Update access logic

config.py

@@ -27,9 +27,6 @@ class Config:
     access_token_url="https://github.com/login/oauth/access_token",
     access_token_params=None,
     authorize_url="https://github.com/login/oauth/authorize",
-    # authorize_params={
-    #     "state": uuid4().hex,
-    # },
     authorize_params=None,
     api_base_url="https://api.github.com/",
     client_kwargs={"scope": "user:email"},

middleware/access_logic.py

@@ -146,7 +146,9 @@ def get_access_info(token: str):
         except Exception:
             return None
         return get_jwt_access_info_with_permissions(
-            user_email=simple_jwt.sub["user_email"], user_id=simple_jwt.sub["id"]
+            user_email=simple_jwt.sub["user_email"],
+            user_id=simple_jwt.sub["id"],
+            permissions_raw_str=simple_jwt.sub["permissions"],
         )
 
 
@@ -179,8 +181,13 @@ def decode_jwt_with_purpose(token: str, purpose: JWTPurpose):
         )
 
 
-def get_jwt_access_info_with_permissions(user_email, user_id):
-    permissions = get_user_permissions(user_email)
+def get_jwt_access_info_with_permissions(
+    user_email, user_id, permissions_raw_str: list[str]
+):
+    permissions = []
+    for permission_raw_str in permissions_raw_str:
+        permission = PermissionsEnum(permission_raw_str)
+        permissions.append(permission)
     return AccessInfoPrimary(
         user_email=user_email,
         user_id=user_id,

middleware/enums.py

@@ -19,6 +19,7 @@ class PermissionsEnum(Enum):
     DB_WRITE = "db_write"
     READ_ALL_USER_INFO = "read_all_user_info"
     NOTIFICATIONS = "notifications"
+    SOURCE_COLLECTOR = "source_collector"
 
     @classmethod
     def values(cls):

middleware/primary_resource_logic/login_queries.py

@@ -22,20 +22,20 @@
 class JWTAccessRefreshTokens:
 
     def __init__(self, email: str):
+        db_client = DatabaseClient()
+        user_id = db_client.get_user_id(email)
+        permissions = db_client.get_user_permissions(user_id)
         identity = {
+            "id": db_client.get_user_id(email),
             "user_email": email,
-            "id": DatabaseClient().get_user_id(email),
+            "permissions": [permission.value for permission in permissions],
         }
         simple_jwt = SimpleJWT(
             sub=identity,
             exp=(datetime.now(tz=timezone.utc) + timedelta(minutes=15)).timestamp(),
             purpose=JWTPurpose.STANDARD_ACCESS_TOKEN,
         )
         self.access_token = simple_jwt.encode()
-        # self.access_token = create_access_token(
-        #     identity=identity,
-        #     additional_claims={"purpose": JWTPurpose.STANDARD_ACCESS_TOKEN.value},
-        # )
         self.refresh_token = create_refresh_token(identity=identity)
 
 

requirements.txt

@@ -37,7 +37,7 @@ packaging==23.1
 pathy==0.10.2
 pluggy==1.5.0
 preshed==3.0.8
-psycopg~=3.2
+psycopg[binary, pool]~=3.2
 py==1.11.0
 pycparser==2.21
 pydantic==2.10.2

resources/CreateTestUserWithElevatedPermissions.py

@@ -97,6 +97,8 @@ def post(self):
             for permission in [
                 PermissionsEnum.READ_ALL_USER_INFO,
                 PermissionsEnum.DB_WRITE,
+                PermissionsEnum.NOTIFICATIONS,
+                PermissionsEnum.SOURCE_COLLECTOR,
             ]:
                 db_client.add_user_permission(
                     user_id=db_client.get_user_id(email=auto_user_email),

tests/integration/test_data_requests.py

@@ -90,13 +90,10 @@ def test_data_requests_get(
 
     assert len(data) == 2
 
-    # Give user admin permission
-    tdc.db_client.add_user_permission(
-        user_id=tus_creator.user_info.user_id, permission=PermissionsEnum.DB_WRITE
-    )
+    # Check that admin can pull more columns
 
     admin_data = tdc.request_validator.get_data_requests(
-        headers=tus_creator.jwt_authorization_header,
+        headers=tdc.get_admin_tus().jwt_authorization_header,
     )[DATA_KEY]
 
     # Assert admin columns are greater than user columns