def get_user_authorizations_for_entity(token_info: Dict, business_identifier: str, expanded: bool = False): """Get User authorizations for the entity.""" auth_response = {} if 'staff' in token_info.get('realm_access').get('roles'): auth_response = {'roles': ['edit', 'view']} elif Role.SYSTEM.value in token_info.get('realm_access').get('roles'): # a service account in keycloak should have corp_type claim setup. keycloak_corp_type = token_info.get('corp_type', None) if keycloak_corp_type: auth = AuthorizationView.find_user_authorization_by_business_number_and_corp_type( business_identifier, keycloak_corp_type) if auth: auth_response = Authorization(auth).as_dict(expanded) auth_response['roles'] = ['edit', 'view'] else: keycloak_guid = token_info.get('sub', None) auth = AuthorizationView.find_user_authorization_by_business_number( keycloak_guid, business_identifier) if auth: auth_response = Authorization(auth).as_dict(expanded) auth_response['roles'] = ['edit', 'view'] return auth_response
def get_user_authorizations_for_entity(token_info: Dict, business_identifier: str): """Get User authorizations for the entity.""" auth_response = {} if token_info.get('loginSource', None) == 'PASSCODE': if token_info.get('username', None).upper() == business_identifier.upper(): auth_response = { 'orgMembership': OWNER, 'roles': ['edit', 'view'] } elif 'staff' in token_info.get('realm_access').get('roles'): auth_response = {'roles': ['edit', 'view']} elif Role.SYSTEM.value in token_info.get('realm_access').get('roles'): # a service account in keycloak should have corp_type claim setup. keycloak_corp_type = token_info.get('corp_type', None) if keycloak_corp_type: auth = AuthorizationView.find_user_authorization_by_business_number_and_corp_type( business_identifier, keycloak_corp_type) if auth: auth_response = Authorization(auth).as_dict( exclude=['business_identifier']) auth_response['roles'] = ['edit', 'view'] else: keycloak_guid = token_info.get('sub', None) auth = AuthorizationView.find_user_authorization_by_business_number( keycloak_guid, business_identifier) if auth: auth_response = Authorization(auth).as_dict( exclude=['business_identifier']) auth_response['roles'] = ['edit', 'view'] return auth_response
def test_find_user_authorization_by_business_number_and_invalid_corp_type(session): # pylint:disable=unused-argument """Assert that authorization view is not returning result when invalid corp type is passed.""" user = factory_user_model() org = factory_org_model() factory_membership_model(user.id, org.id) entity = factory_entity_model() factory_affiliation_model(entity.id, org.id) authorization = Authorization.find_user_authorization_by_business_number_and_corp_type(entity.business_identifier, 'invalid_corp_type') assert authorization is None
def test_find_user_authorization_by_business_number_and_corp_type(session): # pylint:disable=unused-argument """Assert that authorization view returns result when fetched using Corp type instead of jwt. Service accounts passes corp type instead of jwt. """ user = factory_user_model() org = factory_org_model() membership = factory_membership_model(user.id, org.id) entity = factory_entity_model() factory_affiliation_model(entity.id, org.id) authorization = Authorization.find_user_authorization_by_business_number_and_corp_type(entity.business_identifier, 'CP') assert authorization is not None assert authorization.org_membership == membership.membership_type_code
def test_find_user_authorization_by_business_number_and_corp_type_multiple_membership( session): # pylint:disable=unused-argument """Assert that authorization view returns result when fetched using Corp type instead of jwt. When multiple membership is present , return the one with Owner access """ user1 = factory_user_model() user2 = factory_user_model(user_info=TestUserInfo.user2) org = factory_org_model() factory_membership_model(user1.id, org.id, member_type='ADMIN') membership_owner = factory_membership_model(user2.id, org.id) entity = factory_entity_model() factory_affiliation_model(entity.id, org.id) authorization = Authorization.find_user_authorization_by_business_number_and_corp_type(entity.business_identifier, 'CP') assert authorization is not None assert authorization.org_membership == membership_owner.membership_type_code