From 8997a58e6ab61fd0c4b84777f44f0e5684de6b0a Mon Sep 17 00:00:00 2001 From: Daisie Huang Date: Thu, 16 Jan 2025 22:36:30 -0800 Subject: [PATCH] list authz for user --- ingest_operations.py | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/ingest_operations.py b/ingest_operations.py index a84cef2..2f0a481 100644 --- a/ingest_operations.py +++ b/ingest_operations.py @@ -406,14 +406,28 @@ def list_authz_for_user(user_id): if user_id == "me": user_id = authx.auth.get_user_id(request) - response, status_code = authx.auth.get_user_in_opa(user_id) + + user_result, status_code = authx.auth.get_user_in_opa(user_id) if status_code != 200: - # We next check if the user is pending - response, status_code = authx.auth.is_user_pending(token) - # NB: The results is a string if unauthorized or pending, and a list otherwise - return "Pending" if response else "Unauthorized", status_code - response = list(response["programs"].values()) - return {"results": response}, status_code + return user_result, status_code + + user_result["site_roles"] = [] + role_types, status_code = authx.auth.list_role_types_in_opa() + if status_code == 200: + for role_type in role_types: + users, status_code = authx.auth.get_role_type_in_opa(role_type) + if user_id in users[role_type]: + user_result["site_roles"].append(role_type) + + user_result["program_authorizations"] = {} + opa_permissions, status_code = authx.auth.get_opa_permissions(user_result["userinfo"]["sample_jwt"]) + if status_code == 200: + user_result["program_authorizations"]["team_member"] = opa_permissions["team_member_programs"] + user_result["program_authorizations"]["program_curator"] = opa_permissions["curator_programs"] + + user_result["program_authorizations"]["dac_authorizations"] = user_result.pop("dac_authorizations") + + return user_result, status_code @app.route('/user/')