Skip to content

Commit

Permalink
[auth] WIP tokens
Browse files Browse the repository at this point in the history
  • Loading branch information
EvanBldy committed Oct 5, 2023
1 parent ffc7583 commit e00ae90
Show file tree
Hide file tree
Showing 45 changed files with 972 additions and 390 deletions.
23 changes: 10 additions & 13 deletions zou/app/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
from flask import Flask, jsonify, current_app
from flasgger import Swagger
from flask_jwt_extended import JWTManager
from flask_principal import Principal, identity_changed, Identity
from flask_principal import Principal
from flask_sqlalchemy import SQLAlchemy
from flask_migrate import Migrate
from flask_mail import Mail
Expand All @@ -21,7 +21,7 @@
from zou.app.stores import auth_tokens_store
from zou.app.services.exception import (
ModelWithRelationsDeletionException,
PersonNotFoundException,
IdentityNotFoundException,
WrongIdFormatException,
WrongParameterException,
WrongTaskTypeForEntityException,
Expand Down Expand Up @@ -140,24 +140,21 @@ def server_error(error):


def configure_auth():
from zou.app.services import persons_service
from zou.app.services import identities_service

@jwt.token_in_blocklist_loader
def check_if_token_is_revoked(_, payload):
return auth_tokens_store.is_revoked(payload)
return auth_tokens_store.is_revoked(
payload["jti"]
) # and ApiToken.get_by(jti=payload["jti"]) is None

@jwt.user_lookup_loader
def add_permissions(_, payload):
def user_lookup_callback(_, payload):
try:
user = persons_service.get_person(payload["user_id"])
if user is not None:
identity_changed.send(
current_app._get_current_object(),
identity=Identity(user["id"]),
)
return user
except PersonNotFoundException:
identity = identities_service.get_identity_raw(payload["sub"])
except IdentityNotFoundException:
return None
return identity


def load_api():
Expand Down
27 changes: 14 additions & 13 deletions zou/app/blueprints/assets/resources.py
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
shots_service,
tasks_service,
user_service,
identities_service,
)


Expand Down Expand Up @@ -100,9 +101,9 @@ def get(self):
criterions = query.get_query_criterions_from_request(request)
check_criterion_access(criterions)
if permissions.has_vendor_permissions():
criterions["assigned_to"] = persons_service.get_current_user()[
"id"
]
criterions[
"assigned_to"
] = identities_service.get_current_identity()["id"]
return assets_service.get_assets(criterions)


Expand Down Expand Up @@ -133,12 +134,12 @@ def get(self):
page = self.get_page()
check_criterion_access(criterions)
if permissions.has_vendor_permissions():
criterions["assigned_to"] = persons_service.get_current_user()[
"id"
]
criterions[
"assigned_to"
] = identities_service.get_current_identity()["id"]
criterions["vendor_departments"] = [
str(department.id)
for department in persons_service.get_current_user_raw().departments
for department in identities_service.get_current_identity_raw().departments
]
return assets_service.get_assets_and_tasks(criterions, page)

Expand Down Expand Up @@ -271,9 +272,9 @@ def get(self, project_id):
criterions = query.get_query_criterions_from_request(request)
criterions["project_id"] = project_id
if permissions.has_vendor_permissions():
criterions["assigned_to"] = persons_service.get_current_user()[
"id"
]
criterions[
"assigned_to"
] = identities_service.get_current_identity()["id"]
return assets_service.get_assets(criterions)


Expand Down Expand Up @@ -311,9 +312,9 @@ def get(self, project_id, asset_type_id):
criterions["project_id"] = project_id
criterions["entity_type_id"] = asset_type_id
if permissions.has_vendor_permissions():
criterions["assigned_to"] = persons_service.get_current_user()[
"id"
]
criterions[
"assigned_to"
] = identities_service.get_current_identity()["id"]
return assets_service.get_assets(criterions)


Expand Down
Loading

0 comments on commit e00ae90

Please sign in to comment.