update handlers to user Users repo for managing authorization
This commit is contained in:
parent
4baa5fdd8c
commit
202f88bae5
11
atst/app.py
11
atst/app.py
@ -35,7 +35,7 @@ def make_app(config, deps, **kwargs):
|
||||
{
|
||||
"sessions": deps["sessions"],
|
||||
"authnid_client": deps["authnid_client"],
|
||||
"authz_client": deps["authz_client"],
|
||||
"db_session": deps["db_session"],
|
||||
},
|
||||
name="login_redirect",
|
||||
),
|
||||
@ -50,7 +50,7 @@ def make_app(config, deps, **kwargs):
|
||||
url(
|
||||
r"/workspaces",
|
||||
Workspaces,
|
||||
{"page": "workspaces", "authz_client": deps["authz_client"]},
|
||||
{"page": "workspaces", "db_session": deps["db_session"]},
|
||||
name="workspaces",
|
||||
),
|
||||
url(
|
||||
@ -136,7 +136,7 @@ def make_app(config, deps, **kwargs):
|
||||
{
|
||||
"action": "login",
|
||||
"sessions": deps["sessions"],
|
||||
"authz_client": deps["authz_client"],
|
||||
"db_session": deps["db_session"],
|
||||
},
|
||||
name="dev-login",
|
||||
)
|
||||
@ -167,11 +167,6 @@ def make_deps(config):
|
||||
|
||||
return {
|
||||
"db_session": make_db(config),
|
||||
"authz_client": ApiClient(
|
||||
config["default"]["AUTHZ_BASE_URL"],
|
||||
api_version="v1",
|
||||
validate_cert=validate_cert,
|
||||
),
|
||||
"authnid_client": ApiClient(
|
||||
config["default"]["AUTHNID_BASE_URL"],
|
||||
api_version="v1",
|
||||
|
@ -5,15 +5,16 @@ from .exceptions import NotFoundError
|
||||
|
||||
|
||||
class Roles(object):
|
||||
@classmethod
|
||||
def get(cls, role_name):
|
||||
def __init__(self, db_session):
|
||||
self.db_session = db_session
|
||||
|
||||
def get(self, role_name):
|
||||
try:
|
||||
role = Role.query.filter_by(name=role_name).one()
|
||||
role = self.db_session.query(Role).filter_by(name=role_name).one()
|
||||
except NoResultFound:
|
||||
raise NotFoundError("role")
|
||||
|
||||
return role
|
||||
|
||||
@classmethod
|
||||
def get_all(cls):
|
||||
return Role.query.all()
|
||||
def get_all(self):
|
||||
return self.db_session.query(Role).all()
|
||||
|
@ -11,18 +11,19 @@ class Users(object):
|
||||
|
||||
def __init__(self, db_session):
|
||||
self.db_session = db_session
|
||||
self.roles_repo = Roles(db_session)
|
||||
|
||||
|
||||
def get(self, user_id):
|
||||
try:
|
||||
user = User.query.filter_by(id=user_id).one()
|
||||
user = self.db_session.query(User).filter_by(id=user_id).one()
|
||||
except NoResultFound:
|
||||
raise NotFoundError("user")
|
||||
|
||||
return user
|
||||
|
||||
def create(self, user_id, atat_role_name):
|
||||
atat_role = Roles.get(atat_role_name)
|
||||
atat_role = self.roles_repo.get(atat_role_name)
|
||||
|
||||
try:
|
||||
user = User(id=user_id, atat_role=atat_role)
|
||||
@ -34,22 +35,19 @@ class Users(object):
|
||||
return user
|
||||
|
||||
def get_or_create(self, user_id, *args, **kwargs):
|
||||
created = False
|
||||
|
||||
try:
|
||||
user = Users.get(user_id)
|
||||
user = self.get(user_id)
|
||||
except NotFoundError:
|
||||
user = Users.create(user_id, *args, **kwargs)
|
||||
user = self.create(user_id, *args, **kwargs)
|
||||
self.db_session.add(user)
|
||||
self.db_session.commit()
|
||||
created = True
|
||||
|
||||
return user, created
|
||||
return user
|
||||
|
||||
def update(self, user_id, atat_role_name):
|
||||
|
||||
user = Users.get(user_id)
|
||||
atat_role = Roles.get(atat_role_name)
|
||||
user = self.get(user_id)
|
||||
atat_role = self.roles_repo.get(atat_role_name)
|
||||
user.atat_role = atat_role
|
||||
|
||||
self.db_session.add(user)
|
||||
|
@ -1,6 +1,7 @@
|
||||
import tornado.web
|
||||
from atst.assets import environment
|
||||
from atst.sessions import SessionNotFoundError
|
||||
from atst.domain.users import Users
|
||||
|
||||
helpers = {"assets": environment}
|
||||
|
||||
@ -15,26 +16,18 @@ class BaseHandler(tornado.web.RequestHandler):
|
||||
|
||||
@tornado.gen.coroutine
|
||||
def login(self, user):
|
||||
user_permissions = yield self._get_user_permissions(user["id"])
|
||||
user["atat_permissions"] = user_permissions["atat_permissions"]
