Skip to content

Commit

Permalink
Assing SADCO role to user if coming from SADCO client
Browse files Browse the repository at this point in the history
  • Loading branch information
@dylanpivo
dylanpivo committed Nov 11, 2024
1 parent 11c13a3 commit 55b696e
Showing 1 changed file with 23 additions and 0 deletions.
23 changes: 23 additions & 0 deletions odp/identity/lib.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,10 @@
from sqlalchemy import select

from odp.const import ODPSystemRole, SAEON_EMAIL_DOMAINS
from sadco.const import SADCORole
from odp.const.db import IdentityCommand
from odp.db import Session
from odp.config import config
from odp.db.models import Client, IdentityAudit, User, UserRole
from odp.lib import exceptions as x

Expand Down Expand Up @@ -76,6 +78,8 @@ def validate_user_login(
if not user.verified:
raise x.ODPEmailNotVerified

assign_sadco_role(client_id, user.id)

_create_audit_record(client_id, IdentityCommand.login, True, user_id=user.id)
return user.id

Expand Down Expand Up @@ -118,6 +122,8 @@ def validate_auto_login(
if not user.verified:
raise x.ODPEmailNotVerified

assign_sadco_role(client_id, user.id)

_create_audit_record(client_id, IdentityCommand.login, True, user_id=user_id)

except x.ODPIdentityError as e:
Expand Down Expand Up @@ -275,6 +281,8 @@ def create_user_account(
)
user.save()

assign_sadco_role(client_id, user.id)

assign_default_role(user.id)

_create_audit_record(client_id, IdentityCommand.signup, True, email=email)
Expand All @@ -300,6 +308,19 @@ def assign_default_role(user_id):
user_role.save()


def assign_sadco_role(client_id, user_id):
"""
Assign the SADCO role if the user has come from the SADCO client and does not have the role already.
"""
if client_id != config.ODP.IDENTITY.SADCO_CLIENT_ID:
return

if (not Session.get(UserRole, (user_id, SADCORole.SADCO_USER)) and not Session.get(UserRole, (
user_id, SADCORole.SADCO_ADMIN))):
user_role = UserRole(user_id=user_id, role_id=SADCORole.SADCO_USER)
user_role.save()


def update_user_verified(user_id, verified):
"""
Update the verified status of a user.
Expand Down Expand Up @@ -394,6 +415,8 @@ def validate_google_login(
if not user.active:
raise x.ODPAccountDisabled

assign_sadco_role(client_id, user.id)

_create_audit_record(client_id, IdentityCommand.login, True, user_id=user.id)
return user.id

Expand Down

0 comments on commit 55b696e

Please sign in to comment.