X-Git-Url: https://osm.etsi.org/gitweb/?p=osm%2FNBI.git;a=blobdiff_plain;f=osm_nbi%2Fauth.py;h=b4c7bf2beb47cb5dbf9d078e0c43b45fcf593cfc;hp=f756d9deaf96dfab52299e134ddb8e6e2e077152;hb=refs%2Fchanges%2F35%2F9135%2F3;hpb=0aa89ae83e5f60a2a42a914d4063a95ad12f5139

diff --git a/osm_nbi/auth.py b/osm_nbi/auth.py
index f756d9d..b4c7bf2 100644
--- a/osm_nbi/auth.py
+++ b/osm_nbi/auth.py
@@ -80,6 +80,8 @@ class Authenticator:
         self.role_permissions = []
         self.valid_methods = valid_methods
         self.valid_query_string = valid_query_string
+        self.system_admin_role_id = None   # system_role id
+        self.test_project_id = None  # test_project_id
 
     def start(self, config):
         """
@@ -114,9 +116,9 @@ class Authenticator:
                                         .format(config["message"]["driver"]))
             if not self.backend:
                 if config["authentication"]["backend"] == "keystone":
-                    self.backend = AuthconnKeystone(self.config["authentication"], self.db)
+                    self.backend = AuthconnKeystone(self.config["authentication"], self.db, self.role_permissions)
                 elif config["authentication"]["backend"] == "internal":
-                    self.backend = AuthconnInternal(self.config["authentication"], self.db)
+                    self.backend = AuthconnInternal(self.config["authentication"], self.db, self.role_permissions)
                     self._internal_tokens_prune()
                 else:
                     raise AuthException("Unknown authentication backend: {}"
@@ -147,7 +149,7 @@ class Authenticator:
                                 self.role_permissions.append(permission)
                     elif k in ("TODO", "METHODS"):
                         continue
-                    else:
+                    elif method_dict[k]:
                         load_role_permissions(method_dict[k])
 
             load_role_permissions(self.valid_methods)
@@ -157,6 +159,15 @@ class Authenticator:
                     if permission not in self.role_permissions:
                         self.role_permissions.append(permission)
 
+            # get ids of role system_admin and test project
+            role_system_admin = self.db.get_one("roles", {"name": "system_admin"}, fail_on_empty=False)
+            if role_system_admin:
+                self.system_admin_role_id = role_system_admin["_id"]
+            test_project_name = self.config["authentication"].get("project_not_authorized", "admin")
+            test_project = self.db.get_one("projects", {"name": test_project_name}, fail_on_empty=False)
+            if test_project:
+                self.test_project_id = test_project["_id"]
+
         except Exception as e:
             raise AuthException(str(e))
 
@@ -394,12 +405,12 @@ class Authenticator:
                 if cherrypy.session.get('Authorization'):
                     del cherrypy.session['Authorization']
                 cherrypy.response.headers["WWW-Authenticate"] = 'Bearer realm="{}"'.format(e)
-            elif self.config.get("user_not_authorized"):
-                # TODO provide user_id, roles id (not name), project_id
-                return {"id": "fake-token-id-for-test",
-                        "project_id": self.config.get("project_not_authorized", "admin"),
-                        "username": self.config["user_not_authorized"],
-                        "roles": ["system_admin"]}
+            if self.config["authentication"].get("user_not_authorized"):
+                return {"id": "testing-token", "_id": "testing-token",
+                        "project_id": self.test_project_id,
+                        "username": self.config["authentication"]["user_not_authorized"],
+                        "roles": [self.system_admin_role_id],
+                        "admin": True, "allow_show_user_project_role": True}
             raise
 
     def new_token(self, token_info, indata, remote):