From c11577e990b1ffb50d9e5b15ee475e2e653d7a58 Mon Sep 17 00:00:00 2001 From: jasquat <2487833+jasquat@users.noreply.github.com> Date: Wed, 22 May 2024 20:36:25 +0000 Subject: [PATCH] allow guest users to use typeahead w/ burnettk (#1594) Co-authored-by: jasquat --- .../services/authorization_service.py | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py b/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py index d9fab53a4..25c96bfe2 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py @@ -367,6 +367,8 @@ class AuthorizationService: if cls.request_is_excluded_from_permission_check(): return None + if cls.request_is_excluded_from_public_user_permission_check(decoded_token): + return None cls.check_permission_for_request() @@ -379,6 +381,24 @@ class AuthorizationService: api_function_full_path, module = cls.get_fully_qualified_api_function_from_request() if api_function_full_path and (api_function_full_path in authorization_exclusion_list): return True + + return False + + @classmethod + def request_is_excluded_from_public_user_permission_check(cls, decoded_token: dict | None) -> bool: + authorization_exclusion_for_public_user_list = [ + "spiffworkflow_backend.routes.connector_proxy_controller.typeahead", + ] + api_function_full_path, module = cls.get_fully_qualified_api_function_from_request() + if ( + api_function_full_path + and (api_function_full_path in authorization_exclusion_for_public_user_list) + and decoded_token + and "public" in decoded_token + and decoded_token["public"] is True + ): + return True + return False @staticmethod