Skip to content

Commit d94fde7

Browse files
fabidick22fabidick22
committed
fix: role-based control #122 
1 parent d296444 commit d94fde7

File tree

3 files changed

+25
-4
lines changed

3 files changed

+25
-4
lines changed

commons/data_access_layer/database.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ def delete(self, id):
3333
raise NotImplementedError # pragma: no cover
3434

3535

36-
class EventContext():
36+
class EventContext:
3737
def __init__(self, container_id: str, action: str, description: str = None,
3838
user_id: str = None, tenant_id: str = None, session_id: str = None,
3939
app_id: str = None):

time_tracker_api/database.py

Lines changed: 12 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111

1212
from commons.data_access_layer.cosmos_db import CosmosDBDao
1313
from commons.data_access_layer.database import EventContext
14-
from time_tracker_api.security import current_user_id, current_user_tenant_id
14+
from time_tracker_api.security import current_user_id, current_user_tenant_id, current_role_user, roles
1515

1616

1717
class CRUDDao(abc.ABC):
@@ -37,10 +37,11 @@ def delete(self, id):
3737

3838

3939
class ApiEventContext(EventContext):
40-
def __init__(self, container_id: str, action: str, description: str = None,
41-
user_id: str = None, tenant_id: str = None, session_id: str = None):
40+
def __init__(self, container_id: str, action: str, description: str = None, user_id: str = None,
41+
tenant_id: str = None, session_id: str = None, user_role: str = None):
4242
super(ApiEventContext, self).__init__(container_id, action, description)
4343
self._user_id = user_id
44+
self._user_role = user_role
4445
self._tenant_id = tenant_id
4546
self._session_id = session_id
4647

@@ -50,6 +51,10 @@ def user_id(self) -> str:
5051
self._user_id = current_user_id()
5152
return self._user_id
5253

54+
@property
55+
def user_role(self) -> str:
56+
return self._user_role if self._user_role else current_role_user()
57+
5358
@property
5459
def tenant_id(self) -> str:
5560
if self._tenant_id is None:
@@ -60,6 +65,10 @@ def tenant_id(self) -> str:
6065
def session_id(self) -> str:
6166
return self._session_id
6267

68+
@property
69+
def is_admin(self):
70+
return True if self.user_role == roles.get("admin").get("name") else False
71+
6372

6473
class APICosmosDBDao(CosmosDBDao):
6574
def create_event_context(self, action: str = None, description: str = None):

time_tracker_api/security.py

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,13 @@
2929

3030
iss_claim_pattern = re.compile(r"(.*).b2clogin.com/(?P<tenant_id>%s)" % UUID_REGEX)
3131

32+
default_role = frozenset({"client-role"})
33+
34+
roles = {
35+
"admin": {"name": "time-tracker-admin"},
36+
"client": {"name": "client-role"}
37+
}
38+
3239

3340
def current_user_id() -> str:
3441
oid_claim = get_token_json().get("oid")
@@ -38,6 +45,11 @@ def current_user_id() -> str:
3845
return oid_claim
3946

4047

48+
def current_role_user() -> str:
49+
role_user = get_token_json().get("extension_role", None)
50+
return role_user if role_user else roles.get("client").get("name")
51+
52+
4153
def current_user_tenant_id() -> str:
4254
iss_claim = get_token_json().get("iss")
4355
if iss_claim is None:

0 commit comments

Comments
 (0)