def build_message_headers(ion_actor_id, expiry):
headers = dict()
headers['ion-actor-id'] = ion_actor_id
headers['expiry'] = expiry
# If this is an anonymous requester then there are no roles associated with the request
if ion_actor_id == DEFAULT_ACTOR_ID:
headers['ion-actor-roles'] = dict()
return headers
try:
# Check to see if the user's roles are cached already - keyed by user id
if service_gateway_instance.user_role_cache.has_key(ion_actor_id):
role_header = service_gateway_instance.user_role_cache.get(ion_actor_id)
if role_header is not None:
headers['ion-actor-roles'] = role_header
return headers
# The user's roles were not cached so hit the datastore to find it.
org_client = OrgManagementServiceProcessClient(process=service_gateway_instance)
org_roles = org_client.find_all_roles_by_user(ion_actor_id, headers={"ion-actor-id": service_gateway_instance.name,
'expiry': DEFAULT_EXPIRY})
role_header = get_role_message_headers(org_roles)
# Cache the roles by user id
service_gateway_instance.user_role_cache.put(ion_actor_id, role_header)
except Exception as e:
role_header = dict() # Default to empty dict if there is a problem finding roles for the user
headers['ion-actor-roles'] = role_header
return headers
def build_message_headers(self, actor_id, expiry):
"""Returns the headers that the service gateway uses to make service calls on behalf of a
user, based on the user session or request arguments"""
headers = dict()
headers[MSG_HEADER_ACTOR] = actor_id
headers[MSG_HEADER_VALID] = expiry
req_info = flask.g.get("req_info", None)
if req_info:
headers["request-id"] = str(req_info["request_id"])
# If this is an anonymous requester then there are no roles associated with the request
if actor_id == DEFAULT_ACTOR_ID:
headers[MSG_HEADER_ROLES] = dict()
return headers
try:
# Check to see if the user's roles are cached already - keyed by user id
if self.user_role_cache.has_key(actor_id):
role_header = self.user_role_cache.get(actor_id)
if role_header is not None:
headers[MSG_HEADER_ROLES] = role_header
return headers
# The user's roles were not cached so hit the datastore to find it.
role_list = self.org_client.list_actor_roles(
actor_id, headers=self._get_gateway_headers())
org_roles = {}
for role in role_list:
org_roles.setdefault(role.org_governance_name, []).append(role)
role_header = get_role_message_headers(org_roles)
# Cache the roles by user id
self.user_role_cache.put(actor_id, role_header)
except Exception:
role_header = dict(
) # Default to empty dict if there is a problem finding roles for the user
headers[MSG_HEADER_ROLES] = role_header
return headers
def build_message_headers(self, actor_id, expiry):
"""Returns the headers that the service gateway uses to make service calls on behalf of a
user, based on the user session or request arguments"""
headers = dict()
headers[MSG_HEADER_ACTOR] = actor_id
headers[MSG_HEADER_VALID] = expiry
req_info = flask.g.get("req_info", None)
if req_info:
headers["request-id"] = str(req_info["request_id"])
# If this is an anonymous requester then there are no roles associated with the request
if actor_id == DEFAULT_ACTOR_ID:
headers[MSG_HEADER_ROLES] = dict()
return headers
try:
# Check to see if the user's roles are cached already - keyed by user id
if self.user_role_cache.has_key(actor_id):
role_header = self.user_role_cache.get(actor_id)
if role_header is not None:
headers[MSG_HEADER_ROLES] = role_header
return headers
# The user's roles were not cached so hit the datastore to find it.
role_list = self.org_client.list_actor_roles(actor_id, headers=self._get_gateway_headers())
org_roles = {}
for role in role_list:
org_roles.setdefault(role.org_governance_name, []).append(role)
role_header = get_role_message_headers(org_roles)
# Cache the roles by user id
self.user_role_cache.put(actor_id, role_header)
except Exception:
role_header = dict() # Default to empty dict if there is a problem finding roles for the user
headers[MSG_HEADER_ROLES] = role_header
return headers
def build_message_headers(ion_actor_id, expiry):
headers = dict()
headers['ion-actor-id'] = ion_actor_id
headers['expiry'] = expiry
#If this is an anonymous requester then there are no roles associated with the request
if ion_actor_id == DEFAULT_ACTOR_ID:
headers['ion-actor-roles'] = dict()
return headers
try:
#Check to see if the user's roles are cached already - keyed by user id
if service_gateway_instance.user_role_cache.has_key(ion_actor_id):
role_header = service_gateway_instance.user_role_cache.get(
ion_actor_id)
if role_header is not None:
headers['ion-actor-roles'] = role_header
return headers
#The user's roles were not cached so hit the datastore to find it.
