def get_user_authorizations_for_entity(token_info: Dict, business_identifier: str, expanded: bool = False):
"""Get User authorizations for the entity."""
auth_response = {}
auth = None
token_roles = token_info.get('realm_access').get('roles')
if Role.STAFF.value in token_roles:
if expanded:
# Query Authorization view by business identifier
auth = AuthorizationView.find_user_authorization_by_business_number(business_identifier)
auth_response = Authorization(auth).as_dict(expanded)
auth_response['roles'] = token_roles
elif Role.SYSTEM.value in token_roles:
# a service account in keycloak should have product_code claim setup.
keycloak_product_code = token_info.get('product_code', None)
if keycloak_product_code:
auth = AuthorizationView.find_user_authorization_by_business_number_and_product(business_identifier,
keycloak_product_code)
if auth:
auth_response = Authorization(auth).as_dict(expanded)
permissions = PermissionsService.get_permissions_for_membership(auth.status_code, 'SYSTEM')
auth_response['roles'] = permissions
else:
keycloak_guid = token_info.get('sub', None)
if business_identifier and keycloak_guid:
auth = AuthorizationView.find_user_authorization_by_business_number(business_identifier, keycloak_guid)
if auth:
permissions = PermissionsService.get_permissions_for_membership(auth.status_code, auth.org_membership)
auth_response = Authorization(auth).as_dict(expanded)
auth_response['roles'] = permissions
return auth_response
def test_find_invalid_user_authorization_by_business_number(session): # pylint:disable=unused-argument
"""Test with invalid user id and assert that auth is None."""
user = factory_user_model()
org = factory_org_model()
factory_membership_model(user.id, org.id)
entity = factory_entity_model()
factory_affiliation_model(entity.id, org.id)
authorization = Authorization.find_user_authorization_by_business_number(str(uuid.uuid4()),
entity.business_identifier)
assert authorization is None
# Test with invalid business identifier
authorization = Authorization.find_user_authorization_by_business_number(str(uuid.uuid4()), '')
assert authorization is None
def get_user_authorizations_for_entity(token_info: Dict,
business_identifier: str,
expanded: bool = False):
"""Get User authorizations for the entity."""
auth_response = {}
if 'staff' in token_info.get('realm_access').get('roles'):
auth_response = {'roles': ['edit', 'view']}
elif Role.SYSTEM.value in token_info.get('realm_access').get('roles'):
# a service account in keycloak should have corp_type claim setup.
keycloak_corp_type = token_info.get('corp_type', None)
if keycloak_corp_type:
auth = AuthorizationView.find_user_authorization_by_business_number_and_corp_type(
business_identifier, keycloak_corp_type)
if auth:
auth_response = Authorization(auth).as_dict(expanded)
auth_response['roles'] = ['edit', 'view']
else:
keycloak_guid = token_info.get('sub', None)
auth = AuthorizationView.find_user_authorization_by_business_number(
keycloak_guid, business_identifier)
if auth:
auth_response = Authorization(auth).as_dict(expanded)
auth_response['roles'] = ['edit', 'view']
return auth_response
def get_user_authorizations_for_entity(token_info: Dict,
business_identifier: str):
"""Get User authorizations for the entity."""
auth_response = {}
if token_info.get('loginSource', None) == 'PASSCODE':
if token_info.get('username',
None).upper() == business_identifier.upper():
auth_response = {
'orgMembership': OWNER,
'roles': ['edit', 'view']
}
elif 'staff' in token_info.get('realm_access').get('roles'):
auth_response = {'roles': ['edit', 'view']}
elif Role.SYSTEM.value in token_info.get('realm_access').get('roles'):
# a service account in keycloak should have corp_type claim setup.
keycloak_corp_type = token_info.get('corp_type', None)
if keycloak_corp_type:
auth = AuthorizationView.find_user_authorization_by_business_number_and_corp_type(
business_identifier, keycloak_corp_type)
if auth:
auth_response = Authorization(auth).as_dict(
exclude=['business_identifier'])
auth_response['roles'] = ['edit', 'view']
else:
keycloak_guid = token_info.get('sub', None)
auth = AuthorizationView.find_user_authorization_by_business_number(
keycloak_guid, business_identifier)
if auth:
auth_response = Authorization(auth).as_dict(
exclude=['business_identifier'])
auth_response['roles'] = ['edit', 'view']
return auth_response
def get_user_authorizations_for_entity(business_identifier: str,
expanded: bool = False,
**kwargs):
"""Get User authorizations for the entity."""
user_from_context: UserContext = kwargs['user_context']
auth_response = {}
auth = None
token_roles = user_from_context.roles
current_app.logger.debug(f'check roles=:{token_roles}')
if Role.STAFF.value in token_roles:
if expanded:
# Query Authorization view by business identifier
auth = AuthorizationView.find_user_authorization_by_business_number(
business_identifier, is_staff=True)
auth_response = Authorization(auth).as_dict(expanded)
auth_response['roles'] = token_roles
elif Role.SYSTEM.value in token_roles:
# a service account in keycloak should have product_code claim setup.
keycloak_product_code = user_from_context.token_info.get(
'product_code', None)
if keycloak_product_code:
auth = AuthorizationView.find_user_authorization_by_business_number_and_product(
business_identifier, keycloak_product_code)
if auth:
auth_response = Authorization(auth).as_dict(expanded)
permissions = PermissionsService.get_permissions_for_membership(
auth.status_code, 'SYSTEM')
auth_response['roles'] = permissions
else:
keycloak_guid = user_from_context.sub
if business_identifier and keycloak_guid:
auth = AuthorizationView.find_user_authorization_by_business_number(
business_identifier=business_identifier,
keycloak_guid=keycloak_guid,
org_id=user_from_context.account_id)
if auth:
permissions = PermissionsService.get_permissions_for_membership(
auth.status_code, auth.org_membership)
auth_response = Authorization(auth).as_dict(expanded)
auth_response['roles'] = permissions
return auth_response
def test_find_user_authorization_by_business_number(session): # pylint:disable=unused-argument
"""Assert that authorization view is returning result."""
user = factory_user_model()
org = factory_org_model()
membership = factory_membership_model(user.id, org.id)
entity = factory_entity_model()
factory_affiliation_model(entity.id, org.id)
authorization = Authorization.find_user_authorization_by_business_number(str(user.keycloak_guid),
entity.business_identifier)
assert authorization is not None
assert authorization.org_membership == membership.membership_type_code
def get_user_authorizations_for_entity(token_info: Dict,
business_identifier: str):
"""Get User authorizations for the entity."""
auth_response = {}
if token_info.get('loginSource', None) == 'PASSCODE':
if token_info.get('username',
None).upper() == business_identifier.upper():
auth_response = {'role': 'OWNER'}
elif 'staff' in token_info.get('realm_access', []).get('roles', []):
auth_response = {'role': 'STAFF'}
else:
keycloak_guid = token_info.get('sub', None)
auth = AuthorizationView.find_user_authorization_by_business_number(
keycloak_guid, business_identifier)
if auth:
auth_response = Authorization(auth).as_dict(
exclude=['business_identifier'])
return auth_response
