def get_user_authorizations_for_entity(token_info: Dict, business_identifier: str, expanded: bool = False):
"""Get User authorizations for the entity."""
auth_response = {}
auth = None
token_roles = token_info.get('realm_access').get('roles')
if Role.STAFF.value in token_roles:
if expanded:
# Query Authorization view by business identifier
auth = AuthorizationView.find_user_authorization_by_business_number(business_identifier)
auth_response = Authorization(auth).as_dict(expanded)
auth_response['roles'] = token_roles
elif Role.SYSTEM.value in token_roles:
# a service account in keycloak should have product_code claim setup.
keycloak_product_code = token_info.get('product_code', None)
if keycloak_product_code:
auth = AuthorizationView.find_user_authorization_by_business_number_and_product(business_identifier,
keycloak_product_code)
if auth:
auth_response = Authorization(auth).as_dict(expanded)
permissions = PermissionsService.get_permissions_for_membership(auth.status_code, 'SYSTEM')
auth_response['roles'] = permissions
else:
keycloak_guid = token_info.get('sub', None)
if business_identifier and keycloak_guid:
auth = AuthorizationView.find_user_authorization_by_business_number(business_identifier, keycloak_guid)
if auth:
permissions = PermissionsService.get_permissions_for_membership(auth.status_code, auth.org_membership)
auth_response = Authorization(auth).as_dict(expanded)
auth_response['roles'] = permissions
return auth_response
def build_cache(app):
"""Build cache."""
cache.init_app(app)
with app.app_context():
cache.clear()
if not app.config.get('TESTING', False):
try:
from auth_api.services.permissions import \
Permissions as PermissionService # pylint: disable=import-outside-toplevel
PermissionService.build_all_permission_cache()
except Exception as e: # pylint:disable=broad-except
app.logger.error('Error on caching ')
app.logger.error(e)
def get_account_authorizations_for_org(token_info: Dict, account_id: str, corp_type_code: Optional[str],
expanded: bool = False):
"""Get User authorizations for the org."""
auth_response = {}
auth = None
token_roles = token_info.get('realm_access').get('roles')
# todo the service account level access has not been defined
if Role.STAFF.value in token_roles:
if expanded:
# Query Authorization view by business identifier
auth = AuthorizationView.find_authorization_for_staff_by_org_id(account_id)
auth_response = Authorization(auth).as_dict(expanded)
auth_response['roles'] = token_roles
else:
keycloak_guid = token_info.get('sub', None)
# check product based auth auth org based auth
check_product_based_auth = Authorization._is_product_based_auth(corp_type_code)
if check_product_based_auth:
auth = AuthorizationView.find_account_authorization_by_org_id_and_product_for_user(
keycloak_guid, account_id, corp_type_code)
else:
if account_id and keycloak_guid:
auth = AuthorizationView.find_user_authorization_by_org_id(keycloak_guid, account_id)
auth_response['roles'] = []
if auth:
permissions = PermissionsService.get_permissions_for_membership(auth.status_code,
auth.org_membership)
auth_response = Authorization(auth).as_dict(expanded)
auth_response['roles'] = permissions
return auth_response
def get_user_authorizations_for_entity(business_identifier: str,
expanded: bool = False,
**kwargs):
"""Get User authorizations for the entity."""
user_from_context: UserContext = kwargs['user_context']
auth_response = {}
auth = None
token_roles = user_from_context.roles
current_app.logger.debug(f'check roles=:{token_roles}')
if Role.STAFF.value in token_roles:
if expanded:
# Query Authorization view by business identifier
auth = AuthorizationView.find_user_authorization_by_business_number(
business_identifier, is_staff=True)
auth_response = Authorization(auth).as_dict(expanded)
auth_response['roles'] = token_roles
elif Role.SYSTEM.value in token_roles:
