Add group based access support
This commit is contained in:
parent
43776722a1
commit
4b79a5e353
@ -13,16 +13,26 @@ db = MongoClient(const.MONGO_URI).get_default_database()
|
|||||||
gw_uri = os.getenv("OIDC_GATEWAY_URI")
|
gw_uri = os.getenv("OIDC_GATEWAY_URI")
|
||||||
metadata = requests.get(f"{gw_uri}.well-known/openid-configuration").json()
|
metadata = requests.get(f"{gw_uri}.well-known/openid-configuration").json()
|
||||||
|
|
||||||
def login_required(f):
|
def login_required(_f=None, *, groups=[]):
|
||||||
|
def login_required_inner(f):
|
||||||
@wraps(f)
|
@wraps(f)
|
||||||
def decorated_function(*args, **kwargs):
|
def decorated_function(*args, **kwargs):
|
||||||
if not read_user():
|
print(groups)
|
||||||
|
user = read_user()
|
||||||
|
if not user:
|
||||||
print("doing login redirect")
|
print("doing login redirect")
|
||||||
session["original_url"] = request.full_path
|
session["original_url"] = request.full_path
|
||||||
return do_login()
|
return do_login()
|
||||||
|
if groups and not any(g in groups for g in user["groups"]):
|
||||||
|
return "not allowed", 401
|
||||||
return f(*args, **kwargs)
|
return f(*args, **kwargs)
|
||||||
return decorated_function
|
return decorated_function
|
||||||
|
|
||||||
|
if _f is None:
|
||||||
|
return login_required_inner
|
||||||
|
else:
|
||||||
|
return login_required_inner(_f)
|
||||||
|
|
||||||
def do_login():
|
def do_login():
|
||||||
url = add_url_params(metadata["authorization_endpoint"], {
|
url = add_url_params(metadata["authorization_endpoint"], {
|
||||||
"client_id": os.getenv("OIDC_CLIENT_ID"),
|
"client_id": os.getenv("OIDC_CLIENT_ID"),
|
||||||
|
Loading…
Reference in New Issue
Block a user