def build_message_headers(ion_actor_id, expiry): headers = dict() headers['ion-actor-id'] = ion_actor_id headers['expiry'] = expiry # If this is an anonymous requester then there are no roles associated with the request if ion_actor_id == DEFAULT_ACTOR_ID: headers['ion-actor-roles'] = dict() return headers try: # Check to see if the user's roles are cached already - keyed by user id if service_gateway_instance.user_role_cache.has_key(ion_actor_id): role_header = service_gateway_instance.user_role_cache.get(ion_actor_id) if role_header is not None: headers['ion-actor-roles'] = role_header return headers # The user's roles were not cached so hit the datastore to find it. org_client = OrgManagementServiceProcessClient(process=service_gateway_instance) org_roles = org_client.find_all_roles_by_user(ion_actor_id, headers={"ion-actor-id": service_gateway_instance.name, 'expiry': DEFAULT_EXPIRY}) role_header = get_role_message_headers(org_roles) # Cache the roles by user id service_gateway_instance.user_role_cache.put(ion_actor_id, role_header) except Exception as e: role_header = dict() # Default to empty dict if there is a problem finding roles for the user headers['ion-actor-roles'] = role_header return headers
def build_message_headers(self, actor_id, expiry): """Returns the headers that the service gateway uses to make service calls on behalf of a user, based on the user session or request arguments""" headers = dict() headers[MSG_HEADER_ACTOR] = actor_id headers[MSG_HEADER_VALID] = expiry req_info = flask.g.get("req_info", None) if req_info: headers["request-id"] = str(req_info["request_id"]) # If this is an anonymous requester then there are no roles associated with the request if actor_id == DEFAULT_ACTOR_ID: headers[MSG_HEADER_ROLES] = dict() return headers try: # Check to see if the user's roles are cached already - keyed by user id if self.user_role_cache.has_key(actor_id): role_header = self.user_role_cache.get(actor_id) if role_header is not None: headers[MSG_HEADER_ROLES] = role_header return headers # The user's roles were not cached so hit the datastore to find it. role_list = self.org_client.list_actor_roles( actor_id, headers=self._get_gateway_headers()) org_roles = {} for role in role_list: org_roles.setdefault(role.org_governance_name, []).append(role) role_header = get_role_message_headers(org_roles) # Cache the roles by user id self.user_role_cache.put(actor_id, role_header) except Exception: role_header = dict( ) # Default to empty dict if there is a problem finding roles for the user headers[MSG_HEADER_ROLES] = role_header return headers
def build_message_headers(self, actor_id, expiry): """Returns the headers that the service gateway uses to make service calls on behalf of a user, based on the user session or request arguments""" headers = dict() headers[MSG_HEADER_ACTOR] = actor_id headers[MSG_HEADER_VALID] = expiry req_info = flask.g.get("req_info", None) if req_info: headers["request-id"] = str(req_info["request_id"]) # If this is an anonymous requester then there are no roles associated with the request if actor_id == DEFAULT_ACTOR_ID: headers[MSG_HEADER_ROLES] = dict() return headers try: # Check to see if the user's roles are cached already - keyed by user id if self.user_role_cache.has_key(actor_id): role_header = self.user_role_cache.get(actor_id) if role_header is not None: headers[MSG_HEADER_ROLES] = role_header return headers # The user's roles were not cached so hit the datastore to find it. role_list = self.org_client.list_actor_roles(actor_id, headers=self._get_gateway_headers()) org_roles = {} for role in role_list: org_roles.setdefault(role.org_governance_name, []).append(role) role_header = get_role_message_headers(org_roles) # Cache the roles by user id self.user_role_cache.put(actor_id, role_header) except Exception: role_header = dict() # Default to empty dict if there is a problem finding roles for the user headers[MSG_HEADER_ROLES] = role_header return headers
