sartography/spiff-arena
1
0
Fork 0
mirror of https://github.com/sartography/spiff-arena.git synced 2025-03-04 02:50:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
spiff-arena/spiffworkflow-backend/src/spiffworkflow_backend/services/user_service.py

188 lines
7.2 KiB
Python
Raw Normal View History

Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 10:22:22 -04:00
"""User_service."""
from typing import Any
from typing import Optional
from flask import current_app
from flask import g
Lots of adjustments from running pyl Main change is in the ErrorDisplay.tsx to assure all error information is provided. and index.css to make it "pretty"
2023-01-19 12:36:45 -05:00
Removing dependency on flask-bpmn and taking it out of SpiffArena Slightly updating the APIError code for recent updates to SpiffWorkflow's error refactoring.
2023-01-17 12:56:06 -05:00
from spiffworkflow_backend.exceptions.api_error import ApiError
from spiffworkflow_backend.models.db import db
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 10:22:22 -04:00
from spiffworkflow_backend.models.group import GroupModel
renamed active task to human task since we are no longer deleting them w/ burnettk
2022-12-19 16:23:02 -05:00
from spiffworkflow_backend.models.human_task import HumanTaskModel
from spiffworkflow_backend.models.human_task_user import HumanTaskUserModel
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 10:22:22 -04:00
from spiffworkflow_backend.models.principal import PrincipalModel
from spiffworkflow_backend.models.user import UserModel
from spiffworkflow_backend.models.user_group_assignment import UserGroupAssignmentModel
pyl w/ burnettk
2022-12-20 15:47:30 -05:00
from spiffworkflow_backend.models.user_group_assignment_waiting import (
UserGroupAssignmentWaitingModel,
)
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 10:22:22 -04:00
class UserService:
"""Provides common tools for working with users."""
@classmethod
def create_user(
cls,
When loading permissions and the user does not exist, add records to the UserGroupAssignmentWaiting table that can be picked up later. Request "profile" scope over OpenID so we can get a few more bits of information when avilable. Add a "clear_perissions" script Add an "add_permissions" script Add an "add_permissions" script When logging in for the first time, check for any awaiting permissions and assign them. Add "enumerate" as a whitelisted function to React Schema Add a "display_name" to the user table Add a test for adding a new permission Add a test for adding a user to group Adding a test for deleting all permissions. Adding a display name for the user table
2022-12-15 14:40:31 -05:00
username: str,
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 10:22:22 -04:00
service: str,
service_id: str,
email: Optional[str] = "",
pyl w/ burnettk
2022-12-20 15:47:30 -05:00
display_name: Optional[str] = "",
pass tenant attributes when creating a user w/ burnettk
2023-02-06 17:34:55 -05:00
tenant_specific_field_1: Optional[str] = None,
tenant_specific_field_2: Optional[str] = None,
tenant_specific_field_3: Optional[str] = None,
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 10:22:22 -04:00
) -> UserModel:
"""Create_user."""
user_model: Optional[UserModel] = (
increase line length from 88 to 119 for black w/ burnettk
2023-03-15 16:24:08 -04:00
UserModel.query.filter(UserModel.service == service).filter(UserModel.service_id == service_id).first()
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 10:22:22 -04:00
)
if user_model is None:
if username == "":
username = service_id
user_model = UserModel(
username=username,
service=service,
service_id=service_id,
email=email,
pyl w/ burnettk
2022-12-20 15:47:30 -05:00
display_name=display_name,
pass tenant attributes when creating a user w/ burnettk
2023-02-06 17:34:55 -05:00
tenant_specific_field_1=tenant_specific_field_1,
tenant_specific_field_2=tenant_specific_field_2,
tenant_specific_field_3=tenant_specific_field_3,
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 10:22:22 -04:00
)
db.session.add(user_model)
try:
db.session.commit()
except Exception as e:
db.session.rollback()
raise ApiError(
error_code="add_user_error",
message=f"Could not add user {username}",
) from e
cls.create_principal(user_model.id)
Adding tests for the user service , and closing a few logic errors. Adding support for a single wild card for matching all users.