|
||||
user["atat_role"] = user_permissions["atat_role"]
|
||||
db_user = yield self._get_user_permissions(user["id"])
|
||||
user["atat_permissions"] = db_user.atat_permissions
|
||||
user["atat_role"] = db_user.atat_role.name
|
||||
session_id = self.sessions.start_session(user)
|
||||
self.set_secure_cookie("atat", session_id)
|
||||
return self.redirect("/home")
|
||||
|
||||
@tornado.gen.coroutine
|
||||
def _get_user_permissions(self, user_id):
|
||||
response = yield self.authz_client.get(
|
||||
"/users/{}".format(user_id), raise_error=False
|
||||
)
|
||||
if response.code == 404:
|
||||
response = yield self.authz_client.post(
|
||||
"/users", json={"id": user_id, "atat_role": "developer"}
|
||||
)
|
||||
return response.json
|
||||
|
||||
else:
|
||||
return response.json
|
||||
user_repo = Users(self.db_session)
|
||||
user = user_repo.get_or_create(user_id, atat_role_name="developer")
|
||||
return user
|
||||
|
||||
def get_current_user(self):
|
||||
cookie = self.get_secure_cookie("atat")
|
||||
|
@ -1,6 +1,7 @@
|
||||
import tornado.gen
|
||||
|
||||
from atst.handler import BaseHandler
|
||||
from atst.domain.users import Users
|
||||
|
||||
_DEV_USERS = {
|
||||
"sam": {
|
||||
@ -9,7 +10,6 @@ _DEV_USERS = {
|
||||
"last_name": "Seeceepio",
|
||||
"atat_role": "ccpo"
|
||||
},
|
||||
|
||||
"amanda": {
|
||||
"id": "cce17030-4109-4719-b958-ed109dbb87c8",
|
||||
"first_name": "Amanda",
|
||||
@ -44,10 +44,11 @@ _DEV_USERS = {
|
||||
|
||||
class Dev(BaseHandler):
|
||||
|
||||
def initialize(self, action, sessions, authz_client):
|
||||
def initialize(self, action, sessions, db_session):
|
||||
self.db_session = db_session
|
||||
self.action = action
|
||||
self.sessions = sessions
|
||||
self.authz_client = authz_client
|
||||
self.users_repo = Users(db_session)
|
||||
|
||||
@tornado.gen.coroutine
|
||||
def get(self):
|
||||
@ -58,7 +59,4 @@ class Dev(BaseHandler):
|
||||
|
||||
@tornado.gen.coroutine
|
||||
def _set_user_permissions(self, user_id, role):
|
||||
response = yield self.authz_client.post(
|
||||
"/users", json={"id": user_id, "atat_role": role}
|
||||
)
|
||||
return response.json
|
||||
return self.users_repo.get_or_create(user_id, atat_role_name=role)
|
||||
|
@ -3,10 +3,10 @@ from atst.handler import BaseHandler
|
||||
|
||||
|
||||
class LoginRedirect(BaseHandler):
|
||||
def initialize(self, authnid_client, sessions, authz_client):
|
||||
def initialize(self, authnid_client, sessions, db_session):
|
||||
self.db_session = db_session
|
||||
self.authnid_client = authnid_client
|
||||
self.sessions = sessions
|
||||
self.authz_client = authz_client
|
||||
|
||||
@tornado.gen.coroutine
|
||||
def get(self):
|
||||
|
@ -22,6 +22,7 @@ def map_request(user, request):
|
||||
class Request(BaseHandler):
|
||||
def initialize(self, page, db_session):
|
||||
self.page = page
|
||||
self.db_session = db_session
|
||||
self.requests = Requests(db_session)
|
||||
|
||||
@tornado.web.authenticated
|
||||
|
@ -6,6 +6,7 @@ from atst.domain.requests import Requests
|
||||
|
||||
class RequestsSubmit(BaseHandler):
|
||||
def initialize(self, db_session):
|
||||
self.db_session = db_session
|
||||
self.requests_repo = Requests(db_session)
|
||||
|
||||
@tornado.web.authenticated
|
||||
|
@ -12,9 +12,9 @@ mock_workspaces = [
|
||||
|
||||
|
||||
class Workspaces(BaseHandler):
|
||||
def initialize(self, page, authz_client):
|
||||
def initialize(self, page, db_session):
|
||||
self.page = page
|
||||
self.authz_client = authz_client
|
||||
self.db_session = db_session
|
||||
|
||||
@tornado.gen.coroutine
|
||||
@tornado.web.authenticated
|
||||
|
@ -10,7 +10,6 @@ from atst.sessions import DictSessions
|
||||
@pytest.fixture
|
||||
def app(db):
|
||||
TEST_DEPS = {
|
||||
"authz_client": MockAuthzClient("authz"),
|
||||
"authnid_client": MockApiClient("authnid"),
|
||||
"fundz_client": MockFundzClient("fundz"),
|
||||
"sessions": DictSessions(),
|
||||
|
Loading…
x
Reference in New Issue
Block a user