def request_loader(request): """Get the user provided in X-GGRC-user if whitelisted Appid provided.""" whitelist = settings.ALLOWED_QUERYAPI_APP_IDS inbound_appid = request.headers.get("X-Appengine-Inbound-Appid") if not inbound_appid: # don't check X-GGRC-user if the request doesn't come from another app return None if inbound_appid not in whitelist: # by default, we don't allow incoming app2app connections from # non-whitelisted apps raise exceptions.BadRequest( "X-Appengine-Inbound-Appid header contains " "untrusted application id: {}".format(inbound_appid)) email = parse_user_email(request, "X-GGRC-user", mandatory=True) # External Application User should be created if doesn't exist. if is_external_app_user_email(email): db_user = find_or_create_ext_app_user() try: # Create in the DB external app user provided in X-external-user header. parse_user_email(request, "X-external-user", mandatory=False) except exceptions.BadRequest as exp: logger.error("Creation of external user has failed. %s", exp.message) raise else: db_user = all_models.Person.query.filter_by(email=email).first() if not db_user: raise exceptions.BadRequest( "No user with such email: {}".format(email)) return db_user
def system_wide_role(self): """For choosing the role string to show to the user; of all the roles in the system-wide context, it shows the highest ranked one (if there are multiple) or "No Access" if there are none. """ if self.email in getattr(settings, "BOOTSTRAP_ADMIN_USERS", []): return SystemWideRoles.SUPERUSER from ggrc.utils.user_generator import is_external_app_user_email if is_external_app_user_email(self.email): return SystemWideRoles.SUPERUSER role_hierarchy = { SystemWideRoles.ADMINISTRATOR: 0, SystemWideRoles.EDITOR: 1, SystemWideRoles.READER: 2, SystemWideRoles.CREATOR: 3, } unique_roles = set([ user_role.role.name for user_role in self.user_roles if user_role.role.name in role_hierarchy ]) if not unique_roles: return u"No Access" # -1 as default to make items not in this list appear on top # and thus shown to the user sorted_roles = sorted(unique_roles, key=lambda x: role_hierarchy.get(x, -1)) return sorted_roles[0]
def system_wide_role(self): """For choosing the role string to show to the user; of all the roles in the system-wide context, it shows the highest ranked one (if there are multiple) or "No Access" if there are none. """ if self.email in getattr(settings, "BOOTSTRAP_ADMIN_USERS", []): return SystemWideRoles.SUPERUSER from ggrc.utils.user_generator import is_external_app_user_email if is_external_app_user_email(self.email): return SystemWideRoles.SUPERUSER role_hierarchy = { SystemWideRoles.ADMINISTRATOR: 0, SystemWideRoles.EDITOR: 1, SystemWideRoles.READER: 2, SystemWideRoles.CREATOR: 3, } unique_roles = set([ user_role.role.name for user_role in self.user_roles if user_role.role.name in role_hierarchy ]) if not unique_roles: return u"No Access" # -1 as default to make items not in this list appear on top # and thus shown to the user sorted_roles = sorted(unique_roles, key=lambda x: role_hierarchy.get(x, -1)) return sorted_roles[0]
def is_external_app_user(): """Checks if the current user is an external application. Account for external application is defined in settings. External application requests require special processing and validations. """ user = get_current_user() if not user or user.is_anonymous(): return False from ggrc.utils.user_generator import is_external_app_user_email return is_external_app_user_email(user.email)
def is_external_app_user(): """Checks if the current user is an external application. Account for external application is defined in settings. External application requests require special processing and validations. """ user = get_current_user() if not user or user.is_anonymous(): return False from ggrc.utils.user_generator import is_external_app_user_email return is_external_app_user_email(user.email)
def get_ggrc_user(request, mandatory): """Find user from email in "X-GGRC-user" header.""" email = parse_user_email(request, "X-GGRC-user", mandatory=mandatory) if not email: return None if is_external_app_user_email(email): # External Application User should be created if doesn't exist. user = get_external_app_user(request) else: user = all_models.Person.query.filter_by(email=email).first() if not user: raise exceptions.BadRequest("No user with such email: %s" % email) return user
def get_ggrc_user(request, mandatory): """Find user from email in "X-GGRC-user" header.""" email = parse_user_email(request, "X-GGRC-user", mandatory=mandatory) if not email: return None if is_external_app_user_email(email): # External Application User should be created if doesn't exist. user = get_external_app_user(request) else: user = all_models.Person.query.filter_by(email=email).first() if not user: raise exceptions.BadRequest("No user with such email: %s" % email) return user
def request_loader(request): """Get the user provided in X-GGRC-user if whitelisted Appid provided.""" whitelist = settings.ALLOWED_QUERYAPI_APP_IDS inbound_appid = request.headers.get("X-Appengine-Inbound-Appid") if not inbound_appid: # don't check X-GGRC-user if the request doesn't come from another app return None if inbound_appid not in whitelist: # by default, we don't allow incoming app2app connections from # non-whitelisted apps raise exceptions.BadRequest("X-Appengine-Inbound-Appid header contains " "untrusted application id: {}" .format(inbound_appid)) user = request.headers.get("X-GGRC-user") if not user: # no user provided raise exceptions.BadRequest("X-GGRC-user should be set, contains {!r} " "instead." .format(user)) try: user = json.loads(user) email = str(user["email"]) except (TypeError, ValueError, KeyError): # user provided in invalid syntax raise exceptions.BadRequest("X-GGRC-user should have JSON object like " "{{'email': str}}, contains {!r} instead." .format(user)) # External Application User should be created if doesn't exist. if is_external_app_user_email(email): db_user = find_or_create_ext_app_user() else: db_user = all_models.Person.query.filter_by(email=email).first() if not db_user: raise exceptions.BadRequest("No user with such email: {}" .format(email)) return db_user
def test_is_external_app_user_email_equals(self): """EXTERNAL_APP_USER email is equals to given email.""" self.assertTrue( user_generator.is_external_app_user_email('*****@*****.**'))
def test_is_external_app_user_email_corrupted_email(self): """In EXTERNAL_APP_USER is corrupted email.""" self.assertFalse( user_generator.is_external_app_user_email('*****@*****.**'))
def test_is_external_app_user_email_no_setting(self): """No EXTERNAL_APP_USER presented in settings.""" self.assertFalse( user_generator.is_external_app_user_email('*****@*****.**'))
def test_is_external_app_user_email_equals(self): """EXTERNAL_APP_USER email is equals to given email.""" self.assertTrue( user_generator.is_external_app_user_email('*****@*****.**'))
def test_is_external_app_user_email_corrupted_email(self): """In EXTERNAL_APP_USER is corrupted email.""" self.assertFalse( user_generator.is_external_app_user_email('*****@*****.**'))
def test_is_external_app_user_email_no_setting(self): """No EXTERNAL_APP_USER presented in settings.""" self.assertFalse( user_generator.is_external_app_user_email('*****@*****.**'))