2022-12-19 10:05:19 -05:00
UserService().apply_waiting_group_assignments(user_model)
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 10:22:22 -04:00
return user_model
else:
# TODO: username may be ''.
# not sure what to send in error message.
# Don't really want to send service_id.
raise (
ApiError(
error_code="user_already_exists",
message=f"User already exists: {username}",
status_code=409,
)
)
# Returns true if the current user is logged in.
@staticmethod
def has_user() -> bool:
"""Has_user."""
return "token" in g and bool(g.token) and "user" in g and bool(g.user)
@staticmethod
Squashed 'spiffworkflow-backend/' changes from 400fa583f..dba09086b dba09086b Merge pull request #164 from sartography/feature/remove_unused_tables 6baaf092b fixed group test w/ burnettk d55298517 update SpiffWorkflow w/ burnettk 10fee6d84 Merge remote-tracking branch 'origin/main' into feature/remove_unused_tables a2d4604ca pyl passes w/ burnettk b7aee0549 removed tables for file, admin_session, task_event, and data_store w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: dba09086ba6e2ef090998a22a086a633e6c13694
2022-11-02 14:17:16 -04:00
def current_user() -> Any:
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 10:22:22 -04:00
"""Current_user."""
if not UserService.has_user():
increase line length from 88 to 119 for black w/ burnettk
2023-03-15 16:24:08 -04:00
raise ApiError("logged_out", "You are no longer logged in.", status_code=401)
Squashed 'spiffworkflow-backend/' changes from 400fa583f..dba09086b dba09086b Merge pull request #164 from sartography/feature/remove_unused_tables 6baaf092b fixed group test w/ burnettk d55298517 update SpiffWorkflow w/ burnettk 10fee6d84 Merge remote-tracking branch 'origin/main' into feature/remove_unused_tables a2d4604ca pyl passes w/ burnettk b7aee0549 removed tables for file, admin_session, task_event, and data_store w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: dba09086ba6e2ef090998a22a086a633e6c13694
2022-11-02 14:17:16 -04:00
return g.user
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 10:22:22 -04:00
@staticmethod
def get_principal_by_user_id(user_id: int) -> PrincipalModel:
"""Get_principal_by_user_id."""
increase line length from 88 to 119 for black w/ burnettk
2023-03-15 16:24:08 -04:00
principal = db.session.query(PrincipalModel).filter(PrincipalModel.user_id == user_id).first()
Squashed 'spiffworkflow-backend/' changes from 1e338f955..153061d41 153061d41 Merge branch 'main' of github.com:sartography/spiffworkflow-backend into main 3724ef7f9 Assure that the Active Task Users table is cleared out before deleting the Active Task Record. We were depending on a cascade here, which seems to fail randomly -- apparently due to some sort of race condition. 137ebbc4b Merge branch 'main' of github.com:sartography/spiffworkflow-backend f8f38f813 pyl - prettier maybe? 02fe90969 Merge branch 'main' into feature/edit-task-data ca7d7d9b3 Merge branch 'main' into feature/edit-task-data c38efe2bd w/Jon Api endpoint to update task data 15b99bf90 mypy git-subtree-dir: spiffworkflow-backend git-subtree-split: 153061d413afc5d7ed0c9cec25b292393585f757
2022-10-25 14:20:02 -04:00
if isinstance(principal, PrincipalModel):
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 10:22:22 -04:00
return principal
raise ApiError(
error_code="no_principal_found",
message=f"No principal was found for user_id: {user_id}",
)
@classmethod
increase line length from 88 to 119 for black w/ burnettk
2023-03-15 16:24:08 -04:00
def create_principal(cls, child_id: int, id_column_name: str = "user_id") -> PrincipalModel:
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 10:22:22 -04:00
"""Create_principal."""
