-access"
     VIEW = "view"
     EDIT = "edit"
@@ -31,6 +34,7 @@ class DataRole(OrderedEnum):
 
 @unique
 class AdminRole(OrderedEnum):
+    """Enums for Admin status"""
     NOT_ADMIN = "not-admin"
     EDIT_ACCESS = "edit-access"
     EDIT_ADMINS = "edit-admins"
@@ -81,14 +85,13 @@ def get_highest_user_access_role(
 
     """
     role_mapping = {}
-    for x, y in zip(DataRole, AdminRole):
-        role_mapping.update({x.value: x, })
-        role_mapping.update({y.value: y, })
+    for data_role, admin_role in zip(DataRole, AdminRole):
+        role_mapping.update({data_role.value: data_role, })
+        role_mapping.update({admin_role.value: admin_role, })
     access_role = {}
-    for key, value in json.loads(
-        requests.get(urljoin(
-            gn_proxy_url,
-            ("available?resource="
-             f"{resource_id}&user={user_id}"))).content).items():
-        access_role[key] = max(map(lambda x: role_mapping[x], value))
+    response = requests.get(urljoin(gn_proxy_url,
+                                    ("available?resource="
+                                     f"{resource_id}&user={user_id}")))
+    for key, value in json.loads(response.content).items():
+        access_role[key] = max(map(lambda role: role_mapping[role], value))
     return access_role
-- 
cgit v1.2.3


From 8169d8aacd8598730fd2e6eba06052e7502f2cc1 Mon Sep 17 00:00:00 2001
From: BonfaceKilz
Date: Mon, 1 Nov 2021 09:05:32 +0300
Subject: Fix mypy issues

---
 gn3/authentication.py | 8 ++++----
 mypy.ini              | 6 ++++++
 2 files changed, 10 insertions(+), 4 deletions(-)

(limited to 'gn3/authentication.py')

diff --git a/gn3/authentication.py b/gn3/authentication.py
index 892aa8f..7bc7b77 100644
--- a/gn3/authentication.py
+++ b/gn3/authentication.py
@@ -3,9 +3,9 @@ import functools
 import json
 from urllib.parse import urljoin
 from enum import Enum, unique
-from typing import Dict
+from typing import Dict, Union
 
-import redis
+from redis import Redis
 import requests
 
 
@@ -40,7 +40,7 @@ class AdminRole(OrderedEnum):
     EDIT_ADMINS = "edit-admins"
 
 
-def get_user_membership(conn: redis.Redis, user_id: str,
+def get_user_membership(conn: Redis, user_id: str,
                         group_id: str) -> Dict:
     """Return a dictionary that indicates whether the `user_id` is a
     member or admin of `group_id`.
@@ -84,7 +84,7 @@ def get_highest_user_access_role(
       A dict indicating the highest access role the user has.
 
     """
-    role_mapping = {}
+    role_mapping: Dict[str, Union[DataRole, AdminRole]] = {}
     for data_role, admin_role in zip(DataRole, AdminRole):
         role_mapping.update({data_role.value: data_role, })
         role_mapping.update({admin_role.value: admin_role, })
diff --git a/mypy.ini b/mypy.ini
index a507703..b0c48df 100644
--- a/mypy.ini
+++ b/mypy.ini
@@ -13,4 +13,10 @@ ignore_missing_imports = True
 ignore_missing_imports = True
 
 [mypy-pingouin.*]
+ignore_missing_imports = True
+
+[mypy-redis.*]
+ignore_missing_imports = True
+
+[mypy-requests.*]
 ignore_missing_imports = True
\ No newline at end of file
-- 
cgit v1.2.3