def get_jwt_roles(request):
"""
Decodes the request's JWT from either cookies or auth payload and returns mapping of features roles from it.
"""
decoded_jwt = get_decoded_jwt_from_cookie(request) or get_decoded_jwt_from_auth(request)
if not decoded_jwt:
return {}
return feature_roles_from_jwt(decoded_jwt)
def request_user_has_implicit_access(user, context): # pylint: disable=unused-argument
"""
Check that if request user has implicit access to `ENTERPRISE_COUPON_ADMIN_ROLE` feature role.
Returns:
boolean: whether the request user has access or not
"""
request = crum.get_current_request()
decoded_jwt = get_decoded_jwt(request) or get_decoded_jwt_from_auth(request)
if not context:
return False
return request_user_has_implicit_access_via_jwt(decoded_jwt, ENTERPRISE_COUPON_ADMIN_ROLE, context)
def has_implicit_access_to_enrollment_api(user, obj): # pylint: disable=unused-argument
"""
Check that if request user has implicit access to `ENTERPRISE_ENROLLMENT_API_ADMIN_ROLE` feature role.
Returns:
boolean: whether the request user has access or not
"""
request = crum.get_current_request()
decoded_jwt = get_decoded_jwt(request) or get_decoded_jwt_from_auth(
request)
return request_user_has_implicit_access_via_jwt(
decoded_jwt, ENTERPRISE_ENROLLMENT_API_ADMIN_ROLE, obj)
def request_user_has_implicit_access(user): # pylint: disable=unused-argument
"""
Check that if request user has implicit access to `ORDER_MANAGER_ROLE` feature role.
Returns:
boolean: whether the request user has access or not
"""
request = crum.get_current_request()
decoded_jwt = get_decoded_jwt(request) or get_decoded_jwt_from_auth(
request)
return request_user_has_implicit_access_via_jwt(decoded_jwt,
ORDER_MANAGER_ROLE)
def has_implicit_access_to_catalog_learner(user, context): # pylint: disable=unused-argument
"""
Check that if request user has implicit access to `ENTERPRISE_CATALOG_LEARNER_ROLE` role.
Returns:
boolean: whether the request user has access or not
"""
if not context:
return False
request = crum.get_current_request()
decoded_jwt = get_decoded_jwt(request) or get_decoded_jwt_from_auth(
request)
return request_user_has_implicit_access_via_jwt(
decoded_jwt, ENTERPRISE_CATALOG_LEARNER_ROLE, context)
def test_get_decoded_jwt_from_auth(self, is_jwt_authentication):
""" Verify get_decoded_jwt_from_auth returns the appropriate value. """
# Mock out the `is_jwt_authenticated` method
authentication.is_jwt_authenticated = lambda request: is_jwt_authentication
jwt_token = self._get_test_jwt_token()
mock_request_with_cookie = mock.Mock(COOKIES={}, auth=jwt_token)
expected_decoded_jwt = jwt_decode_handler(
jwt_token) if is_jwt_authentication else None
decoded_jwt = authentication.get_decoded_jwt_from_auth(
mock_request_with_cookie)
self.assertEqual(expected_decoded_jwt, decoded_jwt)
def request_user_has_implicit_access(*args, **kwargs): # pylint: disable=unused-argument
"""
Check that if request user has implicit access to `ENTERPRISE_DATA_ADMIN_ROLE` feature role.
Returns:
boolean: whether the request user has access or not
"""
request = crum.get_current_request()
__, __, request_kwargs = resolve(request.path)
enterprise_id_in_request = request_kwargs.get('enterprise_id')
decoded_jwt = get_decoded_jwt(request) or get_decoded_jwt_from_auth(
request)
return request_user_has_implicit_access_via_jwt(
decoded_jwt, ENTERPRISE_DATA_ADMIN_ROLE, enterprise_id_in_request)
def has_implicit_access_to_enrollment_api(user, obj): # pylint: disable=unused-argument
"""
Check that if request user has implicit access to `ENTERPRISE_ENROLLMENT_API_ADMIN_ROLE` feature role.
Params:
user: An ``auth.User`` instance.
obj: The string version of an ``EnterpriseCustomer.uuid``.
Returns:
boolean: whether the request user has access or not
"""
request = crum.get_current_request()
decoded_jwt = get_decoded_jwt(request) or get_decoded_jwt_from_auth(
request)
return request_user_has_implicit_access_via_jwt(
decoded_jwt, ENTERPRISE_ENROLLMENT_API_ADMIN_ROLE, obj)
def test_get_decoded_jwt_from_auth(self, is_jwt_authentication):
""" Verify get_decoded_jwt_from_auth returns the appropriate value. """
# Mock out the `is_jwt_authenticated` method
authentication.is_jwt_authenticated = lambda request: is_jwt_authentication
user = factories.UserFactory()
payload = generate_latest_version_payload(user)
jwt = generate_jwt_token(payload)
mock_request_with_cookie = mock.Mock(COOKIES={}, auth=jwt)
expected_decoded_jwt = jwt_decode_handler(
jwt) if is_jwt_authentication else None
decoded_jwt = authentication.get_decoded_jwt_from_auth(
mock_request_with_cookie)
self.assertEqual(expected_decoded_jwt, decoded_jwt)