Squashed 'spiffworkflow-backend/' changes from 03bf7a61..10c443a2 10c443a2 Merge pull request #130 from sartography/feature/data 71c803aa allow passing in the log level into the app w/ burnettk daeb82d9 Merge pull request #126 from sartography/dependabot/pip/typing-extensions-4.4.0 14c8f52c Merge pull request #123 from sartography/dependabot/pip/dot-github/workflows/poetry-1.2.2 92d204e6 Merge remote-tracking branch 'origin/main' into feature/data 1cb77901 run the save all bpmn script on server boot w/ burnettk 16a6f476 Bump typing-extensions from 4.3.0 to 4.4.0 d8ac61fc Bump poetry from 1.2.1 to 1.2.2 in /.github/workflows 3be27786 Merge pull request #131 from sartography/feature/permissions2 1fd8fc78 Merge remote-tracking branch 'origin/main' into feature/permissions2 d29621ae data setup on app boot 0b21a5d4 refactor bin/save_all_bpmn.py into service code 02fb9d61 lint c95db461 refactor scripts 98628fc2 This caused a problem with scopes when token timed out. d8b2323b merged in main and resolved conflicts d01b4fc7 updated sentry-sdk to resolve deprecation warnings 5851ddf5 update for mypy in python 3.9 508f9900 merged in main and resolved conflicts 68d69978 precommit w/ burnettk 85a4ee16 removed debug print statements w/ burnettk 93eb91f4 added keycloak configs and user perms for staging w/ burnettk e4ded8fc added method to import permissions from yml file w/ burnettk 22ba89ae use percents instead of asterisks to better support db syntax w/ burnettk 0c116ae8 postgres does not use backticks w/ burnettk 621ad3ef attempting to see if sql like statement works in other dbs as well w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 10c443a2d82752e8ed9d1679afe6409d81029006
2022-10-12 15:28:52 -04:00
column = PrincipalModel.__table__.columns[id_column_name]
increase line length from 88 to 119 for black w/ burnettk
2023-03-15 16:24:08 -04:00
principal: Optional[PrincipalModel] = PrincipalModel.query.filter(column == child_id).first()
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 10:22:22 -04:00
if principal is None:
Squashed 'spiffworkflow-backend/' changes from 03bf7a61..10c443a2 10c443a2 Merge pull request #130 from sartography/feature/data 71c803aa allow passing in the log level into the app w/ burnettk daeb82d9 Merge pull request #126 from sartography/dependabot/pip/typing-extensions-4.4.0 14c8f52c Merge pull request #123 from sartography/dependabot/pip/dot-github/workflows/poetry-1.2.2 92d204e6 Merge remote-tracking branch 'origin/main' into feature/data 1cb77901 run the save all bpmn script on server boot w/ burnettk 16a6f476 Bump typing-extensions from 4.3.0 to 4.4.0 d8ac61fc Bump poetry from 1.2.1 to 1.2.2 in /.github/workflows 3be27786 Merge pull request #131 from sartography/feature/permissions2 1fd8fc78 Merge remote-tracking branch 'origin/main' into feature/permissions2 d29621ae data setup on app boot 0b21a5d4 refactor bin/save_all_bpmn.py into service code 02fb9d61 lint c95db461 refactor scripts 98628fc2 This caused a problem with scopes when token timed out. d8b2323b merged in main and resolved conflicts d01b4fc7 updated sentry-sdk to resolve deprecation warnings 5851ddf5 update for mypy in python 3.9 508f9900 merged in main and resolved conflicts 68d69978 precommit w/ burnettk 85a4ee16 removed debug print statements w/ burnettk 93eb91f4 added keycloak configs and user perms for staging w/ burnettk e4ded8fc added method to import permissions from yml file w/ burnettk 22ba89ae use percents instead of asterisks to better support db syntax w/ burnettk 0c116ae8 postgres does not use backticks w/ burnettk 621ad3ef attempting to see if sql like statement works in other dbs as well w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 10c443a2d82752e8ed9d1679afe6409d81029006
2022-10-12 15:28:52 -04:00
principal = PrincipalModel()
setattr(principal, id_column_name, child_id)
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 10:22:22 -04:00
db.session.add(principal)
try:
db.session.commit()
except Exception as e:
db.session.rollback()
current_app.logger.error(f"Exception in create_principal: {e}")
raise ApiError(
error_code="add_principal_error",
