From 05cb1c9dbcfe270d12b24da2a55dd5d9ba7edd5f Mon Sep 17 00:00:00 2001 From: maxsibilla Date: Tue, 22 Aug 2023 15:56:22 -0400 Subject: [PATCH 1/3] Adding auth helper check and response to data-ingest-board-login --- src/routes/auth/__init__.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/routes/auth/__init__.py b/src/routes/auth/__init__.py index dac17976..665d22b6 100644 --- a/src/routes/auth/__init__.py +++ b/src/routes/auth/__init__.py @@ -75,12 +75,17 @@ def _login(redirect_uri, key = 'tokens'): # Also get the user info (sub, email, name, preferred_username) using the AuthClient with the auth token user_info = get_user_info(auth_token) + # Check if user has read permissions + auth_helper_instance: AuthHelper = AuthHelper.instance() + read_privs = auth_helper_instance.has_read_privs(groups_token) + info = { 'name': user_info['name'], 'email': user_info['email'], 'globus_id': user_info['sub'], 'auth_token': auth_token, 'transfer_token': transfer_token, + 'read_privs': read_privs, 'groups_token': groups_token } From ee91d40974be95f414f073dad036bd980b903a2a Mon Sep 17 00:00:00 2001 From: maxsibilla Date: Tue, 22 Aug 2023 16:03:28 -0400 Subject: [PATCH 2/3] Adding write_privs to response --- src/routes/auth/__init__.py | 9 ++++++++- src/routes/privs/__init__.py | 1 + 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/src/routes/auth/__init__.py b/src/routes/auth/__init__.py index 665d22b6..e9aaedd6 100644 --- a/src/routes/auth/__init__.py +++ b/src/routes/auth/__init__.py @@ -1,4 +1,4 @@ -from flask import Blueprint, redirect, request, session, current_app +from flask import Blueprint, redirect, request, session, current_app, Response from globus_sdk import AccessTokenAuthorizer, AuthClient, ConfidentialAppAuthClient import json import logging @@ -78,6 +78,12 @@ def _login(redirect_uri, key = 'tokens'): # Check if user has read permissions auth_helper_instance: AuthHelper = AuthHelper.instance() read_privs = auth_helper_instance.has_read_privs(groups_token) + if isinstance(read_privs, Response): + return read_privs + + write_privs = auth_helper_instance.has_write_privs(groups_token) + if isinstance(write_privs, Response): + return write_privs info = { 'name': user_info['name'], @@ -86,6 +92,7 @@ def _login(redirect_uri, key = 'tokens'): 'auth_token': auth_token, 'transfer_token': transfer_token, 'read_privs': read_privs, + 'write_privs': write_privs, 'groups_token': groups_token } diff --git a/src/routes/privs/__init__.py b/src/routes/privs/__init__.py index 931672f2..f859c201 100644 --- a/src/routes/privs/__init__.py +++ b/src/routes/privs/__init__.py @@ -9,6 +9,7 @@ logger = logging.getLogger(__name__) +# TODO: We can remove this call as `_login` handles this @privs_blueprint.route('/privs') def privs_for_groups_token(): groups_token: str = get_groups_token() From 576a1cb2e806e1c813ec0a1d96c74dd5bc968f55 Mon Sep 17 00:00:00 2001 From: maxsibilla Date: Tue, 22 Aug 2023 16:28:19 -0400 Subject: [PATCH 3/3] Reverting previous commit --- src/routes/auth/__init__.py | 4 ---- src/routes/privs/__init__.py | 1 - 2 files changed, 5 deletions(-) diff --git a/src/routes/auth/__init__.py b/src/routes/auth/__init__.py index e9aaedd6..31fe9a5a 100644 --- a/src/routes/auth/__init__.py +++ b/src/routes/auth/__init__.py @@ -81,9 +81,6 @@ def _login(redirect_uri, key = 'tokens'): if isinstance(read_privs, Response): return read_privs - write_privs = auth_helper_instance.has_write_privs(groups_token) - if isinstance(write_privs, Response): - return write_privs info = { 'name': user_info['name'], @@ -92,7 +89,6 @@ def _login(redirect_uri, key = 'tokens'): 'auth_token': auth_token, 'transfer_token': transfer_token, 'read_privs': read_privs, - 'write_privs': write_privs, 'groups_token': groups_token } diff --git a/src/routes/privs/__init__.py b/src/routes/privs/__init__.py index f859c201..931672f2 100644 --- a/src/routes/privs/__init__.py +++ b/src/routes/privs/__init__.py @@ -9,7 +9,6 @@ logger = logging.getLogger(__name__) -# TODO: We can remove this call as `_login` handles this @privs_blueprint.route('/privs') def privs_for_groups_token(): groups_token: str = get_groups_token()