def build_message_headers(ion_actor_id, expiry): headers = dict() headers['ion-actor-id'] = ion_actor_id headers['expiry'] = expiry #If this is an anonymous requester then there are no roles associated with the request if ion_actor_id == DEFAULT_ACTOR_ID: headers['ion-actor-roles'] = dict() return headers try: #Check to see if the user's roles are cached already - keyed by user id if service_gateway_instance.user_role_cache.has_key(ion_actor_id): role_header = service_gateway_instance.user_role_cache.get( ion_actor_id) if role_header is not None: headers['ion-actor-roles'] = role_header return headers #The user's roles were not cached so hit the datastore to find it. org_client = OrgManagementServiceProcessClient( node=Container.instance.node, process=service_gateway_instance) org_roles = org_client.find_all_roles_by_user( ion_actor_id, headers={ "ion-actor-id": service_gateway_instance.name, 'expiry': DEFAULT_EXPIRY }) role_header = get_role_message_headers(org_roles) #Cache the roles by user id service_gateway_instance.user_role_cache.put(ion_actor_id, role_header) except Exception, e: role_header = dict( ) # Default to empty dict if there is a problem finding roles for the user
def test_get_actor_header(self): #Setup data actor = IonObject(RT.ActorIdentity, name='actor1') actor_id, _ = self.rr.create(actor) ion_org = IonObject(RT.Org, name='ION', org_governance_name='ION') ion_org_id, _ = self.rr.create(ion_org) ion_org._id = ion_org_id manager_role = IonObject(RT.UserRole, name='Org Manager', governance_name=ORG_MANAGER_ROLE, description='Org Manager') manager_role_id = self.add_user_role(ion_org, manager_role) member_role = IonObject(RT.UserRole, name='Org Member', governance_name=ORG_MEMBER_ROLE, description='Org Member') # all actors have a defaul org_member_role actor_roles = find_roles_by_actor(actor_id) self.assertDictEqual(actor_roles, {'ION': [ORG_MEMBER_ROLE]}) actor_header = get_actor_header(actor_id) self.assertDictEqual(actor_header, {'ion-actor-id': actor_id, 'ion-actor-roles': {'ION': [ORG_MEMBER_ROLE]}}) #Add Org Manager Role self.rr.create_association(actor_id, PRED.hasRole, manager_role_id) actor_roles = find_roles_by_actor(actor_id) role_header = get_role_message_headers({'ION': [manager_role, member_role]}) self.assertDictEqual(actor_roles, role_header) org2 = IonObject(RT.Org, name='Org 2', org_governance_name='Second_Org') org2_id, _ = self.rr.create(org2) org2._id = org2_id member2_role = IonObject(RT.UserRole, governance_name=ORG_MEMBER_ROLE, name='Org Member', description='Org Member') member2_role_id = self.add_user_role(org2, member2_role) operator2_role = IonObject(RT.UserRole, governance_name='INSTRUMENT_OPERATOR', name='Instrument Operator', description='Instrument Operator') operator2_role_id = self.add_user_role(org2, operator2_role) self.rr.create_association(actor_id, PRED.hasRole, member2_role_id) self.rr.create_association(actor_id, PRED.hasRole, operator2_role_id) actor_roles = find_roles_by_actor(actor_id) role_header = get_role_message_headers({'ION': [manager_role, member_role], 'Second_Org': [operator2_role, member2_role]}) self.assertEqual(len(actor_roles), 2) self.assertEqual(len(role_header), 2) self.assertIn('Second_Org', actor_roles) self.assertIn('Second_Org', role_header) self.assertEqual(len(actor_roles['Second_Org']), 2) self.assertEqual(len(role_header['Second_Org']), 2) self.assertIn('INSTRUMENT_OPERATOR', actor_roles['Second_Org']) self.assertIn('INSTRUMENT_OPERATOR', role_header['Second_Org']) self.assertIn(ORG_MEMBER_ROLE, actor_roles['Second_Org']) self.assertIn(ORG_MEMBER_ROLE, role_header['Second_Org']) self.assertIn('ION', actor_roles) self.assertIn('ION', role_header) self.assertIn(ORG_MANAGER_ROLE, actor_roles['ION']) self.assertIn(ORG_MEMBER_ROLE, actor_roles['ION']) self.assertIn(ORG_MANAGER_ROLE, role_header['ION']) self.assertIn(ORG_MEMBER_ROLE, role_header['ION']) actor_header = get_actor_header(actor_id) self.assertEqual(actor_header['ion-actor-id'], actor_id) self.assertEqual(actor_header['ion-actor-roles'], actor_roles) #Now make sure we can change the name of the Org and not affect the headers org2 = self.rr.read(org2_id) org2.name = 'Updated Org 2' org2_id, _ = self.rr.update(org2) actor_roles = find_roles_by_actor(actor_id) self.assertEqual(len(actor_roles), 2) self.assertEqual(len(role_header), 2) self.assertIn('Second_Org', actor_roles) self.assertIn('Second_Org', role_header) self.assertEqual(len(actor_roles['Second_Org']), 2) self.assertEqual(len(role_header['Second_Org']), 2) self.assertIn('INSTRUMENT_OPERATOR', actor_roles['Second_Org']) self.assertIn('INSTRUMENT_OPERATOR', role_header['Second_Org']) self.assertIn(ORG_MEMBER_ROLE, actor_roles['Second_Org']) self.assertIn(ORG_MEMBER_ROLE, role_header['Second_Org']) self.assertIn('ION', actor_roles) self.assertIn('ION', role_header) self.assertIn(ORG_MANAGER_ROLE, actor_roles['ION']) self.assertIn(ORG_MEMBER_ROLE, actor_roles['ION']) self.assertIn(ORG_MANAGER_ROLE, role_header['ION']) self.assertIn(ORG_MEMBER_ROLE, role_header['ION']) actor_header = get_actor_header(actor_id) self.assertEqual(actor_header['ion-actor-id'], actor_id) self.assertEqual(actor_header['ion-actor-roles'], actor_roles)