Squashed 'spiffworkflow-backend/' changes from 03bf7a61..10c443a2 10c443a2 Merge pull request #130 from sartography/feature/data 71c803aa allow passing in the log level into the app w/ burnettk daeb82d9 Merge pull request #126 from sartography/dependabot/pip/typing-extensions-4.4.0 14c8f52c Merge pull request #123 from sartography/dependabot/pip/dot-github/workflows/poetry-1.2.2 92d204e6 Merge remote-tracking branch 'origin/main' into feature/data 1cb77901 run the save all bpmn script on server boot w/ burnettk 16a6f476 Bump typing-extensions from 4.3.0 to 4.4.0 d8ac61fc Bump poetry from 1.2.1 to 1.2.2 in /.github/workflows 3be27786 Merge pull request #131 from sartography/feature/permissions2 1fd8fc78 Merge remote-tracking branch 'origin/main' into feature/permissions2 d29621ae data setup on app boot 0b21a5d4 refactor bin/save_all_bpmn.py into service code 02fb9d61 lint c95db461 refactor scripts 98628fc2 This caused a problem with scopes when token timed out. d8b2323b merged in main and resolved conflicts d01b4fc7 updated sentry-sdk to resolve deprecation warnings 5851ddf5 update for mypy in python 3.9 508f9900 merged in main and resolved conflicts 68d69978 precommit w/ burnettk 85a4ee16 removed debug print statements w/ burnettk 93eb91f4 added keycloak configs and user perms for staging w/ burnettk e4ded8fc added method to import permissions from yml file w/ burnettk 22ba89ae use percents instead of asterisks to better support db syntax w/ burnettk 0c116ae8 postgres does not use backticks w/ burnettk 621ad3ef attempting to see if sql like statement works in other dbs as well w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 10c443a2d82752e8ed9d1679afe6409d81029006
2022-10-12 15:28:52 -04:00
message=f"Could not create principal {child_id}",
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 10:22:22 -04:00
) from e
return principal
@classmethod
def add_user_to_group(cls, user: UserModel, group: GroupModel) -> None:
"""Add_user_to_group."""
increase line length from 88 to 119 for black w/ burnettk
2023-03-15 16:24:08 -04:00
exists = UserGroupAssignmentModel().query.filter_by(user_id=user.id).filter_by(group_id=group.id).count()
When loading permissions and the user does not exist, add records to the UserGroupAssignmentWaiting table that can be picked up later. Request "profile" scope over OpenID so we can get a few more bits of information when avilable. Add a "clear_perissions" script Add an "add_permissions" script Add an "add_permissions" script When logging in for the first time, check for any awaiting permissions and assign them. Add "enumerate" as a whitelisted function to React Schema Add a "display_name" to the user table Add a test for adding a new permission Add a test for adding a user to group Adding a test for deleting all permissions. Adding a display name for the user table
2022-12-15 14:40:31 -05:00
if not exists:
ugam = UserGroupAssignmentModel(user_id=user.id, group_id=group.id)
db.session.add(ugam)
db.session.commit()
@classmethod
def add_waiting_group_assignment(cls, username: str, group: GroupModel) -> None:
pyl w/ burnettk
2022-12-20 15:47:30 -05:00
"""Add_waiting_group_assignment."""
wugam = (
increase line length from 88 to 119 for black w/ burnettk
2023-03-15 16:24:08 -04:00
UserGroupAssignmentWaitingModel().query.filter_by(username=username).filter_by(group_id=group.id).first()
pyl w/ burnettk
2022-12-20 15:47:30 -05:00
)
Adding tests for the user service , and closing a few logic errors. Adding support for a single wild card for matching all users.
2022-12-19 10:05:19 -05:00
if not wugam:
increase line length from 88 to 119 for black w/ burnettk
2023-03-15 16:24:08 -04:00
wugam = UserGroupAssignmentWaitingModel(username=username, group_id=group.id)
When loading permissions and the user does not exist, add records to the UserGroupAssignmentWaiting table that can be picked up later. Request "profile" scope over OpenID so we can get a few more bits of information when avilable. Add a "clear_perissions" script Add an "add_permissions" script Add an "add_permissions" script When logging in for the first time, check for any awaiting permissions and assign them. Add "enumerate" as a whitelisted function to React Schema Add a "display_name" to the user table Add a test for adding a new permission Add a test for adding a user to group Adding a test for deleting all permissions. Adding a display name for the user table
2022-12-15 14:40:31 -05:00
db.session.add(wugam)
db.session.commit()
Adding tests for the user service , and closing a few logic errors. Adding support for a single wild card for matching all users.
