def get_user_authorizations_for_entity(token_info: Dict,
business_identifier: str,
expanded: bool = False):
"""Get User authorizations for the entity."""
auth_response = {}
if 'staff' in token_info.get('realm_access').get('roles'):
auth_response = {'roles': ['edit', 'view']}
elif Role.SYSTEM.value in token_info.get('realm_access').get('roles'):
# a service account in keycloak should have corp_type claim setup.
keycloak_corp_type = token_info.get('corp_type', None)
if keycloak_corp_type:
auth = AuthorizationView.find_user_authorization_by_business_number_and_corp_type(
business_identifier, keycloak_corp_type)
if auth:
auth_response = Authorization(auth).as_dict(expanded)
auth_response['roles'] = ['edit', 'view']
else:
keycloak_guid = token_info.get('sub', None)
auth = AuthorizationView.find_user_authorization_by_business_number(
keycloak_guid, business_identifier)
if auth:
auth_response = Authorization(auth).as_dict(expanded)
auth_response['roles'] = ['edit', 'view']
return auth_response
def get_user_authorizations_for_entity(token_info: Dict,
business_identifier: str):
"""Get User authorizations for the entity."""
auth_response = {}
if token_info.get('loginSource', None) == 'PASSCODE':
if token_info.get('username',
None).upper() == business_identifier.upper():
auth_response = {
'orgMembership': OWNER,
'roles': ['edit', 'view']
}
elif 'staff' in token_info.get('realm_access').get('roles'):
auth_response = {'roles': ['edit', 'view']}
elif Role.SYSTEM.value in token_info.get('realm_access').get('roles'):
# a service account in keycloak should have corp_type claim setup.
keycloak_corp_type = token_info.get('corp_type', None)
if keycloak_corp_type:
auth = AuthorizationView.find_user_authorization_by_business_number_and_corp_type(
business_identifier, keycloak_corp_type)
if auth:
auth_response = Authorization(auth).as_dict(
exclude=['business_identifier'])
auth_response['roles'] = ['edit', 'view']
else:
keycloak_guid = token_info.get('sub', None)
auth = AuthorizationView.find_user_authorization_by_business_number(
keycloak_guid, business_identifier)
if auth:
auth_response = Authorization(auth).as_dict(
exclude=['business_identifier'])
auth_response['roles'] = ['edit', 'view']
return auth_response
def test_find_user_authorization_by_business_number_and_invalid_corp_type(session): # pylint:disable=unused-argument
"""Assert that authorization view is not returning result when invalid corp type is passed."""
user = factory_user_model()
org = factory_org_model()
factory_membership_model(user.id, org.id)
entity = factory_entity_model()
factory_affiliation_model(entity.id, org.id)
authorization = Authorization.find_user_authorization_by_business_number_and_corp_type(entity.business_identifier,
'invalid_corp_type')
assert authorization is None
def test_find_user_authorization_by_business_number_and_corp_type(session): # pylint:disable=unused-argument
"""Assert that authorization view returns result when fetched using Corp type instead of jwt.
Service accounts passes corp type instead of jwt.
"""
user = factory_user_model()
org = factory_org_model()
membership = factory_membership_model(user.id, org.id)
entity = factory_entity_model()
factory_affiliation_model(entity.id, org.id)
authorization = Authorization.find_user_authorization_by_business_number_and_corp_type(entity.business_identifier,
'CP')
assert authorization is not None
assert authorization.org_membership == membership.membership_type_code
def test_find_user_authorization_by_business_number_and_corp_type_multiple_membership(
session): # pylint:disable=unused-argument
"""Assert that authorization view returns result when fetched using Corp type instead of jwt.
When multiple membership is present , return the one with Owner access
"""
user1 = factory_user_model()
user2 = factory_user_model(user_info=TestUserInfo.user2)
org = factory_org_model()
factory_membership_model(user1.id, org.id, member_type='ADMIN')
membership_owner = factory_membership_model(user2.id, org.id)
entity = factory_entity_model()
factory_affiliation_model(entity.id, org.id)
authorization = Authorization.find_user_authorization_by_business_number_and_corp_type(entity.business_identifier,
'CP')
assert authorization is not None
assert authorization.org_membership == membership_owner.membership_type_code