org_client = OrgManagementServiceProcessClient(
node=Container.instance.node, process=service_gateway_instance)
org_roles = org_client.find_all_roles_by_user(
ion_actor_id,
headers={
"ion-actor-id": service_gateway_instance.name,
'expiry': DEFAULT_EXPIRY
})
role_header = get_role_message_headers(org_roles)
#Cache the roles by user id
service_gateway_instance.user_role_cache.put(ion_actor_id, role_header)
except Exception, e:
role_header = dict(
) # Default to empty dict if there is a problem finding roles for the user
def test_get_actor_header(self):
#Setup data
actor = IonObject(RT.ActorIdentity, name='actor1')
actor_id, _ = self.rr.create(actor)
ion_org = IonObject(RT.Org, name='ION', org_governance_name='ION')
ion_org_id, _ = self.rr.create(ion_org)
ion_org._id = ion_org_id
manager_role = IonObject(RT.UserRole, name='Org Manager', governance_name=ORG_MANAGER_ROLE, description='Org Manager')
manager_role_id = self.add_user_role(ion_org, manager_role)
member_role = IonObject(RT.UserRole, name='Org Member', governance_name=ORG_MEMBER_ROLE, description='Org Member')
# all actors have a defaul org_member_role
actor_roles = find_roles_by_actor(actor_id)
self.assertDictEqual(actor_roles, {'ION': [ORG_MEMBER_ROLE]})
actor_header = get_actor_header(actor_id)
self.assertDictEqual(actor_header, {'ion-actor-id': actor_id, 'ion-actor-roles': {'ION': [ORG_MEMBER_ROLE]}})
#Add Org Manager Role
self.rr.create_association(actor_id, PRED.hasRole, manager_role_id)
actor_roles = find_roles_by_actor(actor_id)
role_header = get_role_message_headers({'ION': [manager_role, member_role]})
self.assertDictEqual(actor_roles, role_header)
org2 = IonObject(RT.Org, name='Org 2', org_governance_name='Second_Org')
org2_id, _ = self.rr.create(org2)
org2._id = org2_id
member2_role = IonObject(RT.UserRole, governance_name=ORG_MEMBER_ROLE, name='Org Member', description='Org Member')
member2_role_id = self.add_user_role(org2, member2_role)
operator2_role = IonObject(RT.UserRole, governance_name='INSTRUMENT_OPERATOR', name='Instrument Operator',
description='Instrument Operator')
operator2_role_id = self.add_user_role(org2, operator2_role)
self.rr.create_association(actor_id, PRED.hasRole, member2_role_id)
self.rr.create_association(actor_id, PRED.hasRole, operator2_role_id)
actor_roles = find_roles_by_actor(actor_id)
role_header = get_role_message_headers({'ION': [manager_role, member_role], 'Second_Org': [operator2_role, member2_role]})
self.assertEqual(len(actor_roles), 2)
self.assertEqual(len(role_header), 2)
self.assertIn('Second_Org', actor_roles)
self.assertIn('Second_Org', role_header)
self.assertEqual(len(actor_roles['Second_Org']), 2)
self.assertEqual(len(role_header['Second_Org']), 2)
self.assertIn('INSTRUMENT_OPERATOR', actor_roles['Second_Org'])
self.assertIn('INSTRUMENT_OPERATOR', role_header['Second_Org'])
self.assertIn(ORG_MEMBER_ROLE, actor_roles['Second_Org'])
self.assertIn(ORG_MEMBER_ROLE, role_header['Second_Org'])
self.assertIn('ION', actor_roles)
self.assertIn('ION', role_header)
self.assertIn(ORG_MANAGER_ROLE, actor_roles['ION'])
self.assertIn(ORG_MEMBER_ROLE, actor_roles['ION'])
self.assertIn(ORG_MANAGER_ROLE, role_header['ION'])
self.assertIn(ORG_MEMBER_ROLE, role_header['ION'])
actor_header = get_actor_header(actor_id)
self.assertEqual(actor_header['ion-actor-id'], actor_id)
self.assertEqual(actor_header['ion-actor-roles'], actor_roles)
#Now make sure we can change the name of the Org and not affect the headers
org2 = self.rr.read(org2_id)
org2.name = 'Updated Org 2'
org2_id, _ = self.rr.update(org2)
actor_roles = find_roles_by_actor(actor_id)
self.assertEqual(len(actor_roles), 2)
self.assertEqual(len(role_header), 2)
self.assertIn('Second_Org', actor_roles)
self.assertIn('Second_Org', role_header)
self.assertEqual(len(actor_roles['Second_Org']), 2)
self.assertEqual(len(role_header['Second_Org']), 2)
self.assertIn('INSTRUMENT_OPERATOR', actor_roles['Second_Org'])
self.assertIn('INSTRUMENT_OPERATOR', role_header['Second_Org'])
self.assertIn(ORG_MEMBER_ROLE, actor_roles['Second_Org'])
self.assertIn(ORG_MEMBER_ROLE, role_header['Second_Org'])
self.assertIn('ION', actor_roles)
self.assertIn('ION', role_header)
self.assertIn(ORG_MANAGER_ROLE, actor_roles['ION'])
