def get_account_authorizations_for_org(token_info: Dict, account_id: str, corp_type_code: Optional[str], expanded: bool = False): """Get User authorizations for the org.""" auth_response = {} auth = None token_roles = token_info.get('realm_access').get('roles') # todo the service account level access has not been defined if Role.STAFF.value in token_roles: if expanded: # Query Authorization view by business identifier auth = AuthorizationView.find_authorization_for_staff_by_org_id(account_id) auth_response = Authorization(auth).as_dict(expanded) auth_response['roles'] = token_roles else: keycloak_guid = token_info.get('sub', None) # check product based auth auth org based auth check_product_based_auth = Authorization._is_product_based_auth(corp_type_code) if check_product_based_auth: auth = AuthorizationView.find_account_authorization_by_org_id_and_product_for_user( keycloak_guid, account_id, corp_type_code) else: if account_id and keycloak_guid: auth = AuthorizationView.find_user_authorization_by_org_id(keycloak_guid, account_id) auth_response['roles'] = [] if auth: permissions = PermissionsService.get_permissions_for_membership(auth.status_code, auth.org_membership) auth_response = Authorization(auth).as_dict(expanded) auth_response['roles'] = permissions return auth_response
def get_account_authorizations_for_product(keycloak_guid: str, account_id: str, product_code: str): """Get account authorizations for the product.""" auth_response: Dict = {'roles': []} authorization = AuthorizationView.find_account_authorization_by_org_id_and_product_for_user( keycloak_guid, account_id, product_code) auth_response['roles'] = authorization.roles.split( ',') if authorization and authorization.roles else [] return auth_response
def get_account_authorizations_for_product(keycloak_guid: str, account_id: str, product_code: str, expanded: bool = False): """Get account authorizations for the product.""" authorization = AuthorizationView.find_account_authorization_by_org_id_and_product_for_user( keycloak_guid, account_id, product_code) auth_response = Authorization(authorization).as_dict(expanded) auth_response['roles'] = authorization.roles.split( ',') if authorization and authorization.roles else [] return auth_response
def get_account_authorizations_for_product(keycloak_guid: str, account_id: str, product_code: str, expanded: bool = False): """Get account authorizations for the product.""" auth = AuthorizationView.find_account_authorization_by_org_id_and_product_for_user( keycloak_guid, account_id, product_code ) auth_response = Authorization(auth).as_dict(expanded) auth_response['roles'] = [] if auth: permissions = PermissionsService.get_permissions_for_membership(auth.status_code, auth.org_membership) auth_response['roles'] = permissions return auth_response
def get_account_authorizations_for_org(account_id: str, corp_type_code: Optional[str], expanded: bool = False, **kwargs): """Get User authorizations for the org.""" user_from_context: UserContext = kwargs['user_context'] auth_response = {} auth = None token_roles = user_from_context.roles # todo the service account level access has not been defined if Role.STAFF.value in token_roles: if expanded: # Query Authorization view by business identifier auth = AuthorizationView.find_authorization_for_admin_by_org_id( account_id) auth_response = Authorization(auth).as_dict(expanded) auth_response['roles'] = token_roles else: keycloak_guid = user_from_context.sub account_id_claim = user_from_context.account_id_claim # check product based auth auth org based auth check_product_based_auth = Authorization._is_product_based_auth( corp_type_code) if check_product_based_auth: if account_id_claim: auth = AuthorizationView.find_account_authorization_by_org_id_and_product( account_id_claim, corp_type_code) else: auth = AuthorizationView.find_account_authorization_by_org_id_and_product_for_user( keycloak_guid, account_id, corp_type_code) else: if account_id_claim and account_id == int(account_id_claim): auth = AuthorizationView.find_authorization_for_admin_by_org_id( account_id_claim) elif account_id and keycloak_guid: auth = AuthorizationView.find_user_authorization_by_org_id( keycloak_guid, account_id) auth_response['roles'] = [] if auth: permissions = PermissionsService.get_permissions_for_membership( auth.status_code, auth.org_membership) auth_response = Authorization(auth).as_dict(expanded) auth_response['roles'] = permissions return auth_response
def get_account_authorizations_for_product(account_id: str, product_code: str, expanded: bool = False, **kwargs): """Get account authorizations for the product.""" user_from_context: UserContext = kwargs['user_context'] account_id_claim = user_from_context.account_id if account_id_claim: auth = AuthorizationView.find_account_authorization_by_org_id_and_product( account_id_claim, product_code ) else: auth = AuthorizationView.find_account_authorization_by_org_id_and_product_for_user( user_from_context.sub, account_id, product_code ) auth_response = Authorization(auth).as_dict(expanded) auth_response['roles'] = [] if auth: permissions = PermissionsService.get_permissions_for_membership(auth.status_code, auth.org_membership) auth_response['roles'] = permissions return auth_response
def get_account_authorizations_for_product(token_info: Dict, account_id: str, product_code: str, expanded: bool = False): """Get account authorizations for the product.""" account_id_claim = token_info.get('Account-Id', None) if account_id_claim: auth = AuthorizationView.find_account_authorization_by_org_id_and_product( account_id_claim, product_code) else: auth = AuthorizationView.find_account_authorization_by_org_id_and_product_for_user( token_info.get('sub'), account_id, product_code) auth_response = Authorization(auth).as_dict(expanded) auth_response['roles'] = [] if auth: permissions = PermissionsService.get_permissions_for_membership( auth.status_code, auth.org_membership) auth_response['roles'] = permissions return auth_response