def get_user_authorizations_for_entity(token_info: Dict, business_identifier: str, expanded: bool = False): """Get User authorizations for the entity.""" auth_response = {} auth = None token_roles = token_info.get('realm_access').get('roles') if Role.STAFF.value in token_roles: if expanded: # Query Authorization view by business identifier auth = AuthorizationView.find_user_authorization_by_business_number(business_identifier) auth_response = Authorization(auth).as_dict(expanded) auth_response['roles'] = token_roles elif Role.SYSTEM.value in token_roles: # a service account in keycloak should have product_code claim setup. keycloak_product_code = token_info.get('product_code', None) if keycloak_product_code: auth = AuthorizationView.find_user_authorization_by_business_number_and_product(business_identifier, keycloak_product_code) if auth: auth_response = Authorization(auth).as_dict(expanded) permissions = PermissionsService.get_permissions_for_membership(auth.status_code, 'SYSTEM') auth_response['roles'] = permissions else: keycloak_guid = token_info.get('sub', None) if business_identifier and keycloak_guid: auth = AuthorizationView.find_user_authorization_by_business_number(business_identifier, keycloak_guid) if auth: permissions = PermissionsService.get_permissions_for_membership(auth.status_code, auth.org_membership) auth_response = Authorization(auth).as_dict(expanded) auth_response['roles'] = permissions return auth_response
def test_find_invalid_user_authorization_by_business_number(session): # pylint:disable=unused-argument """Test with invalid user id and assert that auth is None.""" user = factory_user_model() org = factory_org_model() factory_membership_model(user.id, org.id) entity = factory_entity_model() factory_affiliation_model(entity.id, org.id) authorization = Authorization.find_user_authorization_by_business_number(str(uuid.uuid4()), entity.business_identifier) assert authorization is None # Test with invalid business identifier authorization = Authorization.find_user_authorization_by_business_number(str(uuid.uuid4()), '') assert authorization is None
def get_user_authorizations_for_entity(token_info: Dict, business_identifier: str, expanded: bool = False): """Get User authorizations for the entity.""" auth_response = {} if 'staff' in token_info.get('realm_access').get('roles'): auth_response = {'roles': ['edit', 'view']} elif Role.SYSTEM.value in token_info.get('realm_access').get('roles'): # a service account in keycloak should have corp_type claim setup. keycloak_corp_type = token_info.get('corp_type', None) if keycloak_corp_type: auth = AuthorizationView.find_user_authorization_by_business_number_and_corp_type( business_identifier, keycloak_corp_type) if auth: auth_response = Authorization(auth).as_dict(expanded) auth_response['roles'] = ['edit', 'view'] else: keycloak_guid = token_info.get('sub', None) auth = AuthorizationView.find_user_authorization_by_business_number( keycloak_guid, business_identifier) if auth: auth_response = Authorization(auth).as_dict(expanded) auth_response['roles'] = ['edit', 'view'] return auth_response
def get_user_authorizations_for_entity(token_info: Dict, business_identifier: str): """Get User authorizations for the entity.""" auth_response = {} if token_info.get('loginSource', None) == 'PASSCODE': if token_info.get('username', None).upper() == business_identifier.upper(): auth_response = { 'orgMembership': OWNER, 'roles': ['edit', 'view'] } elif 'staff' in token_info.get('realm_access').get('roles'): auth_response = {'roles': ['edit', 'view']} elif Role.SYSTEM.value in token_info.get('realm_access').get('roles'): # a service account in keycloak should have corp_type claim setup. keycloak_corp_type = token_info.get('corp_type', None) if keycloak_corp_type: auth = AuthorizationView.find_user_authorization_by_business_number_and_corp_type( business_identifier, keycloak_corp_type) if auth: auth_response = Authorization(auth).as_dict( exclude=['business_identifier']) auth_response['roles'] = ['edit', 'view'] else: keycloak_guid = token_info.get('sub', None) auth = AuthorizationView.find_user_authorization_by_business_number( keycloak_guid, business_identifier) if auth: auth_response = Authorization(auth).as_dict( exclude=['business_identifier']) auth_response['roles'] = ['edit', 'view'] return auth_response
def get_user_authorizations_for_entity(business_identifier: str, expanded: bool = False, **kwargs): """Get User authorizations for the entity.""" user_from_context: UserContext = kwargs['user_context'] auth_response = {} auth = None token_roles = user_from_context.roles current_app.logger.debug(f'check roles=:{token_roles}') if Role.STAFF.value in token_roles: if expanded: # Query Authorization view by business identifier auth = AuthorizationView.find_user_authorization_by_business_number( business_identifier, is_staff=True) auth_response = Authorization(auth).as_dict(expanded) auth_response['roles'] = token_roles elif Role.SYSTEM.value in token_roles: # a service account in keycloak should have product_code claim setup. keycloak_product_code = user_from_context.token_info.get( 'product_code', None) if keycloak_product_code: auth = AuthorizationView.find_user_authorization_by_business_number_and_product( business_identifier, keycloak_product_code) if auth: auth_response = Authorization(auth).as_dict(expanded) permissions = PermissionsService.get_permissions_for_membership( auth.status_code, 'SYSTEM') auth_response['roles'] = permissions else: keycloak_guid = user_from_context.sub if business_identifier and keycloak_guid: auth = AuthorizationView.find_user_authorization_by_business_number( business_identifier=business_identifier, keycloak_guid=keycloak_guid, org_id=user_from_context.account_id) if auth: permissions = PermissionsService.get_permissions_for_membership( auth.status_code, auth.org_membership) auth_response = Authorization(auth).as_dict(expanded) auth_response['roles'] = permissions return auth_response
def test_find_user_authorization_by_business_number(session): # pylint:disable=unused-argument """Assert that authorization view is returning result.""" user = factory_user_model() org = factory_org_model() membership = factory_membership_model(user.id, org.id) entity = factory_entity_model() factory_affiliation_model(entity.id, org.id) authorization = Authorization.find_user_authorization_by_business_number(str(user.keycloak_guid), entity.business_identifier) assert authorization is not None assert authorization.org_membership == membership.membership_type_code
def get_user_authorizations_for_entity(token_info: Dict, business_identifier: str): """Get User authorizations for the entity.""" auth_response = {} if token_info.get('loginSource', None) == 'PASSCODE': if token_info.get('username', None).upper() == business_identifier.upper(): auth_response = {'role': 'OWNER'} elif 'staff' in token_info.get('realm_access', []).get('roles', []): auth_response = {'role': 'STAFF'} else: keycloak_guid = token_info.get('sub', None) auth = AuthorizationView.find_user_authorization_by_business_number( keycloak_guid, business_identifier) if auth: auth_response = Authorization(auth).as_dict( exclude=['business_identifier']) return auth_response