def authorize(program, project, roles):
resource = "/programs/{}/projects/{}".format(program, project)
jwt = get_jwt_from_header()
authz = flask.current_app.auth.auth_request(jwt=jwt,
service="sheepdog",
methods=roles,
resources=[resource])
if not authz:
raise AuthZError("user is unauthorized")
def authorize_and_call(program, project, *args, **kwargs):
resource = "/programs/{}/projects/{}".format(program, project)
jwt = get_jwt_from_header()
authz = flask.current_app.auth.auth_request(jwt=jwt,
service="sheepdog",
methods=required_roles,
resources=[resource])
if not authz:
raise AuthZError("user is unauthorized")
return func(program, project, *args, **kwargs)
def authorize_and_call(*args, **kwargs):
jwt = get_jwt_from_header()
authz = flask.current_app.auth.auth_request(
jwt=jwt,
service="sheepdog",
methods="*",
resources=["/services/sheepdog/submission/project"],
)
if not authz:
raise AuthZError(
"Unauthorized: User must be Sheepdog project admin")
return func(*args, **kwargs)
def make_mock_response(*args, **kwargs):
if not authorized:
raise AuthZError('Mocked Arborist says no')
mocked_response = MagicMock(requests.Response)
mocked_response.status_code = 200
def mocked_get(*args, **kwargs):
return None
mocked_response.get = mocked_get
return mocked_response
def authorize(program, project, roles, resource_list=None):
resource = "/programs/{}/projects/{}".format(program, project)
resources = []
if resource_list:
for res in resource_list:
resources.append(resource + res)
else:
resources = [resource]
jwt = get_jwt_from_header()
authz = flask.current_app.auth.auth_request(jwt=jwt,
service="sheepdog",
methods=roles,
resources=resources)
if not authz:
raise AuthZError("user is unauthorized")