airavata-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From machris...@apache.org
Subject [airavata-django-portal] 02/04: AIRAVATA-2794 Load GatewayGroups and if user is in Admins or Read Only Admins
Date Mon, 04 Jun 2018 18:15:04 GMT
This is an automated email from the ASF dual-hosted git repository.

machristie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/airavata-django-portal.git

commit f98c93e4a05ead483ab0bd0f6e22d99dc8df101a
Author: Marcus Christie <machrist@iu.edu>
AuthorDate: Tue May 22 16:27:34 2018 -0400

    AIRAVATA-2794 Load GatewayGroups and if user is in Admins or Read Only Admins
---
 django_airavata/apps/auth/middleware.py | 42 +++++++++++++++++++++++++++++++++
 django_airavata/settings.py             |  3 +++
 2 files changed, 45 insertions(+)

diff --git a/django_airavata/apps/auth/middleware.py b/django_airavata/apps/auth/middleware.py
index 4f4a452..54182b1 100644
--- a/django_airavata/apps/auth/middleware.py
+++ b/django_airavata/apps/auth/middleware.py
@@ -1,8 +1,14 @@
 """Django Airavata Auth Middleware."""
+import copy
+import logging
+
+from django.conf import settings
 from django.contrib.auth import logout
 
 from . import utils
 
+log = logging.getLogger(__name__)
+
 
 def authz_token_middleware(get_response):
     """Automatically add the 'authz_token' to the request."""
@@ -21,3 +27,39 @@ def authz_token_middleware(get_response):
         return get_response(request)
 
     return middleware
+
+
+def gateway_groups_middleware(get_response):
+    """Add 'is_gateway_admin' and 'is_read_only_gateway_admin' to request."""
+    def middleware(request):
+
+        if not request.user.is_authenticated or not request.authz_token:
+            return get_response(request)
+
+        try:
+            # Load the GatewayGroups and check if user is in the Admins and/or
+            # Read Only Admins groups
+            if not request.session.get('GATEWAY_GROUPS'):
+                gateway_groups = request.airavata_client.getGatewayGroups(
+                    request.authz_token)
+                gateway_groups_dict = copy.deepcopy(gateway_groups.__dict__)
+                request.session['GATEWAY_GROUPS'] = gateway_groups_dict
+            gateway_groups = request.session['GATEWAY_GROUPS']
+            admins_group_id = gateway_groups['adminsGroupId']
+            read_only_admins_group_id = gateway_groups['readOnlyAdminsGroupId']
+            group_manager_client = request.profile_service[
+                'group_manager']
+            group_memberships = group_manager_client.getAllGroupsUserBelongs(
+                request.authz_token, request.user.username + "@" + settings.GATEWAY_ID)
+            group_ids = [group.id for group in group_memberships]
+            request.is_gateway_admin = admins_group_id in group_ids
+            request.is_read_only_gateway_admin = \
+                read_only_admins_group_id in group_ids
+        except Exception as e:
+            log.error("Failed to set is_gateway_admin, "
+                      "is_read_only_gateway_admin for user", exc_info=e)
+            request.is_gateway_admin = False
+            request.is_read_only_gateway_admin = False
+
+        return get_response(request)
+    return middleware
diff --git a/django_airavata/settings.py b/django_airavata/settings.py
index e857e8e..ee566b7 100644
--- a/django_airavata/settings.py
+++ b/django_airavata/settings.py
@@ -57,6 +57,9 @@ MIDDLEWARE = [
     'django_airavata.middleware.airavata_client',
     # 'django_airavata.middleware.sharing_client',
     'django_airavata.middleware.profile_service_client',
+    # Needs to come after authz_token_middleware, airavata_client and
+    # profile_service_client
+    'django_airavata.apps.auth.middleware.gateway_groups_middleware',
 ]
 
 ROOT_URLCONF = 'django_airavata.urls'

-- 
To stop receiving notification emails like this one, please contact
machristie@apache.org.

Mime
View raw message