Skip to content

Commit

Permalink
merge
Browse files Browse the repository at this point in the history
  • Loading branch information
Etienne Jodry authored and Etienne Jodry committed Oct 31, 2024
2 parents bfcb6a8 + 32f1334 commit ec9e78e
Show file tree
Hide file tree
Showing 3 changed files with 5 additions and 9 deletions.
3 changes: 1 addition & 2 deletions src/biodm/api.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,8 +77,7 @@ async def dispatch(self, request: Request, call_next: Callable) -> Any:
# Log
timestamp = datetime.now().strftime("%I:%M%p on %B %d, %Y")
History.svc.app.logger.info(
f'{timestamp}\t'
f'{request.user.display_name}\t{",".join(request.user.groups)}\t'
f'{timestamp}\t{request.user.display_name}\t{",".join(request.user.groups)}\t'
f'{endpoint}\t-\t{request.method}'
)

Expand Down
4 changes: 1 addition & 3 deletions src/biodm/basics/rootcontroller.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,9 +108,7 @@ async def authenticated(self, request: Request) -> Response:
description: Unauthorized.
"""
assert request.user.info
user_id, groups = request.user.info
return PlainTextResponse(f"{user_id}, {groups}\n")
return PlainTextResponse(f"{request.user.display_name}, {request.user.groups}\n")

@admin_required
async def keycloak_sync(self, _) -> Response:
Expand Down
7 changes: 3 additions & 4 deletions src/biodm/utils/security.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,7 @@ async def lr_write_wrapper(controller, request, *args, **kwargs):
# Else hardcheck here is enough.
@wraps(f)
async def lr_wrapper(controller, request, *args, **kwargs):
if request.user.info:
if request.user.is_authenticated:
return await f(controller, request, *args, **kwargs)
raise UnauthorizedError()

Expand All @@ -139,9 +139,8 @@ async def gr_write_wrapper(controller, request, *args, **kwargs):

@wraps(f)
async def gr_wrapper(controller, request, *args, **kwargs):
if request.user.info:
_, user_groups = request.user.info
if any((ug in groups for ug in user_groups)):
if request.user.is_authenticated: # TODO: check empty group list edge case
if any((ug in groups for ug in request.user.groups)):
return f(controller, request, *args, **kwargs)

raise UnauthorizedError("Insufficient group privileges for this operation.")
Expand Down

0 comments on commit ec9e78e

Please sign in to comment.