Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WP-409: Set members to superuser via TAS #931

Merged
merged 15 commits into from
Feb 13, 2024
Merged

WP-409: Set members to superuser via TAS #931

Show file tree
Hide file tree
Changes from 13 commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
9621391
set user to staff and superuser
asimregmi Jan 24, 2024
5989692
cleaning up
asimregmi Jan 24, 2024
8c4d761
fix auth tests patcher
shayanaijaz Jan 25, 2024
0c888de
fixed test not working
shayanaijaz Jan 25, 2024
f0c3ea7
fixed unit tests
asimregmi Jan 25, 2024
122c910
udpate staff and superuser settings
asimregmi Jan 31, 2024
e696ea7
fixed linting
asimregmi Jan 31, 2024
0190c74
fixed linting and cleanup
asimregmi Jan 31, 2024
5c85ab7
adjustment to setting staff and superuser logic
asimregmi Feb 12, 2024
d90f2e3
Update unit_test.py
asimregmi Feb 12, 2024
e948dfb
Merge branch 'main' into WP-409/set-members-to-superuser-via-TAS
asimregmi Feb 12, 2024
56820d9
Update settings dict settings_custom.example.py
asimregmi Feb 12, 2024
e4127b8
Update unit_test_settings.py
asimregmi Feb 12, 2024
37691db
Merge branch 'main' into WP-409/set-members-to-superuser-via-TAS
rstijerina Feb 13, 2024
3dcd996
Update logging statements
asimregmi Feb 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 15 additions & 1 deletion server/portal/apps/auth/views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
new_user_setup_check
)
from portal.apps.search.tasks import index_allocations

from portal.apps.users.utils import check_user_groups

logger = logging.getLogger(__name__)
METRICS = logging.getLogger(f'metrics.{__name__}')
Expand Down Expand Up @@ -77,6 +77,20 @@ def launch_setup_checks(user):
"allocation information) for %s", user.username)
index_allocations.apply_async(args=[user.username])

portal_roles = settings.PORTAL_ELEVATED_ROLES
for role, groups_and_users in portal_roles.items():
if role == "is_staff" and not user.is_staff:
if str(user.username) in groups_and_users["usernames"] or check_user_groups(user, groups_and_users["groups"]):
user.is_staff = True
user.save()
logger.info("user is set to staff")
asimregmi marked this conversation as resolved.
Show resolved Hide resolved

elif role == "is_superuser" and not user.is_superuser:
if str(user.username) in groups_and_users["usernames"] or check_user_groups(user, groups_and_users["groups"]):
user.is_superuser = True
user.save()
logger.info("user is set to superuser")


def tapis_oauth_callback(request):
"""Tapis OAuth callback handler.
Expand Down
1 change: 1 addition & 0 deletions server/portal/apps/users/unit_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ def setUp(self):
token.user = user
token.save()
user.is_staff = False
user.is_superuser = False
user.save()

def test_auth_view(self):
Expand Down
7 changes: 7 additions & 0 deletions server/portal/apps/users/utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -259,3 +259,10 @@ def remove_user(project_id, user_id):
if resp['status'] != 'success':
raise ApiException("Failed to delete user: '{}'".format(resp['message']))
return resp['result']


def check_user_groups(username, groups):
return any(
user['username'] == str(username)
for group in groups for user in get_project_users_from_name(group)
)
3 changes: 2 additions & 1 deletion server/portal/apps/users/views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ def get(self, request):
"oauth": {
"expires_in": u.tapis_oauth.expires_in,
},
"isStaff": u.is_staff
"isStaff": u.is_staff,
}

return JsonResponse(out)
Expand Down Expand Up @@ -143,6 +143,7 @@ def get(self, request, project_id):
: rtype: dict
"""
usernames = get_project_users_from_id(project_id)

return JsonResponse({'response': usernames}, safe=False)


Expand Down
2 changes: 2 additions & 0 deletions server/portal/settings/settings.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -717,6 +717,8 @@
RECAPTCHA_SECRET_KEY = getattr(settings_secret, '_RECAPTCHA_SECRET_KEY', None)
RECAPTCHA_SITE_KEY = getattr(settings_secret, '_RECAPTCHA_SITE_KEY', None)

PORTAL_ELEVATED_ROLES = getattr(settings_custom, '_PORTAL_ELEVATED_ROLES', {})

"""
SETTINGS: LOCAL OVERRIDES
"""
Expand Down
11 changes: 11 additions & 0 deletions server/portal/settings/settings_custom.example.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -261,3 +261,14 @@
},
"jobsv2Title": "Historic Jobs"
}

_PORTAL_ELEVATED_ROLES = {
"is_staff": {
"groups": [],
"usernames": []
},
"is_superuser": {
"groups": [],
"usernames": []
}
}
11 changes: 11 additions & 0 deletions server/portal/settings/settings_default.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -246,3 +246,14 @@
"ticketAttachmentMaxSize": 3145728,
"jobsv2Title": "Historic Jobs"
}

_PORTAL_ELEVATED_ROLES = {
"is_staff": {
"groups": ["TACC-ACI"],
"usernames": []
},
"is_superuser": {
"groups": ["TACC-ACI"],
"usernames": []
}
}
11 changes: 11 additions & 0 deletions server/portal/settings/unit_test_settings.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -524,3 +524,14 @@
WORKBENCH_SETTINGS = {
"debug": False
}

PORTAL_ELEVATED_ROLES = {
"is_staff": {
"groups": [],
"usernames": []
},
"is_superuser": {
"groups": [],
"usernames": []
}
}
Loading