AIRAVATA-3682 Set admin group attributes when authenticating with token
diff --git a/django_airavata/apps/api/authentication.py b/django_airavata/apps/api/authentication.py
index 9e12b94..226b5e5 100644
--- a/django_airavata/apps/api/authentication.py
+++ b/django_airavata/apps/api/authentication.py
@@ -3,6 +3,8 @@
from django.contrib.auth import authenticate
from rest_framework import authentication, exceptions
+from django_airavata.apps.auth.middleware import set_admin_group_attributes
+
logger = logging.getLogger(__name__)
@@ -18,6 +20,8 @@
_, token = request.META.get('HTTP_AUTHORIZATION').split()
logger.debug(f"OAuthAuthentication authenticated user {user}")
+ # Set request attributes that are normally set by middleware
+ set_admin_group_attributes(request)
return (user, token)
except Exception as e:
raise exceptions.AuthenticationFailed(
diff --git a/django_airavata/apps/auth/middleware.py b/django_airavata/apps/auth/middleware.py
index 8e37405..46a0d08 100644
--- a/django_airavata/apps/auth/middleware.py
+++ b/django_airavata/apps/auth/middleware.py
@@ -31,6 +31,20 @@
return middleware
+def set_admin_group_attributes(request, gateway_groups=None):
+ """Set is_gateway_admin and is_read_only_gateway_admin request attrs."""
+ if gateway_groups is None:
+ gateway_groups = request.airavata_client.getGatewayGroups(request.authz_token)
+ admins_group_id = gateway_groups['adminsGroupId']
+ read_only_admins_group_id = gateway_groups['readOnlyAdminsGroupId']
+ group_manager_client = request.profile_service['group_manager']
+ group_memberships = group_manager_client.getAllGroupsUserBelongs(
+ request.authz_token, request.user.username + "@" + settings.GATEWAY_ID)
+ group_ids = [group.id for group in group_memberships]
+ request.is_gateway_admin = admins_group_id in group_ids
+ request.is_read_only_gateway_admin = read_only_admins_group_id in group_ids
+
+
def gateway_groups_middleware(get_response):
"""Add 'is_gateway_admin' and 'is_read_only_gateway_admin' to request."""
def middleware(request):
@@ -52,17 +66,7 @@
request.authz_token)
gateway_groups_dict = copy.deepcopy(gateway_groups.__dict__)
request.session['GATEWAY_GROUPS'] = gateway_groups_dict
- gateway_groups = request.session['GATEWAY_GROUPS']
- admins_group_id = gateway_groups['adminsGroupId']
- read_only_admins_group_id = gateway_groups['readOnlyAdminsGroupId']
- group_manager_client = request.profile_service[
- 'group_manager']
- group_memberships = group_manager_client.getAllGroupsUserBelongs(
- request.authz_token, request.user.username + "@" + settings.GATEWAY_ID)
- group_ids = [group.id for group in group_memberships]
- request.is_gateway_admin = admins_group_id in group_ids
- request.is_read_only_gateway_admin = \
- read_only_admins_group_id in group_ids
+ set_admin_group_attributes(request, request.session.get("GATEWAY_GROUPS"))
# Gateway Admins are made 'superuser' in Django so they can edit
# pages in the CMS
if request.is_gateway_admin and (