# a service account in keycloak should have product_code claim setup.
keycloak_product_code = user_from_context.token_info.get(
'product_code', None)
if keycloak_product_code:
auth = AuthorizationView.find_user_authorization_by_business_number_and_product(
business_identifier, keycloak_product_code)
if auth:
auth_response = Authorization(auth).as_dict(expanded)
permissions = PermissionsService.get_permissions_for_membership(
auth.status_code, 'SYSTEM')
auth_response['roles'] = permissions
else:
keycloak_guid = user_from_context.sub
if business_identifier and keycloak_guid:
auth = AuthorizationView.find_user_authorization_by_business_number(
business_identifier=business_identifier,
keycloak_guid=keycloak_guid,
org_id=user_from_context.account_id)
if auth:
permissions = PermissionsService.get_permissions_for_membership(
auth.status_code, auth.org_membership)
auth_response = Authorization(auth).as_dict(expanded)
auth_response['roles'] = permissions
return auth_response
def get_account_authorizations_for_product(keycloak_guid: str, account_id: str, product_code: str,
expanded: bool = False):
"""Get account authorizations for the product."""
auth = AuthorizationView.find_account_authorization_by_org_id_and_product_for_user(
keycloak_guid, account_id, product_code
)
auth_response = Authorization(auth).as_dict(expanded)
auth_response['roles'] = []
if auth:
permissions = PermissionsService.get_permissions_for_membership(auth.status_code, auth.org_membership)
auth_response['roles'] = permissions
return auth_response
def get_account_authorizations_for_org(account_id: str,
corp_type_code: Optional[str],
expanded: bool = False,
**kwargs):
"""Get User authorizations for the org."""
user_from_context: UserContext = kwargs['user_context']
auth_response = {}
auth = None
token_roles = user_from_context.roles
# todo the service account level access has not been defined
if Role.STAFF.value in token_roles:
if expanded:
# Query Authorization view by business identifier
auth = AuthorizationView.find_authorization_for_admin_by_org_id(
account_id)
auth_response = Authorization(auth).as_dict(expanded)
auth_response['roles'] = token_roles
else:
keycloak_guid = user_from_context.sub
account_id_claim = user_from_context.account_id_claim
# check product based auth auth org based auth
check_product_based_auth = Authorization._is_product_based_auth(
corp_type_code)
if check_product_based_auth:
if account_id_claim:
auth = AuthorizationView.find_account_authorization_by_org_id_and_product(
account_id_claim, corp_type_code)
else:
auth = AuthorizationView.find_account_authorization_by_org_id_and_product_for_user(
keycloak_guid, account_id, corp_type_code)
else:
if account_id_claim and account_id == int(account_id_claim):
auth = AuthorizationView.find_authorization_for_admin_by_org_id(
account_id_claim)
elif account_id and keycloak_guid:
auth = AuthorizationView.find_user_authorization_by_org_id(
keycloak_guid, account_id)
auth_response['roles'] = []
if auth:
permissions = PermissionsService.get_permissions_for_membership(
auth.status_code, auth.org_membership)
auth_response = Authorization(auth).as_dict(expanded)
auth_response['roles'] = permissions
return auth_response
def get_account_authorizations_for_product(account_id: str, product_code: str, expanded: bool = False, **kwargs):
"""Get account authorizations for the product."""
user_from_context: UserContext = kwargs['user_context']
account_id_claim = user_from_context.account_id
if account_id_claim:
auth = AuthorizationView.find_account_authorization_by_org_id_and_product(
account_id_claim, product_code
)
else:
auth = AuthorizationView.find_account_authorization_by_org_id_and_product_for_user(
user_from_context.sub, account_id, product_code
)
auth_response = Authorization(auth).as_dict(expanded)
auth_response['roles'] = []
if auth:
permissions = PermissionsService.get_permissions_for_membership(auth.status_code, auth.org_membership)
auth_response['roles'] = permissions
return auth_response
def get_account_authorizations_for_product(token_info: Dict,
account_id: str,
product_code: str,
expanded: bool = False):
"""Get account authorizations for the product."""
account_id_claim = token_info.get('Account-Id', None)
if account_id_claim:
auth = AuthorizationView.find_account_authorization_by_org_id_and_product(
account_id_claim, product_code)
else:
auth = AuthorizationView.find_account_authorization_by_org_id_and_product_for_user(
token_info.get('sub'), account_id, product_code)
auth_response = Authorization(auth).as_dict(expanded)
auth_response['roles'] = []
if auth:
permissions = PermissionsService.get_permissions_for_membership(
auth.status_code, auth.org_membership)
auth_response['roles'] = permissions
return auth_response
