Add group based access support
This commit is contained in:
parent
43776722a1
commit
4b79a5e353
@ -13,16 +13,26 @@ db = MongoClient(const.MONGO_URI).get_default_database()
|
||||
gw_uri = os.getenv("OIDC_GATEWAY_URI")
|
||||
metadata = requests.get(f"{gw_uri}.well-known/openid-configuration").json()
|
||||
|
||||
def login_required(f):
|
||||
def login_required(_f=None, *, groups=[]):
|
||||
def login_required_inner(f):
|
||||
@wraps(f)
|
||||
def decorated_function(*args, **kwargs):
|
||||
if not read_user():
|
||||
print(groups)
|
||||
user = read_user()
|
||||
if not user:
|
||||
print("doing login redirect")
|
||||
session["original_url"] = request.full_path
|
||||
return do_login()
|
||||
if groups and not any(g in groups for g in user["groups"]):
|
||||
return "not allowed", 401
|
||||
return f(*args, **kwargs)
|
||||
return decorated_function
|
||||
|
||||
if _f is None:
|
||||
return login_required_inner
|
||||
else:
|
||||
return login_required_inner(_f)
|
||||
|
||||
def do_login():
|
||||
url = add_url_params(metadata["authorization_endpoint"], {
|
||||
"client_id": os.getenv("OIDC_CLIENT_ID"),
|
||||
|
Loading…
Reference in New Issue
Block a user