commit a786ef7e839a99e61ecf83fcb92425a7c1348ef2
author Marcus Christie <machristie@apache.org> Tue Feb 21 11:07:04 2023 -0500
committer Marcus Christie <machristie@apache.org> Tue Feb 21 11:07:04 2023 -0500
tree ce772a65369c10f43b79e41904690512400e9de4
parent 751cef0b0a515899be8e16b65f880bac825e821e

AIRAVATA-3682 Set admin group attributes when authenticating with token

django_airavata/apps/api/authentication.py

diff --git a/django_airavata/apps/api/authentication.py b/django_airavata/apps/api/authentication.py
index 9e12b94..226b5e5 100644
--- a/django_airavata/apps/api/authentication.py
+++ b/django_airavata/apps/api/authentication.py
@@ -3,6 +3,8 @@
 from django.contrib.auth import authenticate
 from rest_framework import authentication, exceptions
 
+from django_airavata.apps.auth.middleware import set_admin_group_attributes
+
 logger = logging.getLogger(__name__)
 
 
@@ -18,6 +20,8 @@
                 _, token = request.META.get('HTTP_AUTHORIZATION').split()
 
                 logger.debug(f"OAuthAuthentication authenticated user {user}")
+                # Set request attributes that are normally set by middleware
+                set_admin_group_attributes(request)
                 return (user, token)
             except Exception as e:
                 raise exceptions.AuthenticationFailed(

django_airavata/apps/auth/middleware.py

diff --git a/django_airavata/apps/auth/middleware.py b/django_airavata/apps/auth/middleware.py
index 8e37405..46a0d08 100644
--- a/django_airavata/apps/auth/middleware.py
+++ b/django_airavata/apps/auth/middleware.py
@@ -31,6 +31,20 @@
     return middleware
 
 
+def set_admin_group_attributes(request, gateway_groups=None):
+    """Set is_gateway_admin and is_read_only_gateway_admin request attrs."""
+    if gateway_groups is None:
+        gateway_groups = request.airavata_client.getGatewayGroups(request.authz_token)
+    admins_group_id = gateway_groups['adminsGroupId']
+    read_only_admins_group_id = gateway_groups['readOnlyAdminsGroupId']
+    group_manager_client = request.profile_service['group_manager']
+    group_memberships = group_manager_client.getAllGroupsUserBelongs(
+        request.authz_token, request.user.username + "@" + settings.GATEWAY_ID)
+    group_ids = [group.id for group in group_memberships]
+    request.is_gateway_admin = admins_group_id in group_ids
+    request.is_read_only_gateway_admin = read_only_admins_group_id in group_ids
+
+
 def gateway_groups_middleware(get_response):
     """Add 'is_gateway_admin' and 'is_read_only_gateway_admin' to request."""
     def middleware(request):
@@ -52,17 +66,7 @@
                     request.authz_token)
                 gateway_groups_dict = copy.deepcopy(gateway_groups.__dict__)
                 request.session['GATEWAY_GROUPS'] = gateway_groups_dict
-            gateway_groups = request.session['GATEWAY_GROUPS']
-            admins_group_id = gateway_groups['adminsGroupId']
-            read_only_admins_group_id = gateway_groups['readOnlyAdminsGroupId']
-            group_manager_client = request.profile_service[
-                'group_manager']
-            group_memberships = group_manager_client.getAllGroupsUserBelongs(
-                request.authz_token, request.user.username + "@" + settings.GATEWAY_ID)
-            group_ids = [group.id for group in group_memberships]
-            request.is_gateway_admin = admins_group_id in group_ids
-            request.is_read_only_gateway_admin = \
-                read_only_admins_group_id in group_ids
+            set_admin_group_attributes(request, request.session.get("GATEWAY_GROUPS"))
             # Gateway Admins are made 'superuser' in Django so they can edit
             # pages in the CMS
             if request.is_gateway_admin and (