self.assertIn(ORG_MEMBER_ROLE, actor_roles['ION'])
self.assertIn(ORG_MANAGER_ROLE, role_header['ION'])
self.assertIn(ORG_MEMBER_ROLE, role_header['ION'])
actor_header = get_actor_header(actor_id)
self.assertEqual(actor_header['ion-actor-id'], actor_id)
self.assertEqual(actor_header['ion-actor-roles'], actor_roles)
def test_get_actor_header(self):
#Setup data
actor = IonObject(RT.ActorIdentity, name='actor1')
actor_id, _ = self.rr.create(actor)
ion_org = IonObject(RT.Org, name='ION', org_governance_name='ION')
ion_org_id, _ = self.rr.create(ion_org)
ion_org._id = ion_org_id
manager_role = IonObject(RT.UserRole,
name='Org Manager',
governance_name=MODERATOR_ROLE,
description='Org Manager')
manager_role_id = self.add_org_role(ion_org, manager_role)
member_role = IonObject(RT.UserRole,
name='Org Member',
governance_name=MEMBER_ROLE,
description='Org Member')
# all actors have a defaul MEMBER_ROLE
actor_roles = find_roles_by_actor(actor_id)
self.assertDictEqual(actor_roles, {'ION': [MEMBER_ROLE]})
actor_header = get_actor_header(actor_id)
self.assertDictEqual(actor_header, {
'ion-actor-id': actor_id,
'ion-actor-roles': {
'ION': [MEMBER_ROLE]
}
})
#Add Org Manager Role
self.rr.create_association(actor_id, PRED.hasRole, manager_role_id)
actor_roles = find_roles_by_actor(actor_id)
role_header = get_role_message_headers(
{'ION': [manager_role, member_role]})
self.assertDictEqual(actor_roles, role_header)
org2 = IonObject(RT.Org,
name='Org 2',
org_governance_name='Second_Org')
org2_id, _ = self.rr.create(org2)
org2._id = org2_id
member2_role = IonObject(RT.UserRole,
governance_name=MEMBER_ROLE,
name='Org Member',
description='Org Member')
member2_role_id = self.add_org_role(org2, member2_role)
operator2_role = IonObject(RT.UserRole,
governance_name='OPERATOR',
name='Instrument Operator',
description='Instrument Operator')
operator2_role_id = self.add_org_role(org2, operator2_role)
self.rr.create_association(actor_id, PRED.hasRole, member2_role_id)
self.rr.create_association(actor_id, PRED.hasRole, operator2_role_id)
actor_roles = find_roles_by_actor(actor_id)
role_header = get_role_message_headers({
'ION': [manager_role, member_role],
'Second_Org': [operator2_role, member2_role]
})
self.assertEqual(len(actor_roles), 2)
self.assertEqual(len(role_header), 2)
self.assertIn('Second_Org', actor_roles)
self.assertIn('Second_Org', role_header)
self.assertEqual(len(actor_roles['Second_Org']), 2)
self.assertEqual(len(role_header['Second_Org']), 2)
self.assertIn('OPERATOR', actor_roles['Second_Org'])
self.assertIn('OPERATOR', role_header['Second_Org'])
self.assertIn(MEMBER_ROLE, actor_roles['Second_Org'])
self.assertIn(MEMBER_ROLE, role_header['Second_Org'])
self.assertIn('ION', actor_roles)
self.assertIn('ION', role_header)
self.assertIn(MODERATOR_ROLE, actor_roles['ION'])
self.assertIn(MEMBER_ROLE, actor_roles['ION'])
self.assertIn(MODERATOR_ROLE, role_header['ION'])
self.assertIn(MEMBER_ROLE, role_header['ION'])
actor_header = get_actor_header(actor_id)
self.assertEqual(actor_header['ion-actor-id'], actor_id)
self.assertEqual(actor_header['ion-actor-roles'], actor_roles)
#Now make sure we can change the name of the Org and not affect the headers
org2 = self.rr.read(org2_id)
org2.name = 'Updated Org 2'
org2_id, _ = self.rr.update(org2)
actor_roles = find_roles_by_actor(actor_id)
self.assertEqual(len(actor_roles), 2)
self.assertEqual(len(role_header), 2)
self.assertIn('Second_Org', actor_roles)
self.assertIn('Second_Org', role_header)
self.assertEqual(len(actor_roles['Second_Org']), 2)
self.assertEqual(len(role_header['Second_Org']), 2)
self.assertIn('OPERATOR', actor_roles['Second_Org'])
self.assertIn('OPERATOR', role_header['Second_Org'])
self.assertIn(MEMBER_ROLE, actor_roles['Second_Org'])
self.assertIn(MEMBER_ROLE, role_header['Second_Org'])
self.assertIn('ION', actor_roles)
self.assertIn('ION', role_header)
self.assertIn(MODERATOR_ROLE, actor_roles['ION'])
self.assertIn(MEMBER_ROLE, actor_roles['ION'])
self.assertIn(MODERATOR_ROLE, role_header['ION'])
self.assertIn(MEMBER_ROLE, role_header['ION'])
actor_header = get_actor_header(actor_id)
self.assertEqual(actor_header['ion-actor-id'], actor_id)
self.assertEqual(actor_header['ion-actor-roles'], actor_roles)