2022-12-19 10:05:19 -05:00
if wugam.is_match_all():
for user in UserModel.query.all():
cls.add_user_to_group(user, group)
When loading permissions and the user does not exist, add records to the UserGroupAssignmentWaiting table that can be picked up later. Request "profile" scope over OpenID so we can get a few more bits of information when avilable. Add a "clear_perissions" script Add an "add_permissions" script Add an "add_permissions" script When logging in for the first time, check for any awaiting permissions and assign them. Add "enumerate" as a whitelisted function to React Schema Add a "display_name" to the user table Add a test for adding a new permission Add a test for adding a user to group Adding a test for deleting all permissions. Adding a display name for the user table
2022-12-15 14:40:31 -05:00
@classmethod
def apply_waiting_group_assignments(cls, user: UserModel) -> None:
pyl w/ burnettk
2022-12-20 15:47:30 -05:00
"""Apply_waiting_group_assignments."""
waiting = (
UserGroupAssignmentWaitingModel()
.query.filter(UserGroupAssignmentWaitingModel.username == user.username)
.all()
)
When loading permissions and the user does not exist, add records to the UserGroupAssignmentWaiting table that can be picked up later. Request "profile" scope over OpenID so we can get a few more bits of information when avilable. Add a "clear_perissions" script Add an "add_permissions" script Add an "add_permissions" script When logging in for the first time, check for any awaiting permissions and assign them. Add "enumerate" as a whitelisted function to React Schema Add a "display_name" to the user table Add a test for adding a new permission Add a test for adding a user to group Adding a test for deleting all permissions. Adding a display name for the user table
2022-12-15 14:40:31 -05:00
for assignment in waiting:
cls.add_user_to_group(user, assignment.group)
db.session.delete(assignment)
pyl w/ burnettk
2022-12-20 15:47:30 -05:00
wildcard = (
UserGroupAssignmentWaitingModel()
increase line length from 88 to 119 for black w/ burnettk
2023-03-15 16:24:08 -04:00
.query.filter(UserGroupAssignmentWaitingModel.username == UserGroupAssignmentWaitingModel.MATCH_ALL_USERS)
pyl w/ burnettk
2022-12-20 15:47:30 -05:00
.all()
)
Adding tests for the user service , and closing a few logic errors. Adding support for a single wild card for matching all users.
2022-12-19 10:05:19 -05:00
for assignment in wildcard:
cls.add_user_to_group(user, assignment.group)
Squashed 'spiffworkflow-backend/' content from commit 50f28073 git-subtree-dir: spiffworkflow-backend git-subtree-split: 50f28073add91265f00826bd175c8b2fff76cdc5
2022-10-12 10:22:22 -04:00
db.session.commit()
Squashed 'spiffworkflow-backend/' changes from f9c2fa21e..5225a8b4c 5225a8b4c pyl 259f74a1e Merge branch 'main' into bug/refresh-token d452208ef Merge pull request #135 from sartography/feature/permissions3 8e1075406 Merge branch 'main' into bug/refresh-token 2b01d2fe7 fixed authentication_callback and getting the user w/ burnettk 476e36c7d mypy changes 6403e62c0 Fix migration after merging main 594a32b67 merged in main and resolved conflicts w/ burnettk b285ba1a1 added updated columns to secrets and updated flask-bpmn 7c53fc9fa Merge remote-tracking branch 'origin/main' into feature/permissions3 201a6918a pyl changes a6112f7fb Merge branch 'main' into bug/refresh-token 87f65a6c6 auth_token should be dictionary, not string f163de61c pyl 1f443bb94 PublicAuthenticationService -> AuthenticationService 6c491a3df Don't refresh token here. They just logged in. We are validating the returned token. If it is bad, raise an error. 