def wrapper(*args, **kwargs):
pub_key = get_pub_key()
user = None
try:
jwt_header_name, token, tenant = jwt_utils.jwt_tenant(
request.headers)
except ValueError:
# TODO consider using something else like Flask-Login
# if not JWT information is provided in header, then this is a guest user
user = AnonymousUser()
if user is None:
try:
# TODO: validate token
decoded = jwt.decode(token, pub_key, verify=False)
username = decoded["http://wso2.org/claims/enduser"]
# remove ant @carbon.super or other nonsense, the tenant
# we get from the header anyway
username = username.split("@")[0]
except Exception as e:
logger.exception(e)
abort(400, 'could not decode JWT')
user = UserService.getUser(username, tenant)
if not user:
user = UserService.create(username=username,
jwt=token,
tenant=tenant)
# In case the JWT was updated for some reason, reset the jwt
UserService.setJWT(user, token)
request.current_user = user
return fn(*args, **kwargs)
def test_add_new_user_to_project(userdata):
user = UserService.getUser("test1", "test")
data = {
'project': {
'name': 'new project',
'description': 'test'
},
}
proj = ProjectsService.create(data, user)
ProjectsService.addUserToProject(proj.id, "newUser")
proj = ProjectsService.get(project_id=proj.id)
assert len(proj.users) == 2
def test_projects_for_user(userdata):
user = UserService.getUser("test1", "test")
data = {
'project': {
'name': 'new project',
'description': 'test'
},
}
ProjectsService.create(data, user)
myProjects = ProjectsService.list(user)
assert len(myProjects) == 1
assert myProjects[0].name == 'new project'
def addUserToProject(projectId: int, username: str) -> None:
"""
Add a user to a project
:param projectId: int
:param username: string
:return:
"""
# TODO: Add TAS integration
proj = db_session.query(Project).get(projectId)
user = UserService.getOrCreateUser(username, proj.tenant_id)
proj.users.append(user)
db_session.commit()
def makeObservable(proj: Project, user: User, watch_content: bool):
"""
Makes a project an observable project
Requires project's system_path, system_id, tenant_id to exist
:param proj: Project
:param user: User
:param watch_content: bool
:return: None
"""
folder_name = Path(proj.system_path).name
name = proj.system_id + '/' + folder_name
# TODO: Handle no storage system found
system = AgaveUtils(user.jwt).systemsGet(proj.system_id)
obs = ObservableDataProject(system_id=proj.system_id,
path=proj.system_path,
watch_content=watch_content)
users = get_system_users(proj.tenant_id, user.jwt, proj.system_id)
logger.info(
"Updating project:{} to have the following users: {}".format(
name, users))
project_users = [
UserService.getOrCreateUser(u, tenant=proj.tenant_id)
for u in users
]
proj.users = project_users
obs.project = proj
try:
db_session.add(obs)
db_session.commit()
except IntegrityError as e:
db_session.rollback()
logger.exception(
"User:{} tried to create an observable project that already exists: '{}'"
.format(user.username, name))
raise ObservableProjectAlreadyExists(
"'{}' project already exists".format(name))
if watch_content:
import_from_agave.apply_async(args=[
obs.project.tenant_id, user.id, obs.system_id, obs.path,
obs.project_id
])
def check_access_and_get_project(current_user,
allow_public_use=False,
project_id=None,
uuid=None):
"""
Check if user (authenticated or anonymous) can access a project id and *aborts* if there is no access.
:param project_id: int
:param uid: str
:param current_user: User
:param allow_public_use: boolean
:return: project: Project
"""
proj = ProjectsService.get(
project_id=project_id) if project_id else ProjectsService.get(
uuid=uuid)
if not proj:
abort(404, "No project found")
if not allow_public_use or not proj.public:
access = False if is_anonymous(
current_user) else UserService.canAccess(current_user, proj.id)
if not access:
abort(403, "Access denied")
return proj
def refresh_observable_projects():
try:
obs = db_session.query(ObservableDataProject).all()
for i, o in enumerate(obs):
# we need a user with a jwt for importing
importing_user = next((u for u in o.project.users if u.jwt))
logger.info(
"Refreshing observable project ({}/{}): observer:{} system:{} path:{}"
.format(i, len(obs), importing_user, o.system_id, o.path))
current_user_names = set([u.username for u in o.project.users])
# we need to add any users who have been added to the system roles
# (note that we do not delete any that are no longer listed on system roles; we only add users)
system_users = set(
get_system_users(o.project.tenant_id, importing_user.jwt,
o.system_id))
updated_user_names = system_users.union(current_user_names)
if updated_user_names != current_user_names:
logger.info("Updating to add the following users:{} "
"Updated user list is now: {}".format(
updated_user_names - current_user_names,
updated_user_names))
o.project.users = [
UserService.getOrCreateUser(u, tenant=o.project.tenant_id)
for u in updated_user_names
]
db_session.add(o)
db_session.commit()
# perform the importing
if o.watch_content:
import_from_agave(o.project.tenant_id, importing_user.id,
o.system_id, o.path, o.project.id)
except Exception:
logger.exception(
"Unhandled exception when importing observable project")
db_session.rollback()
def test_user_get(userdata):
user = UserService.getUser("test1", "test")
assert user.id is not None
assert user.created is not None
def test_user_create(userdata):
user = UserService.create(username="******", jwt="testjwt", tenant="test")
assert user.id is not None
assert user.created is not None
assert user.username == 'newUser'
assert user.jwt == "testjwt"