def get_jwt_roles(request): """ Decodes the request's JWT from either cookies or auth payload and returns mapping of features roles from it. """ decoded_jwt = get_decoded_jwt_from_cookie(request) or get_decoded_jwt_from_auth(request) if not decoded_jwt: return {} return feature_roles_from_jwt(decoded_jwt)
def request_user_has_implicit_access(user, context): # pylint: disable=unused-argument """ Check that if request user has implicit access to `ENTERPRISE_COUPON_ADMIN_ROLE` feature role. Returns: boolean: whether the request user has access or not """ request = crum.get_current_request() decoded_jwt = get_decoded_jwt(request) or get_decoded_jwt_from_auth(request) if not context: return False return request_user_has_implicit_access_via_jwt(decoded_jwt, ENTERPRISE_COUPON_ADMIN_ROLE, context)
def has_implicit_access_to_enrollment_api(user, obj): # pylint: disable=unused-argument """ Check that if request user has implicit access to `ENTERPRISE_ENROLLMENT_API_ADMIN_ROLE` feature role. Returns: boolean: whether the request user has access or not """ request = crum.get_current_request() decoded_jwt = get_decoded_jwt(request) or get_decoded_jwt_from_auth( request) return request_user_has_implicit_access_via_jwt( decoded_jwt, ENTERPRISE_ENROLLMENT_API_ADMIN_ROLE, obj)
def request_user_has_implicit_access(user): # pylint: disable=unused-argument """ Check that if request user has implicit access to `ORDER_MANAGER_ROLE` feature role. Returns: boolean: whether the request user has access or not """ request = crum.get_current_request() decoded_jwt = get_decoded_jwt(request) or get_decoded_jwt_from_auth( request) return request_user_has_implicit_access_via_jwt(decoded_jwt, ORDER_MANAGER_ROLE)
def has_implicit_access_to_catalog_learner(user, context): # pylint: disable=unused-argument """ Check that if request user has implicit access to `ENTERPRISE_CATALOG_LEARNER_ROLE` role. Returns: boolean: whether the request user has access or not """ if not context: return False request = crum.get_current_request() decoded_jwt = get_decoded_jwt(request) or get_decoded_jwt_from_auth( request) return request_user_has_implicit_access_via_jwt( decoded_jwt, ENTERPRISE_CATALOG_LEARNER_ROLE, context)
def test_get_decoded_jwt_from_auth(self, is_jwt_authentication): """ Verify get_decoded_jwt_from_auth returns the appropriate value. """ # Mock out the `is_jwt_authenticated` method authentication.is_jwt_authenticated = lambda request: is_jwt_authentication jwt_token = self._get_test_jwt_token() mock_request_with_cookie = mock.Mock(COOKIES={}, auth=jwt_token) expected_decoded_jwt = jwt_decode_handler( jwt_token) if is_jwt_authentication else None decoded_jwt = authentication.get_decoded_jwt_from_auth( mock_request_with_cookie) self.assertEqual(expected_decoded_jwt, decoded_jwt)
def request_user_has_implicit_access(*args, **kwargs): # pylint: disable=unused-argument """ Check that if request user has implicit access to `ENTERPRISE_DATA_ADMIN_ROLE` feature role. Returns: boolean: whether the request user has access or not """ request = crum.get_current_request() __, __, request_kwargs = resolve(request.path) enterprise_id_in_request = request_kwargs.get('enterprise_id') decoded_jwt = get_decoded_jwt(request) or get_decoded_jwt_from_auth( request) return request_user_has_implicit_access_via_jwt( decoded_jwt, ENTERPRISE_DATA_ADMIN_ROLE, enterprise_id_in_request)
def has_implicit_access_to_enrollment_api(user, obj): # pylint: disable=unused-argument """ Check that if request user has implicit access to `ENTERPRISE_ENROLLMENT_API_ADMIN_ROLE` feature role. Params: user: An ``auth.User`` instance. obj: The string version of an ``EnterpriseCustomer.uuid``. Returns: boolean: whether the request user has access or not """ request = crum.get_current_request() decoded_jwt = get_decoded_jwt(request) or get_decoded_jwt_from_auth( request) return request_user_has_implicit_access_via_jwt( decoded_jwt, ENTERPRISE_ENROLLMENT_API_ADMIN_ROLE, obj)
def test_get_decoded_jwt_from_auth(self, is_jwt_authentication): """ Verify get_decoded_jwt_from_auth returns the appropriate value. """ # Mock out the `is_jwt_authenticated` method authentication.is_jwt_authenticated = lambda request: is_jwt_authentication user = factories.UserFactory() payload = generate_latest_version_payload(user) jwt = generate_jwt_token(payload) mock_request_with_cookie = mock.Mock(COOKIES={}, auth=jwt) expected_decoded_jwt = jwt_decode_handler( jwt) if is_jwt_authentication else None decoded_jwt = authentication.get_decoded_jwt_from_auth( mock_request_with_cookie) self.assertEqual(expected_decoded_jwt, decoded_jwt)