Commit 57da4c88 authored by Jonathan Schaeffer's avatar Jonathan Schaeffer
Browse files

Give permission to all networks for this users

Not only the networks listed in memberof, but also all the local
permissions related to this email.
parent 9b026a85
......@@ -43,7 +43,7 @@ class Configurator():
RESIFAUTH_PGPASSWORD = os.getenv('PGPASSWORD')
else:
RESIFINV_PGPASSWORD = os.getenv('RESIFINV_PGPASSWORD')
RESIFAUTH_PGPASSWORD = os.getenv('RESIAUTH_PGPASSWORD')
RESIFAUTH_PGPASSWORD = os.getenv('RESIFAUTH_PGPASSWORD')
GNUPG_HOMEDIR = os.getenv('GNUPG_HOMEDIR', '/gpghome')
SUPPORT_EMAIL = os.getenv('SUPPORT_EMAIL', 'resif-dc@univ-grenoble-alpes.fr')
......
......@@ -62,12 +62,30 @@ def register_privileges(login, tokendict):
application.logger.debug(" ... is in epos fdsn map")
fdsn_memberships.append(application.config['EPOS_FDSN_MAP'][em])
# Now get localy defined autorizations, from email adress
if len(fdsn_memberships) == 0:
return
# TODO Now get localy defined autorizations, from email adress
# 1. Chercher tous les users ayant cet email dans la table resifAuth.users
# select login from users where email = '' and expires_at is NULL
# 2. Pour chaque login récupéré, prendre la liste des réseaux autorisés dans resifInv
# select network_id, network, start_year, end_year from aut_user where name=%(login)s
# Ajouter ces tuples à fdsn_membership pour que les autorisations soient accordées à cet utilisateur
#
#
# Step 1 :
permanent_logins = []
with psycopg2.connect(dbname= application.config['RESIFAUTH_PGDATABASE'],
port = application.config['RESIFAUTH_PGPORT'],
host = application.config['RESIFAUTH_PGHOST'],
user= application.config['RESIFAUTH_PGUSER'],
password = application.config['RESIFAUTH_PGPASSWORD']) as conn:
cur = conn.cursor()
application.logger.debug("Connected to users database")
cur.execute("select login from users where email=%s and expires_at is null", (tokendict['mail'],))
for l in cur:
application.logger.debug("Found an account corresponding to %s: %s", tokendict['mail'], l[0])
permanent_logins.append(l[0])
# Step 2
application.logger.debug("FDSN memberships: %s"%(fdsn_memberships))
# Maintenant, on enregistre les memberships
try:
conn = psycopg2.connect(dbname= application.config['RESIFINV_PGDATABASE'],
port = application.config['RESIFINV_PGPORT'],
......@@ -75,7 +93,7 @@ def register_privileges(login, tokendict):
user= application.config['RESIFINV_PGUSER'],
password = application.config['RESIFINV_PGPASSWORD'])
cur = conn.cursor()
application.logger.debug("Connected to privileges database")
application.logger.debug("Connected to resifinv database")
except Exception as e:
application.logger.error("Unable to connect to database %s as %s@%s:%s", application.config['RESIFINV_PGDATABASE'],
application.config['RESIFINV_PGUSER'],
......@@ -83,6 +101,16 @@ def register_privileges(login, tokendict):
application.config['RESIFINV_PGPORT'])
raise e
for l in permanent_logins:
application.logger.debug("Searching for privileges on login %s", l)
cur.execute("select network_id, network, start_year, end_year from aut_user where name=%s", (l,))
for ref in cur:
fdsn_memberships.append({'networkid': ref[0], 'networkcode': ref[1], 'startyear': ref[2], 'endyear': ref[3] })
if len(fdsn_memberships) == 0:
application.logger.debug("No membership for user %s", login)
return
application.logger.debug("FDSN memberships: %s"%(fdsn_memberships))
# Get the network id
for ref in fdsn_memberships:
ref['login'] = login
......@@ -124,6 +152,7 @@ def get_login_password(tokendict):
cur = conn.cursor()
application.logger.debug("Connected to users database")
cur.execute("select user_index,login from users where email=%s and expires_at between now()+'1 hour' and now()+'26 hours'", (tokendict['mail'],))
application.logger.debug(cur.mogrify("select user_index,login from users where email=%s and expires_at between now()+'1 hour' and now()+'26 hours'", (tokendict['mail'],)))
if cur.rowcount != 0:
(uid, login) = cur.fetchone()
......@@ -140,7 +169,7 @@ def get_login_password(tokendict):
expiration_time = datetime.datetime.now()+datetime.timedelta(days=1)
# Register login in authentication database
cur.execute("""
INSERT INTO users VALUES (DEFAULT, %(login)s, %s(sn)s, %(givenName)s, %(mail)s, %(expires_at)s);
INSERT INTO users VALUES (DEFAULT, %(login)s, %(sn)s, %(givenName)s, %(mail)s, %(expires_at)s);
""",
{'login': login, 'givenName': tokendict['givenName'], 'sn': tokendict['sn'], 'mail': tokendict['mail'], 'expires_at': expiration_time }
)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment