cedadev / swallow

Swallow - a Birdhouse WPS for running the NAME Trajectory code.
Other
0 stars 1 forks source link

Make it possible to limit access to a process by user ID #47

Closed agstephens closed 2 years ago

agstephens commented 2 years ago
$ .../usr/local/birdhouse/etc/phoenix/ceda_process_role_map.json

    "restricted_to_ceda_users": ["SubsetCRUTimeSeries", "SubsetHadUKGrid", ],
    "open": ["CFCheck"],
    "restricted_by_user_id": {
          "IAmAProcess": ["astephen", "iwi"]
    },
    "suspended_users": []

And:

$ .../phoenix/ceda_security.py

    if user is None or user.get("login_id") in role_mappings["suspended_users"]:
        # the user is not logged or is suspended so we return False
        return False

    if processid in role_mappings.get("restricted_to_ceda_users", []):
        # the process is available to all CEDA users
        return True

>>> ADD THIS BIT

    if user.get("login_id") in role_mappings["restricted_by_user_id"].get(process_id, []):
        # the process is available to this specific user
        return True

>>> END OF NEW BIT

    users_roles = _get_user_roles(request, user.get("login_id"))

    for role in users_roles:
        if role in restricted_procs.get(processid, []):
            return True

>>> LATER, UPDATE THIS

def _get_process_role_mappings(...)
 - to include returning "restricted_by_user_id"
agstephens commented 2 years ago

Implemented, added to github, and deployed in production.