Create authz users on login

atst/app.py

@@ -26,7 +26,7 @@ def make_app(config, deps, **kwargs):
         url(
             r"/login-redirect",
             LoginRedirect,
-            {"sessions": deps["sessions"], "authnid_client": deps["authnid_client"]},
+            {"sessions": deps["sessions"], "authnid_client": deps["authnid_client"], "authz_client": deps["authz_client"]},
             name="login_redirect",
         ),
         url(r"/home", Main, {"page": "home"}, name="home"),
@@ -88,7 +88,7 @@ def make_app(config, deps, **kwargs):
             url(
                 r"/login-dev",
                 Dev,
-                {"action": "login", "sessions": deps["sessions"]},
+                {"action": "login", "sessions": deps["sessions"], "authz_client": deps["authz_client"]},
                 name="dev-login",
             )
         ]

atst/handlers/dev.py

@@ -1,15 +1,33 @@
+import tornado.gen
+
 from atst.handler import BaseHandler
 
 
 class Dev(BaseHandler):
-    def initialize(self, action, sessions):
+    def initialize(self, action, sessions, authz_client):
         self.action = action
         self.sessions = sessions
+        self.authz_client = authz_client
 
+    @tornado.gen.coroutine
     def get(self):
         user = {
             "id": "164497f6-c1ea-4f42-a5ef-101da278c012",
             "first_name": "Test",
-            "last_name": "User"
+            "last_name": "User",
         }
+        user_permissions = yield self.get_or_fetch_user_permissions(user["id"])
+        user["atat_permissions"] = user_permissions
         self.login(user)
+
+    @tornado.gen.coroutine
+    def get_or_fetch_user_permissions(self, user_id):
+        response = yield self.authz_client.post(
+            "/users", json={"id": user_id, "atat_role": "ccpo"}, raise_error=False
+        )
+        if response.code == 200:
+            return response.json["atat_permissions"]
+        elif response.code == 409:
+            # User already exists
+            response = yield self.authz_client.get("/users/{}".format(user_id))
+            return response.json["atat_permissions"]

atst/handlers/login_redirect.py

@@ -3,9 +3,10 @@ from atst.handler import BaseHandler
 
 
 class LoginRedirect(BaseHandler):
-    def initialize(self, authnid_client, sessions):
+    def initialize(self, authnid_client, sessions, authz_client):
         self.authnid_client = authnid_client
         self.sessions = sessions
+        self.authz_client = authz_client
 
     @tornado.gen.coroutine
     def get(self):
@@ -13,6 +14,8 @@ class LoginRedirect(BaseHandler):
         if token:
             user = yield self._fetch_user_info(token)
             if user:
+                authz_user = yield self.create_authz_user(user["id"])
+                user["atat_permissions"] = authz_user["atat_permissions"]
                 self.login(user)
             else:
                 self.write_error(401)
@@ -35,3 +38,10 @@ class LoginRedirect(BaseHandler):
 
             else:
                 raise error
+
+    @tornado.gen.coroutine
+    def create_authz_user(self, user_id):
+        response = yield self.authz_client.post(
+            "/users", json={"id": user_id, "atat_role": "ccpo"}
+        )
+        return response.json