def get_account_authorizations_for_org(token_info: Dict,
account_id: str,
corp_type_code: Optional[str],
expanded: bool = False):
"""Get User authorizations for the org."""
auth_response = {}
auth = None
token_roles = token_info.get('realm_access').get('roles')
# todo the service account level access has not been defined
if Role.STAFF.value in token_roles:
if expanded:
# Query Authorization view by business identifier
auth = AuthorizationView.find_authorization_for_admin_by_org_id(
account_id)
auth_response = Authorization(auth).as_dict(expanded)
auth_response['roles'] = token_roles
else:
keycloak_guid = token_info.get('sub', None)
account_id_claim = token_info.get('Account-Id', None)
# check product based auth auth org based auth
check_product_based_auth = Authorization._is_product_based_auth(
corp_type_code)
if check_product_based_auth:
if account_id_claim:
auth = AuthorizationView.find_account_authorization_by_org_id_and_product(
account_id_claim, corp_type_code)
else:
auth = AuthorizationView.find_account_authorization_by_org_id_and_product_for_user(
keycloak_guid, account_id, corp_type_code)
else:
if account_id_claim:
auth = AuthorizationView.find_authorization_for_admin_by_org_id(
account_id_claim)
elif account_id and keycloak_guid:
auth = AuthorizationView.find_user_authorization_by_org_id(
keycloak_guid, account_id)
auth_response['roles'] = []
if auth:
permissions = PermissionsService.get_permissions_for_membership(
auth.status_code, auth.org_membership)
auth_response = Authorization(auth).as_dict(expanded)
auth_response['roles'] = permissions
return auth_response
def get_account_authorizations_for_org(account_id: str,
corp_type_code: Optional[str],
expanded: bool = False,
**kwargs):
"""Get User authorizations for the org."""
user_from_context: UserContext = kwargs['user_context']
auth_response = {}
auth = None
token_roles = user_from_context.roles
# todo the service account level access has not been defined
if Role.STAFF.value in token_roles:
if expanded:
# Query Authorization view by business identifier
auth = AuthorizationView.find_authorization_for_admin_by_org_id(
account_id)
auth_response = Authorization(auth).as_dict(expanded)
auth_response['roles'] = token_roles
else:
keycloak_guid = user_from_context.sub
account_id_claim = user_from_context.account_id_claim
# check product based auth auth org based auth
check_product_based_auth = Authorization._is_product_based_auth(
corp_type_code)
if check_product_based_auth:
if account_id_claim:
auth = AuthorizationView.find_account_authorization_by_org_id_and_product(
account_id_claim, corp_type_code)
else:
auth = AuthorizationView.find_account_authorization_by_org_id_and_product_for_user(
keycloak_guid, account_id, corp_type_code)
else:
if account_id_claim and account_id == int(account_id_claim):
auth = AuthorizationView.find_authorization_for_admin_by_org_id(
account_id_claim)
elif account_id and keycloak_guid:
auth = AuthorizationView.find_user_authorization_by_org_id(
keycloak_guid, account_id)
auth_response['roles'] = []
if auth:
permissions = PermissionsService.get_permissions_for_membership(
auth.status_code, auth.org_membership)
auth_response = Authorization(auth).as_dict(expanded)
auth_response['roles'] = permissions
return auth_response
def get_account_authorizations_for_product(account_id: str, product_code: str, expanded: bool = False, **kwargs):
"""Get account authorizations for the product."""
user_from_context: UserContext = kwargs['user_context']
account_id_claim = user_from_context.account_id
if account_id_claim:
auth = AuthorizationView.find_account_authorization_by_org_id_and_product(
account_id_claim, product_code
)
else:
auth = AuthorizationView.find_account_authorization_by_org_id_and_product_for_user(
user_from_context.sub, account_id, product_code
)
auth_response = Authorization(auth).as_dict(expanded)
auth_response['roles'] = []
if auth:
permissions = PermissionsService.get_permissions_for_membership(auth.status_code, auth.org_membership)
auth_response['roles'] = permissions
return auth_response
def get_account_authorizations_for_product(token_info: Dict,
account_id: str,
product_code: str,
expanded: bool = False):
"""Get account authorizations for the product."""
account_id_claim = token_info.get('Account-Id', None)
if account_id_claim:
auth = AuthorizationView.find_account_authorization_by_org_id_and_product(
account_id_claim, product_code)
else:
auth = AuthorizationView.find_account_authorization_by_org_id_and_product_for_user(
token_info.get('sub'), account_id, product_code)
auth_response = Authorization(auth).as_dict(expanded)
auth_response['roles'] = []
if auth:
permissions = PermissionsService.get_permissions_for_membership(
auth.status_code, auth.org_membership)
auth_response['roles'] = permissions
return auth_response
