Add group based access support

This commit is contained in:
Madis Mägi 2023-08-13 06:36:12 +03:00
parent 43776722a1
commit 4b79a5e353

View File

@ -13,15 +13,25 @@ db = MongoClient(const.MONGO_URI).get_default_database()
gw_uri = os.getenv("OIDC_GATEWAY_URI") gw_uri = os.getenv("OIDC_GATEWAY_URI")
metadata = requests.get(f"{gw_uri}.well-known/openid-configuration").json() metadata = requests.get(f"{gw_uri}.well-known/openid-configuration").json()
def login_required(f): def login_required(_f=None, *, groups=[]):
@wraps(f) def login_required_inner(f):
def decorated_function(*args, **kwargs): @wraps(f)
if not read_user(): def decorated_function(*args, **kwargs):
print("doing login redirect") print(groups)
session["original_url"] = request.full_path user = read_user()
return do_login() if not user:
return f(*args, **kwargs) print("doing login redirect")
return decorated_function session["original_url"] = request.full_path
return do_login()
if groups and not any(g in groups for g in user["groups"]):
return "not allowed", 401
return f(*args, **kwargs)
return decorated_function
if _f is None:
return login_required_inner
else:
return login_required_inner(_f)
def do_login(): def do_login():
url = add_url_params(metadata["authorization_endpoint"], { url = add_url_params(metadata["authorization_endpoint"], {