Skip to content
This repository has been archived by the owner on Nov 14, 2023. It is now read-only.

Commit

Permalink
Merge pull request #200 from hotosm/feature/auth-staff
Browse files Browse the repository at this point in the history 
Users roles
  • Loading branch information
@kshitijrajsharma
kshitijrajsharma authored May 6, 2022
2 parents d920b2e + 022f6c7 commit 68267d4
Show file tree
Hide file tree
Showing 5 changed files with 49 additions and 5 deletions.
21 changes: 19 additions & 2 deletions API/auth/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,13 @@
from fastapi import Header, HTTPException, status

from src.galaxy import config

from src.galaxy.validation.models import UserRole

class AuthUser(BaseModel):
id: int
username: str
img_url: str
role: str


class Login(BaseModel):
Expand All @@ -22,7 +23,7 @@ class Token(BaseModel):
access_token: str


def login_required(access_token: str = Header(...)):
def deserialize_access_token(access_token: str):
deserializer = URLSafeSerializer(config.get("OAUTH", "secret_key"))

try:
Expand All @@ -41,3 +42,19 @@ def login_required(access_token: str = Header(...)):
)

return user_data


def login_required(access_token: str = Header(...)):
return deserialize_access_token(access_token)


def is_staff_member(access_token: str = Header(...)):
user_data = deserialize_access_token(access_token)

if UserRole[user_data["role"]] not in (UserRole.STAFF, UserRole.ADMIN):
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED, detail="User is not staff member"
)

return user_data

11 changes: 8 additions & 3 deletions API/auth/routers.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,8 @@
from requests_oauthlib import OAuth2Session

from src.galaxy import config
from . import AuthUser, Login, Token, login_required
from src.galaxy.app import Underpass
from . import AuthUser, Login, Token, login_required, is_staff_member

router = APIRouter(prefix="/auth")

Expand Down Expand Up @@ -56,10 +57,14 @@ def callback(request: Request):

serializer = URLSafeSerializer(config.get("OAUTH", "secret_key"))

user_id = data.get("id")
user_role =Underpass().get_user_role(user_id)

user_data = {
"id": data.get("id"),
"id": user_id,
"username": data.get("display_name"),
"img_url": data.get("img").get("href") if data.get("img") else None,
"role": user_role.name,
}

token = serializer.dumps(user_data)
Expand All @@ -71,5 +76,5 @@ def callback(request: Request):


@router.get("/me", response_model=AuthUser)
def my_data(user_data: AuthUser = Depends(login_required)):
def my_data(user_data: AuthUser = Depends(is_staff_member)):
return user_data
4 changes: 4 additions & 0 deletions migrations/00001.sql
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
CREATE TABLE users_roles (
user_id BIGINT PRIMARY KEY,
role INTEGER NOT NULL
);
13 changes: 13 additions & 0 deletions src/galaxy/app.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -185,6 +185,19 @@ def training_list(self, params):
return query_result


def get_user_role(self, user_id: int):
query = f"select role from users_roles where user_id = {user_id}"
query_result = self.database.executequery(query)

if len(query_result) == 0:
return UserRole.NONE

role_int = query_result[0]["role"]
user_role = UserRole(role_int)

return user_role


class Insight:
"""This class connects to Insight database and responsible for all the Insight related functionality"""

Expand Down
5 changes: 5 additions & 0 deletions src/galaxy/validation/models.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -536,3 +536,8 @@ def check_geometry_area(cls, value, values):
raise ValueError(f"""Polygon Area {int(area_km2)} Sq.KM is higher than {RAWDATA_CURRENT_POLYGON_AREA} Sq.KM""")
return value

class UserRole(Enum):
ADMIN = 1
STAFF = 2
NONE = 3

0 comments on commit 68267d4

Please sign in to comment.