aboutsummaryrefslogtreecommitdiff
"""Endpoints for user masquerade"""
from dataclasses import asdict
from uuid import UUID

from flask import request, jsonify, Response, Blueprint, current_app

from gn_auth.auth.errors import InvalidData
from gn_auth.auth.authorisation.resources.groups.models import user_group

from ....db import sqlite3 as db
from ...checks import require_json
from ....authentication.users import user_by_id
from ....authentication.oauth2.resource_server import require_oauth

from .models import masquerade_as

masq = Blueprint("masquerade", __name__)

@masq.route("/", methods=["POST"])
@require_oauth("profile user masquerade")
@require_json
def masquerade() -> Response:
    """Masquerade as a particular user."""
    with (require_oauth.acquire("profile user masquerade") as token,
          db.connection(current_app.config["AUTH_DB"]) as conn):
        masqueradee_id = UUID(request.json["masquerade_as"])#type: ignore[index]
        if masqueradee_id == token.user.user_id:
            raise InvalidData("You are not allowed to masquerade as yourself.")

        masq_user = user_by_id(conn, user_id=masqueradee_id)

        def __masq__(conn):
            new_token = masquerade_as(conn, original_token=token, masqueradee=masq_user)
            return new_token

        return jsonify({
            "original": {
                "user": asdict(token.user)
            },
            "masquerade_as": {
                "user": asdict(masq_user),
                "token": __masq__(conn),
                **(user_group(conn, masq_user).maybe(# type: ignore[misc]
                    {}, lambda grp: {"group": grp}))
            }
        })
generated by cgit v1.2.3 (git 2.47.1) at 2025-07-28 19:01:30 +0000