def test_get_actor_header(self): #Setup data actor = IonObject(RT.ActorIdentity, name='actor1') actor_id, _ = self.rr.create(actor) ion_org = IonObject(RT.Org, name='ION', org_governance_name='ION') ion_org_id, _ = self.rr.create(ion_org) ion_org._id = ion_org_id manager_role = IonObject(RT.UserRole, name='Org Manager', governance_name=MODERATOR_ROLE, description='Org Manager') manager_role_id = self.add_org_role(ion_org, manager_role) member_role = IonObject(RT.UserRole, name='Org Member', governance_name=MEMBER_ROLE, description='Org Member') # all actors have a defaul MEMBER_ROLE actor_roles = find_roles_by_actor(actor_id) self.assertDictEqual(actor_roles, {'ION': [MEMBER_ROLE]}) actor_header = get_actor_header(actor_id) self.assertDictEqual(actor_header, { 'ion-actor-id': actor_id, 'ion-actor-roles': { 'ION': [MEMBER_ROLE] } }) #Add Org Manager Role self.rr.create_association(actor_id, PRED.hasRole, manager_role_id) actor_roles = find_roles_by_actor(actor_id) role_header = get_role_message_headers( {'ION': [manager_role, member_role]}) self.assertDictEqual(actor_roles, role_header) org2 = IonObject(RT.Org, name='Org 2', org_governance_name='Second_Org') org2_id, _ = self.rr.create(org2) org2._id = org2_id member2_role = IonObject(RT.UserRole, governance_name=MEMBER_ROLE, name='Org Member', description='Org Member') member2_role_id = self.add_org_role(org2, member2_role) operator2_role = IonObject(RT.UserRole, governance_name='OPERATOR', name='Instrument Operator', description='Instrument Operator') operator2_role_id = self.add_org_role(org2, operator2_role) self.rr.create_association(actor_id, PRED.hasRole, member2_role_id) self.rr.create_association(actor_id, PRED.hasRole, operator2_role_id) actor_roles = find_roles_by_actor(actor_id) role_header = get_role_message_headers({ 'ION': [manager_role, member_role], 'Second_Org': [operator2_role, member2_role] }) self.assertEqual(len(actor_roles), 2) self.assertEqual(len(role_header), 2) self.assertIn('Second_Org', actor_roles) self.assertIn('Second_Org', role_header) self.assertEqual(len(actor_roles['Second_Org']), 2) self.assertEqual(len(role_header['Second_Org']), 2) self.assertIn('OPERATOR', actor_roles['Second_Org']) self.assertIn('OPERATOR', role_header['Second_Org']) self.assertIn(MEMBER_ROLE, actor_roles['Second_Org']) self.assertIn(MEMBER_ROLE, role_header['Second_Org']) self.assertIn('ION', actor_roles) self.assertIn('ION', role_header) self.assertIn(MODERATOR_ROLE, actor_roles['ION']) self.assertIn(MEMBER_ROLE, actor_roles['ION']) self.assertIn(MODERATOR_ROLE, role_header['ION']) self.assertIn(MEMBER_ROLE, role_header['ION']) actor_header = get_actor_header(actor_id) self.assertEqual(actor_header['ion-actor-id'], actor_id) self.assertEqual(actor_header['ion-actor-roles'], actor_roles) #Now make sure we can change the name of the Org and not affect the headers org2 = self.rr.read(org2_id) org2.name = 'Updated Org 2' org2_id, _ = self.rr.update(org2) actor_roles = find_roles_by_actor(actor_id) self.assertEqual(len(actor_roles), 2) self.assertEqual(len(role_header), 2) self.assertIn('Second_Org', actor_roles) self.assertIn('Second_Org', role_header) self.assertEqual(len(actor_roles['Second_Org']), 2) self.assertEqual(len(role_header['Second_Org']), 2) self.assertIn('OPERATOR', actor_roles['Second_Org']) self.assertIn('OPERATOR', role_header['Second_Org']) self.assertIn(MEMBER_ROLE, actor_roles['Second_Org']) self.assertIn(MEMBER_ROLE, role_header['Second_Org']) self.assertIn('ION', actor_roles) self.assertIn('ION', role_header) self.assertIn(MODERATOR_ROLE, actor_roles['ION']) self.assertIn(MEMBER_ROLE, actor_roles['ION']) self.assertIn(MODERATOR_ROLE, role_header['ION']) self.assertIn(MEMBER_ROLE, role_header['ION']) actor_header = get_actor_header(actor_id) self.assertEqual(actor_header['ion-actor-id'], actor_id) self.assertEqual(actor_header['ion-actor-roles'], actor_roles)