91b8649f8 id_token -> auth_token fc94774bb Move `store_refresh_token` to authentication_service 00d66e9c5 mypy c4e415dbe mypy 1e75716eb Pre commit a72b03e09 Rename method. We pass it auth_tokens, not id_tokens 9a6700a6d Too many things expect g.token. Reverting my change 74883fb23 Noe store refresh_token, and try to use it if auth_token is expired Renamed some methods to use correct token type be0557013 Cleanup - remove unused code cf01f0d51 Add refresh_token model 1c0c937af added method to delete all permissions so we can recreate them w/ burnettk aaeaac879 Merge remote-tracking branch 'origin/main' into feature/permissions3 44856fce2 added api endpoint to check if user has permissions based on given target uris w/ burnettk ae830054d precommit w/ burnettk 94d50efb1 created common method to check whether an api method should have auth w/ burnettk c955335d0 precommit w/ burnettk 37caf1a69 added a finance user to keycloak and fixed up the staging permission yml w/ burnettk 93c456294 merged in main and resolved conflicts w/ burnettk 06a7c6485 remaining tests are now passing w/ burnettk 50529d04c added test to make sure api gives a 403 if a permission is not found w/ burnettk 6a9d0a68a api calls are somewhat respecting permissions now and the process api tests are passing d07fbbeff attempting to respect permissions w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 5225a8b4c101133567d4f7efa33632d36c29c81d
2022-10-20 16:00:12 -04:00
@staticmethod
increase line length from 88 to 119 for black w/ burnettk
2023-03-15 16:24:08 -04:00
def get_user_by_service_and_service_id(service: str, service_id: str) -> Optional[UserModel]:
Squashed 'spiffworkflow-backend/' changes from f9c2fa21e..5225a8b4c 5225a8b4c pyl 259f74a1e Merge branch 'main' into bug/refresh-token d452208ef Merge pull request #135 from sartography/feature/permissions3 8e1075406 Merge branch 'main' into bug/refresh-token 2b01d2fe7 fixed authentication_callback and getting the user w/ burnettk 476e36c7d mypy changes 6403e62c0 Fix migration after merging main 594a32b67 merged in main and resolved conflicts w/ burnettk b285ba1a1 added updated columns to secrets and updated flask-bpmn 7c53fc9fa Merge remote-tracking branch 'origin/main' into feature/permissions3 201a6918a pyl changes a6112f7fb Merge branch 'main' into bug/refresh-token 87f65a6c6 auth_token should be dictionary, not string f163de61c pyl 1f443bb94 PublicAuthenticationService -> AuthenticationService 6c491a3df Don't refresh token here. They just logged in. We are validating the returned token. If it is bad, raise an error. 91b8649f8 id_token -> auth_token fc94774bb Move `store_refresh_token` to authentication_service 00d66e9c5 mypy c4e415dbe mypy 1e75716eb Pre commit a72b03e09 Rename method. We pass it auth_tokens, not id_tokens 9a6700a6d Too many things expect g.token. Reverting my change 74883fb23 Noe store refresh_token, and try to use it if auth_token is expired Renamed some methods to use correct token type be0557013 Cleanup - remove unused code cf01f0d51 Add refresh_token model 1c0c937af added method to delete all permissions so we can recreate them w/ burnettk aaeaac879 Merge remote-tracking branch 'origin/main' into feature/permissions3 44856fce2 added api endpoint to check if user has permissions based on given target uris w/ burnettk ae830054d precommit w/ burnettk 94d50efb1 created common method to check whether an api method should have auth w/ burnettk c955335d0 precommit w/ burnettk 37caf1a69 added a finance user to keycloak and fixed up the staging permission yml w/ burnettk 93c456294 merged in main and resolved conflicts w/ burnettk 06a7c6485 remaining tests are now passing w/ burnettk 50529d04c added test to make sure api gives a 403 if a permission is not found w/ burnettk 6a9d0a68a api calls are somewhat respecting permissions now and the process api tests are passing d07fbbeff attempting to respect permissions w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 5225a8b4c101133567d4f7efa33632d36c29c81d
2022-10-20 16:00:12 -04:00
"""Get_user_by_service_and_service_id."""
