diff --git a/accounts/views.py b/accounts/views.py index fa08a3cd..da676116 100755 --- a/accounts/views.py +++ b/accounts/views.py @@ -283,11 +283,13 @@ def user_gcp_list(request, user_id): @login_required def verify_gcp(request, user_id): + message = None + status = None try: gcp_id = request.GET.get('gcp-id', None) gcp = GoogleProject.objects.filter(project_id=gcp_id) - # Can't register the same GCP twice + # Can't register the same GCP twice - return immediately if len(gcp) > 0: return JsonResponse({'message': 'A Google Cloud Project with the project ID {} has already been registered.'.format(str(gcp_id))}, status='500') @@ -313,14 +315,24 @@ def verify_gcp(request, user_id): 'registered_user': registered_user}) if not user_found: - return JsonResponse({'message': 'You were not found on the project. You may not register a project you do not belong to.'}, status='403') + message = 'You were not found on the project. You may not register a project you do not belong to.' + status='403' else: return JsonResponse({'roles': roles, 'gcp_id': gcp_id}, status='200') - except HttpError as e: - logger.error("[ERROR] While trying to access IAM policies for GCP ID {}:".format(str(gcp_id))) + except Exception as e: + if type(e) is HttpError: + logger.error("[ERROR] While trying to access IAM policies for GCP ID {}:".format(str(gcp_id))) + message = 'There was an error accessing your project. Please verify that you have entered the correct Google Cloud Project ID and set the permissions correctly.' + status = '403' + else: + logger.error("[ERROR] While trying to verify GCP ID {}:".format(str(gcp_id))) + message = 'There was an error while attempting to verify your project. Please verify that you have entered the correct Google Cloud Project ID and set the permissions correctly.' + status = '500' logger.exception(e) - return JsonResponse({'message': 'There was an error accessing your project. Please verify that you have entered the correct Google Cloud Project ID and set the permissions correctly.'}, status='403') + + return JsonResponse({'message': message}, status=status) + @login_required def register_gcp(request, user_id): @@ -432,14 +444,20 @@ def verify_service_account(gcp_id, service_account, datasets, user_email, is_ref try: sa = ServiceAccount.objects.get(service_account=service_account) if not is_refresh: - saads = AuthorizedDataset.objects.filter(id__in=ServiceAccountAuthorizedDatasets.objects.filter(service_account=sa).values_list('authorized_dataset', flat=True), public=False).values_list('whitelist_id',flat=True) - ads = dataset_objs.values_list('whitelist_id', flat=True) - reg_change = (len(saads) != len(ads)) - # Only if the lengthes of the 2 dataset lists are the same do we need to check them against one another - if not reg_change: - for ad in ads: - if ad not in saads: - reg_change = True + reg_change = False + # If there are private datasets requested, it might not be a duplicate + if len(dataset_objs): + saads = AuthorizedDataset.objects.filter(id__in=ServiceAccountAuthorizedDatasets.objects.filter(service_account=sa).values_list('authorized_dataset', flat=True), public=False).values_list('whitelist_id',flat=True) + ads = dataset_objs.values_list('whitelist_id', flat=True) + reg_change = (len(saads) != len(ads)) + # Only if the lengthes of the 2 dataset lists are the same do we need to check them against one another + if not reg_change: + for ad in ads: + if ad not in saads: + reg_change = True + # but if there are not, it's only not a duplicate if the public dataset isn't yet registered + else: + reg_change = (len(AuthorizedDataset.objects.filter(id__in=ServiceAccountAuthorizedDatasets.objects.filter(service_account=sa),public=True)) <= 0) # If this isn't a refresh and the requested datasets aren't changing, we don't need to re-register if not reg_change: return {'message': 'Service account {} already exists with these datasets, and so does not need to be registered'.format(str(service_account))}