X-Git-Url: https://osm.etsi.org/gitweb/?p=osm%2FNBI.git;a=blobdiff_plain;f=osm_nbi%2Fauthconn_internal.py;h=2d2ddabda1315546d107de0f7d7921a249a225a8;hp=02b58905132b4bc4b5b838fb32a15430924755cd;hb=e1eb3b2c0bdb7462d330703702677b3354ceb9ff;hpb=01b15d3166ea28266fb3d994d0615e4091c43c08 diff --git a/osm_nbi/authconn_internal.py b/osm_nbi/authconn_internal.py index 02b5890..2d2ddab 100644 --- a/osm_nbi/authconn_internal.py +++ b/osm_nbi/authconn_internal.py @@ -47,9 +47,6 @@ class AuthconnInternal(Authconn): self.logger = logging.getLogger("nbi.authenticator.internal") - # Get Configuration - # self.xxx = config.get("xxx", "default") - self.db = db self.token_cache = token_cache @@ -99,12 +96,7 @@ class AuthconnInternal(Authconn): else: raise except AuthException: - if self.config["global"].get("test.user_not_authorized"): - return {"id": "fake-token-id-for-test", - "project_id": self.config["global"].get("test.project_not_authorized", "admin"), - "username": self.config["global"]["test.user_not_authorized"], "admin": True} - else: - raise + raise except Exception: self.logger.exception("Error during token validation using internal backend") raise AuthException("Error during token validation using internal backend", @@ -348,31 +340,47 @@ class AuthconnInternal(Authconn): filt["username"] = filt["name"] del filt["name"] users = self.db.get_list("users", filt) + project_id_name = {} + role_id_name = {} for user in users: - projects = [] - projs_with_roles = [] - prms = user.get("project_role_mappings", []) - for prm in prms: - if prm["project"] not in projects: - projects.append(prm["project"]) - for project in projects: - roles = [] - roles_for_proj = [] + prms = user.get("project_role_mappings") + projects = user.get("projects") + if prms: + projects = [] + # add project_name and role_name. Generate projects for backward compatibility for prm in prms: - if prm["project"] == project and prm["role"] not in roles: - role = prm["role"] - roles.append(role) - rl = self.db.get_one("roles", {BaseTopic.id_field("roles", role): role}) - roles_for_proj.append({"name": rl["name"], "_id": rl["_id"], "id": rl["_id"]}) - try: - pr = self.db.get_one("projects", {BaseTopic.id_field("projects", project): project}) - projs_with_roles.append({"name": pr["name"], "_id": pr["_id"], "id": pr["_id"], - "roles": roles_for_proj}) - except Exception as e: - self.logger.exception("Error during user listing using internal backend: {}".format(e)) - user["projects"] = projs_with_roles - if "project_role_mappings" in user: - del user["project_role_mappings"] + project_id = prm["project"] + if project_id not in project_id_name: + pr = self.db.get_one("projects", {BaseTopic.id_field("projects", project_id): project_id}, + fail_on_empty=False) + project_id_name[project_id] = pr["name"] if pr else None + prm["project_name"] = project_id_name[project_id] + if prm["project_name"] not in projects: + projects.append(prm["project_name"]) + + role_id = prm["role"] + if role_id not in role_id_name: + role = self.db.get_one("roles", {BaseTopic.id_field("roles", role_id): role_id}, + fail_on_empty=False) + role_id_name[role_id] = role["name"] if role else None + prm["role_name"] = role_id_name[role_id] + user["projects"] = projects # for backward compatibility + elif projects: + # user created with an old version. Create a project_role mapping with role project_admin + user["project_role_mappings"] = [] + role = self.db.get_one("roles", {BaseTopic.id_field("roles", "project_admin"): "project_admin"}) + for p_id_name in projects: + pr = self.db.get_one("projects", {BaseTopic.id_field("projects", p_id_name): p_id_name}) + prm = {"project": pr["_id"], + "project_name": pr["name"], + "role_name": "project_admin", + "role": role["_id"] + } + user["project_role_mappings"].append(prm) + else: + user["projects"] = [] + user["project_role_mappings"] = [] + return users def get_project_list(self, filter_q={}):