def request_loader(request):
"""Get the user provided in X-GGRC-user if whitelisted Appid provided."""
whitelist = settings.ALLOWED_QUERYAPI_APP_IDS
inbound_appid = request.headers.get("X-Appengine-Inbound-Appid")
if not inbound_appid:
# don't check X-GGRC-user if the request doesn't come from another app
return None
if inbound_appid not in whitelist:
# by default, we don't allow incoming app2app connections from
# non-whitelisted apps
raise exceptions.BadRequest(
"X-Appengine-Inbound-Appid header contains "
"untrusted application id: {}".format(inbound_appid))
email = parse_user_email(request, "X-GGRC-user", mandatory=True)
# External Application User should be created if doesn't exist.
if is_external_app_user_email(email):
db_user = find_or_create_ext_app_user()
try:
# Create in the DB external app user provided in X-external-user header.
parse_user_email(request, "X-external-user", mandatory=False)
except exceptions.BadRequest as exp:
logger.error("Creation of external user has failed. %s",
exp.message)
raise
else:
db_user = all_models.Person.query.filter_by(email=email).first()
if not db_user:
raise exceptions.BadRequest(
"No user with such email: {}".format(email))
return db_user
def system_wide_role(self):
"""For choosing the role string to show to the user; of all the roles in
the system-wide context, it shows the highest ranked one (if there are
multiple) or "No Access" if there are none.
"""
if self.email in getattr(settings, "BOOTSTRAP_ADMIN_USERS", []):
return SystemWideRoles.SUPERUSER
from ggrc.utils.user_generator import is_external_app_user_email
if is_external_app_user_email(self.email):
return SystemWideRoles.SUPERUSER
role_hierarchy = {
SystemWideRoles.ADMINISTRATOR: 0,
SystemWideRoles.EDITOR: 1,
SystemWideRoles.READER: 2,
SystemWideRoles.CREATOR: 3,
}
unique_roles = set([
user_role.role.name for user_role in self.user_roles
if user_role.role.name in role_hierarchy
])
if not unique_roles:
return u"No Access"
# -1 as default to make items not in this list appear on top
# and thus shown to the user
sorted_roles = sorted(unique_roles,
key=lambda x: role_hierarchy.get(x, -1))
return sorted_roles[0]
def system_wide_role(self):
"""For choosing the role string to show to the user; of all the roles in
the system-wide context, it shows the highest ranked one (if there are
multiple) or "No Access" if there are none.
"""
if self.email in getattr(settings, "BOOTSTRAP_ADMIN_USERS", []):
return SystemWideRoles.SUPERUSER
from ggrc.utils.user_generator import is_external_app_user_email
if is_external_app_user_email(self.email):
return SystemWideRoles.SUPERUSER
role_hierarchy = {
SystemWideRoles.ADMINISTRATOR: 0,
SystemWideRoles.EDITOR: 1,
SystemWideRoles.READER: 2,
SystemWideRoles.CREATOR: 3,
}
unique_roles = set([
user_role.role.name
for user_role in self.user_roles
if user_role.role.name in role_hierarchy
])
if not unique_roles:
return u"No Access"
# -1 as default to make items not in this list appear on top
# and thus shown to the user
sorted_roles = sorted(unique_roles,
key=lambda x: role_hierarchy.get(x, -1))
return sorted_roles[0]
def is_external_app_user():
"""Checks if the current user is an external application.
Account for external application is defined in settings. External application
requests require special processing and validations.
"""
user = get_current_user()
if not user or user.is_anonymous():
return False
from ggrc.utils.user_generator import is_external_app_user_email
return is_external_app_user_email(user.email)
def is_external_app_user():
"""Checks if the current user is an external application.
Account for external application is defined in settings. External application
requests require special processing and validations.
"""
user = get_current_user()
if not user or user.is_anonymous():
return False
from ggrc.utils.user_generator import is_external_app_user_email
return is_external_app_user_email(user.email)
def get_ggrc_user(request, mandatory):
"""Find user from email in "X-GGRC-user" header."""
email = parse_user_email(request, "X-GGRC-user", mandatory=mandatory)
if not email:
return None
if is_external_app_user_email(email):
# External Application User should be created if doesn't exist.
user = get_external_app_user(request)
else:
user = all_models.Person.query.filter_by(email=email).first()
if not user:
raise exceptions.BadRequest("No user with such email: %s" % email)
return user
def get_ggrc_user(request, mandatory):
"""Find user from email in "X-GGRC-user" header."""
email = parse_user_email(request, "X-GGRC-user", mandatory=mandatory)
if not email:
return None
if is_external_app_user_email(email):
# External Application User should be created if doesn't exist.
user = get_external_app_user(request)
else:
user = all_models.Person.query.filter_by(email=email).first()
if not user:
raise exceptions.BadRequest("No user with such email: %s" % email)
return user
def request_loader(request):
"""Get the user provided in X-GGRC-user if whitelisted Appid provided."""
whitelist = settings.ALLOWED_QUERYAPI_APP_IDS
inbound_appid = request.headers.get("X-Appengine-Inbound-Appid")
if not inbound_appid:
# don't check X-GGRC-user if the request doesn't come from another app
return None
if inbound_appid not in whitelist:
# by default, we don't allow incoming app2app connections from
# non-whitelisted apps
raise exceptions.BadRequest("X-Appengine-Inbound-Appid header contains "
"untrusted application id: {}"
.format(inbound_appid))
user = request.headers.get("X-GGRC-user")
if not user:
# no user provided
raise exceptions.BadRequest("X-GGRC-user should be set, contains {!r} "
"instead."
.format(user))
try:
user = json.loads(user)
email = str(user["email"])
except (TypeError, ValueError, KeyError):
# user provided in invalid syntax
raise exceptions.BadRequest("X-GGRC-user should have JSON object like "
"{{'email': str}}, contains {!r} instead."
.format(user))
# External Application User should be created if doesn't exist.
if is_external_app_user_email(email):
db_user = find_or_create_ext_app_user()
else:
db_user = all_models.Person.query.filter_by(email=email).first()
if not db_user:
raise exceptions.BadRequest("No user with such email: {}"
.format(email))
return db_user
def test_is_external_app_user_email_equals(self):
"""EXTERNAL_APP_USER email is equals to given email."""
self.assertTrue(
user_generator.is_external_app_user_email('*****@*****.**'))
def test_is_external_app_user_email_corrupted_email(self):
"""In EXTERNAL_APP_USER is corrupted email."""
self.assertFalse(
user_generator.is_external_app_user_email('*****@*****.**'))
def test_is_external_app_user_email_no_setting(self):
"""No EXTERNAL_APP_USER presented in settings."""
self.assertFalse(
user_generator.is_external_app_user_email('*****@*****.**'))
def test_is_external_app_user_email_equals(self):
"""EXTERNAL_APP_USER email is equals to given email."""
self.assertTrue(
user_generator.is_external_app_user_email('*****@*****.**'))
def test_is_external_app_user_email_corrupted_email(self):
"""In EXTERNAL_APP_USER is corrupted email."""
self.assertFalse(
user_generator.is_external_app_user_email('*****@*****.**'))
def test_is_external_app_user_email_no_setting(self):
"""No EXTERNAL_APP_USER presented in settings."""
self.assertFalse(
user_generator.is_external_app_user_email('*****@*****.**'))
