Add group based access support

This commit is contained in:
Madis Mägi 2023-08-13 06:36:12 +03:00
parent 43776722a1
commit 4b79a5e353

View File

@ -13,16 +13,26 @@ db = MongoClient(const.MONGO_URI).get_default_database()
gw_uri = os.getenv("OIDC_GATEWAY_URI") gw_uri = os.getenv("OIDC_GATEWAY_URI")
metadata = requests.get(f"{gw_uri}.well-known/openid-configuration").json() metadata = requests.get(f"{gw_uri}.well-known/openid-configuration").json()
def login_required(f): def login_required(_f=None, *, groups=[]):
def login_required_inner(f):
@wraps(f) @wraps(f)
def decorated_function(*args, **kwargs): def decorated_function(*args, **kwargs):
if not read_user(): print(groups)
user = read_user()
if not user:
print("doing login redirect") print("doing login redirect")
session["original_url"] = request.full_path session["original_url"] = request.full_path
return do_login() return do_login()
if groups and not any(g in groups for g in user["groups"]):
return "not allowed", 401
return f(*args, **kwargs) return f(*args, **kwargs)
return decorated_function return decorated_function
if _f is None:
return login_required_inner
else:
return login_required_inner(_f)
def do_login(): def do_login():
url = add_url_params(metadata["authorization_endpoint"], { url = add_url_params(metadata["authorization_endpoint"], {
"client_id": os.getenv("OIDC_CLIENT_ID"), "client_id": os.getenv("OIDC_CLIENT_ID"),