user: UserModel = (
increase line length from 88 to 119 for black w/ burnettk
2023-03-15 16:24:08 -04:00
UserModel.query.filter(UserModel.service == service).filter(UserModel.service_id == service_id).first()
Squashed 'spiffworkflow-backend/' changes from f9c2fa21e..5225a8b4c 5225a8b4c pyl 259f74a1e Merge branch 'main' into bug/refresh-token d452208ef Merge pull request #135 from sartography/feature/permissions3 8e1075406 Merge branch 'main' into bug/refresh-token 2b01d2fe7 fixed authentication_callback and getting the user w/ burnettk 476e36c7d mypy changes 6403e62c0 Fix migration after merging main 594a32b67 merged in main and resolved conflicts w/ burnettk b285ba1a1 added updated columns to secrets and updated flask-bpmn 7c53fc9fa Merge remote-tracking branch 'origin/main' into feature/permissions3 201a6918a pyl changes a6112f7fb Merge branch 'main' into bug/refresh-token 87f65a6c6 auth_token should be dictionary, not string f163de61c pyl 1f443bb94 PublicAuthenticationService -> AuthenticationService 6c491a3df Don't refresh token here. They just logged in. We are validating the returned token. If it is bad, raise an error. 91b8649f8 id_token -> auth_token fc94774bb Move `store_refresh_token` to authentication_service 00d66e9c5 mypy c4e415dbe mypy 1e75716eb Pre commit a72b03e09 Rename method. We pass it auth_tokens, not id_tokens 9a6700a6d Too many things expect g.token. Reverting my change 74883fb23 Noe store refresh_token, and try to use it if auth_token is expired Renamed some methods to use correct token type be0557013 Cleanup - remove unused code cf01f0d51 Add refresh_token model 1c0c937af added method to delete all permissions so we can recreate them w/ burnettk aaeaac879 Merge remote-tracking branch 'origin/main' into feature/permissions3 44856fce2 added api endpoint to check if user has permissions based on given target uris w/ burnettk ae830054d precommit w/ burnettk 94d50efb1 created common method to check whether an api method should have auth w/ burnettk c955335d0 precommit w/ burnettk 37caf1a69 added a finance user to keycloak and fixed up the staging permission yml w/ burnettk 93c456294 merged in main and resolved conflicts w/ burnettk 06a7c6485 remaining tests are now passing w/ burnettk 50529d04c added test to make sure api gives a 403 if a permission is not found w/ burnettk 6a9d0a68a api calls are somewhat respecting permissions now and the process api tests are passing d07fbbeff attempting to respect permissions w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: 5225a8b4c101133567d4f7efa33632d36c29c81d
2022-10-20 16:00:12 -04:00
)
if user:
return user
return None
Squashed 'spiffworkflow-backend/' changes from 22766521..b978f502 b978f502 Merge pull request #148 from sartography/feature/respect_lanes e7f2d23e merged in main and resolved conflicts w/ burnettk 3a382b40 add new user to active task if appropriate w/ burnettk d1571c58 added default group to demo and development w/ burnettk afdf81a0 added test to ensure users can update their own task w/ burnettk 6e13ee4e Merge remote-tracking branch 'origin/main' into feature/respect_lanes 645e4d8f updated flask-bpmn for sentry and fixed for pyl w/ burnettk 57248eab fixed submitting and getting user tasks w/ burnettk c9b086d9 ignore all null-ls w/ burnettk 63796d50 fixed model load issue w/ burnettk 49eefc56 some precommit stuff w/ burnettk 579f0902 Merge remote-tracking branch 'origin/main' into feature/respect_lanes 47bdb99f fixed swagger ui w/ burnettk 5128f752 merged in main and resolved conflicts be1f4bcc added validation to ensure user has access to task w/ burnettk a387b787 added some code to respect lanes in a process model w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: b978f502a0f840554940125c6b729b9b99086001
2022-10-21 16:28:09 -04:00
@classmethod
renamed active task to human task since we are no longer deleting them w/ burnettk
2022-12-19 16:23:02 -05:00
def add_user_to_human_tasks_if_appropriate(cls, user: UserModel) -> None:
"""Add_user_to_human_tasks_if_appropriate."""
