Python verify_superuser_auth_token Examples

Programming Language: Python

Namespace/Package Name: flod_common.session.utils

Method/Function: verify_superuser_auth_token

Examples at hotexamples.com: 4

Python verify_superuser_auth_token - 4 examples found. These are the top rated real world Python examples of flod_common.session.utils.verify_superuser_auth_token extracted from open source projects. You can rate examples to help us improve the quality of examples.

Example #1

Show file

File: auth.py Project: Trondheim-kommune/Bookingbasen

def get_user_from_auth():
    if verify_superuser_auth_token(request.cookies.get('auth_token')):
        return {'is_superuser': True}

    user = get_user(request.cookies)
    if user is None:
        abort(401)
    return user

Example #2

Show file

File: ApplicationResource.py Project: Trondheim-kommune/Bookingbasen

def filter_applications(applications, cookies):
    """Filter applications based on user roles"""

    is_superuser = verify_superuser_auth_token(
        request.cookies.get('auth_token'))
    if is_superuser:
        # No filter for superuser
        return applications

    user = get_user(request.cookies)
    if user is None:
        abort(401)

    if has_role(user, 'flod_saksbehandlere'):
        # No filter for flod_saksbehandlere
        return applications

    if has_role(user, 'flod_brukere'):
        # Administratosr should only see applications for resources they own
        remote_resource_ids = [c['resource_id']
                               for c in user.get('credentials', [])
                               if c['id'].startswith('CAN_EDIT_FACILITY_')]

        # Need to map the ids in the credentials which uses remote ids
        # to the local ones used in booking.
        uris = ["/facilities/%s" % i for i in remote_resource_ids]
        res = current_app.db_session.query(Resource).filter(Resource.uri.in_(uris)).all()
        local_resource_ids = [r.id for r in res]

        applications = applications.filter(
            Application.resource_id.in_(local_resource_ids)
        )
    else:
        # External users should only see their own applications and the applications belonging to their organisations
        org_ids = []
        orgs = get_person_from_web('/persons/%s/organisations/' % user['person_id'])
        org_uris = [org.get('uri') for org in orgs]
        if len(org_uris) > 0:
            res = current_app.db_session.query(Organisation).filter(Organisation.uri.in_(org_uris)).all()
            org_ids = [o.id for o in res]

        person_uri = '/persons/{}'.format(user['person_id'])

        if len(org_ids) == 0:
            applications = applications.filter(
                Application.person.has(uri=person_uri)
            )
        else:
            applications = applications.filter(
                or_(
                    Application.person.has(uri=person_uri),
                    Application.organisation_id.in_(org_ids)
                )
            )

    return applications

Example #3

Show file

File: auth.py Project: Trondheim-kommune/Tilskuddsbasen

def get_user(cookies):
    if verify_superuser_auth_token(cookies.get('auth_token')):
        return {'is_superuser': True}

    user_id = get_user_id_from_cookies(cookies)
    if user_id:
        url = '%s/api/%s/users/%s' % (USERS_URL, USERS_VERSION, user_id)
        response = requests.get(url, cookies=cookies)
        return response.json()
    return None

Example #4

Show file

File: role_validators.py Project: Trondheim-kommune/Tilskuddsbasen

 def validate(self, f, *args, **kwargs):
     auth_token = request.cookies.get("auth_token", None)
     valid = auth_token is not None and verify_auth_token(auth_token) and verify_superuser_auth_token(auth_token)
     if not valid:
         self.fail("User is not authorized to request the resource.", f, 403, None, *args, **kwargs)