Merge pull request #75 from dod-ccpo/authz-permissions

Authz permissions

atst/app.py

@@ -26,7 +26,7 @@ def make_app(config, deps, **kwargs):
         url(
             r"/login-redirect",
             LoginRedirect,
-            {"sessions": deps["sessions"], "authnid_client": deps["authnid_client"]},
+            {"sessions": deps["sessions"], "authnid_client": deps["authnid_client"], "authz_client": deps["authz_client"]},
             name="login_redirect",
         ),
         url(r"/home", Main, {"page": "home"}, name="home"),
@@ -88,7 +88,7 @@ def make_app(config, deps, **kwargs):
             url(
                 r"/login-dev",
                 Dev,
-                {"action": "login", "sessions": deps["sessions"]},
+                {"action": "login", "sessions": deps["sessions"], "authz_client": deps["authz_client"]},
                 name="dev-login",
             )
         ]

atst/handler.py

@@ -6,16 +6,26 @@ helpers = {"assets": environment}
 
 
 class BaseHandler(tornado.web.RequestHandler):
+
     def get_template_namespace(self):
         ns = super(BaseHandler, self).get_template_namespace()
         helpers["config"] = self.application.config
         ns.update(helpers)
         return ns
 
+    @tornado.gen.coroutine
     def login(self, user):
+        user["atat_permissions"] = yield self._get_user_permissions(user["id"])
         session_id = self.sessions.start_session(user)
         self.set_secure_cookie("atat", session_id)
-        self.redirect("/home")
+        return self.redirect("/home")
+
+    @tornado.gen.coroutine
+    def _get_user_permissions(self, user_id):
+        response = yield self.authz_client.post(
+            "/users", json={"id": user_id, "atat_role": "ccpo"}
+        )
+        return response.json["atat_permissions"]
 
     def get_current_user(self):
         cookie = self.get_secure_cookie("atat")
@@ -25,6 +35,7 @@ class BaseHandler(tornado.web.RequestHandler):
             except SessionNotFoundError:
                 self.clear_cookie("atat")
                 return None
+
         else:
             return None
 

atst/handlers/dev.py

@@ -1,15 +1,19 @@
+import tornado.gen
+
 from atst.handler import BaseHandler
 
 
 class Dev(BaseHandler):
-    def initialize(self, action, sessions):
+    def initialize(self, action, sessions, authz_client):
         self.action = action
         self.sessions = sessions
+        self.authz_client = authz_client
 
+    @tornado.gen.coroutine
     def get(self):
         user = {
             "id": "164497f6-c1ea-4f42-a5ef-101da278c012",
             "first_name": "Test",
-            "last_name": "User"
+            "last_name": "User",
         }
-        self.login(user)
+        yield self.login(user)

atst/handlers/login_redirect.py

@@ -3,9 +3,10 @@ from atst.handler import BaseHandler
 
 
 class LoginRedirect(BaseHandler):
-    def initialize(self, authnid_client, sessions):
+    def initialize(self, authnid_client, sessions, authz_client):
         self.authnid_client = authnid_client
         self.sessions = sessions
+        self.authz_client = authz_client
 
     @tornado.gen.coroutine
     def get(self):
@@ -13,7 +14,7 @@ class LoginRedirect(BaseHandler):
         if token:
             user = yield self._fetch_user_info(token)
             if user:
-                self.login(user)
+                yield self.login(user)
             else:
                 self.write_error(401)
 

atst/handlers/request.py

@@ -27,9 +27,17 @@ class Request(BaseHandler):
     @tornado.gen.coroutine
     def get(self):
         user = self.get_current_user()
-        response = yield self.requests_client.get(
-            "/users/{}/requests".format(user["id"])
-        )
-        requests = response.json["requests"]
+        requests = yield self.fetch_requests(user)
         mapped_requests = [map_request(user, request) for request in requests]
         self.render("requests.html.to", page=self.page, requests=mapped_requests)
+
+    @tornado.gen.coroutine
+    def fetch_requests(self, user):
+        if "review_and_approve_jedi_workspace_request" in user["atat_permissions"]:
+            response = yield self.requests_client.get("/requests")
+        else:
+            response = yield self.requests_client.get(
+                "/requests?creator_id={}".format(user["id"])
+            )
+
+        return response.json["requests"]

atst/handlers/request_new.py

@@ -53,9 +53,7 @@ class RequestNew(BaseHandler):
 
         if request_id:
             response = yield self.requests_client.get(
-                "/users/{}/requests/{}".format(
-                    self.get_current_user()["id"], request_id
-                ),
+                "/requests/{}".format(request_id),
                 raise_error=False,
             )
             if response.ok:
@@ -77,14 +75,6 @@ class RequestNew(BaseHandler):
             can_submit=jedi_flow.can_submit
         )
 
-    @tornado.gen.coroutine
-    def get_request(self, request_id):
-        request = yield self.requests_client.get(
-            "/users/{}/requests/{}".format(self.get_current_user()["id"], request_id),
-            raise_error=False,
-        )
-        return request
-
 
 class JEDIRequestFlow(object):
     def __init__(