Squashed 'spiffworkflow-backend/' changes from 22766521..b978f502 b978f502 Merge pull request #148 from sartography/feature/respect_lanes e7f2d23e merged in main and resolved conflicts w/ burnettk 3a382b40 add new user to active task if appropriate w/ burnettk d1571c58 added default group to demo and development w/ burnettk afdf81a0 added test to ensure users can update their own task w/ burnettk 6e13ee4e Merge remote-tracking branch 'origin/main' into feature/respect_lanes 645e4d8f updated flask-bpmn for sentry and fixed for pyl w/ burnettk 57248eab fixed submitting and getting user tasks w/ burnettk c9b086d9 ignore all null-ls w/ burnettk 63796d50 fixed model load issue w/ burnettk 49eefc56 some precommit stuff w/ burnettk 579f0902 Merge remote-tracking branch 'origin/main' into feature/respect_lanes 47bdb99f fixed swagger ui w/ burnettk 5128f752 merged in main and resolved conflicts be1f4bcc added validation to ensure user has access to task w/ burnettk a387b787 added some code to respect lanes in a process model w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: b978f502a0f840554940125c6b729b9b99086001
2022-10-21 16:28:09 -04:00
group_ids = [g.id for g in user.groups]
renamed active task to human task since we are no longer deleting them w/ burnettk
2022-12-19 16:23:02 -05:00
human_tasks = HumanTaskModel.query.filter(
HumanTaskModel.lane_assignment_id.in_(group_ids) # type: ignore
Squashed 'spiffworkflow-backend/' changes from 22766521..b978f502 b978f502 Merge pull request #148 from sartography/feature/respect_lanes e7f2d23e merged in main and resolved conflicts w/ burnettk 3a382b40 add new user to active task if appropriate w/ burnettk d1571c58 added default group to demo and development w/ burnettk afdf81a0 added test to ensure users can update their own task w/ burnettk 6e13ee4e Merge remote-tracking branch 'origin/main' into feature/respect_lanes 645e4d8f updated flask-bpmn for sentry and fixed for pyl w/ burnettk 57248eab fixed submitting and getting user tasks w/ burnettk c9b086d9 ignore all null-ls w/ burnettk 63796d50 fixed model load issue w/ burnettk 49eefc56 some precommit stuff w/ burnettk 579f0902 Merge remote-tracking branch 'origin/main' into feature/respect_lanes 47bdb99f fixed swagger ui w/ burnettk 5128f752 merged in main and resolved conflicts be1f4bcc added validation to ensure user has access to task w/ burnettk a387b787 added some code to respect lanes in a process model w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: b978f502a0f840554940125c6b729b9b99086001
2022-10-21 16:28:09 -04:00
).all()
renamed active task to human task since we are no longer deleting them w/ burnettk
2022-12-19 16:23:02 -05:00
for human_task in human_tasks:
increase line length from 88 to 119 for black w/ burnettk
2023-03-15 16:24:08 -04:00
human_task_user = HumanTaskUserModel(user_id=user.id, human_task_id=human_task.id)
renamed active task to human task since we are no longer deleting them w/ burnettk
2022-12-19 16:23:02 -05:00
db.session.add(human_task_user)
Squashed 'spiffworkflow-backend/' changes from 22766521..b978f502 b978f502 Merge pull request #148 from sartography/feature/respect_lanes e7f2d23e merged in main and resolved conflicts w/ burnettk 3a382b40 add new user to active task if appropriate w/ burnettk d1571c58 added default group to demo and development w/ burnettk afdf81a0 added test to ensure users can update their own task w/ burnettk 6e13ee4e Merge remote-tracking branch 'origin/main' into feature/respect_lanes 645e4d8f updated flask-bpmn for sentry and fixed for pyl w/ burnettk 57248eab fixed submitting and getting user tasks w/ burnettk c9b086d9 ignore all null-ls w/ burnettk 63796d50 fixed model load issue w/ burnettk 49eefc56 some precommit stuff w/ burnettk 579f0902 Merge remote-tracking branch 'origin/main' into feature/respect_lanes 47bdb99f fixed swagger ui w/ burnettk 5128f752 merged in main and resolved conflicts be1f4bcc added validation to ensure user has access to task w/ burnettk a387b787 added some code to respect lanes in a process model w/ burnettk git-subtree-dir: spiffworkflow-backend git-subtree-split: b978f502a0f840554940125c6b729b9b99086001
2022-10-21 16:28:09 -04:00
db.session.commit()
Reference in New Issue Copy Permalink