add 'is_admin' flag to profile result

rendering of some pages (vendors, clouds, software, ...) needs to know which UI elements should be present on the page. instead of returning this flag in many requests I suggest to make it available in 'auth.current_user' structure on client side. This flag means that current user is in Foundation group. It will influence only to pages rendering. Change-Id: If8e993495bb301a4272532b6ecce6e1d4fdaa21e
2016-02-17 19:04:39 +03:00
parent 2895164a84
commit 745576fc53
5 changed files with 34 additions and 3 deletions
--- a/refstack/api/controllers/user.py
+++ b/refstack/api/controllers/user.py
@@ -82,5 +82,6 @@ class ProfileController(rest.RestController):
        return {
            "openid": user.openid,
            "email": user.email,
-            "fullname": user.fullname
+            "fullname": user.fullname,
+            "is_admin": api_utils.check_user_is_foundation_admin()
        }
--- a/refstack/api/utils.py
+++ b/refstack/api/utils.py
@@ -304,3 +304,10 @@ def verify_openid_request(request):
            pecan.abort(401, 'Authentication is failed. %s' % error)

    return True
+
+
+def check_user_is_foundation_admin():
+    """Check is user in foundation group or not."""
+    user = get_user_id()
+    org_users = db.get_foundation_users()
+    return user in org_users
--- a/refstack/db/api.py
+++ b/refstack/db/api.py
@@ -210,3 +210,8 @@ def get_product(id):
 def delete_product(id):
    """delete product by id."""
    return IMPL.delete_product(id)
+
+
+def get_foundation_users():
+    """Get users' openid-s that belong to group of foundation."""
+    return IMPL.get_foundation_users()
--- a/refstack/db/sqlalchemy/api.py
+++ b/refstack/db/sqlalchemy/api.py
@@ -483,3 +483,17 @@ def delete_product(id):
    with session.begin():
        (session.query(models.Product).filter_by(id=id).
         delete(synchronize_session=False))
+
+
+def get_foundation_users():
+    """Get users' openid-s that belong to group of foundation."""
+    session = get_session()
+    organization = (
+        session.query(models.Organization.group_id)
+        .filter_by(type=api_const.FOUNDATION).first())
+    if organization is None:
+        raise NotFound('Foundation record could not found in DB.')
+    group_id = organization.group_id
+    users = (session.query(models.UserToGroup.user_openid).
+             filter_by(group_id=group_id))
+    return [user.user_openid for user in users]
--- a/refstack/tests/unit/test_api.py
+++ b/refstack/tests/unit/test_api.py
@@ -395,17 +395,21 @@ class ProfileControllerTestCase(BaseControllerTestCase):
        super(ProfileControllerTestCase, self).setUp()
        self.controller = user.ProfileController()

+    @mock.patch('refstack.db.get_foundation_users',
+                return_value=['foo@bar.org'])
    @mock.patch('refstack.db.user_get',
                return_value=mock.Mock(openid='foo@bar.org',
                                       email='foo@bar.org',
                                       fullname='Dobby'))
    @mock.patch('refstack.api.utils.get_user_session',
                return_value={const.USER_OPENID: 'foo@bar.org'})
-    def test_get(self, mock_get_user_session, mock_user_get):
+    def test_get(self, mock_get_user_session, mock_user_get,
+                 mock_get_foundation_users):
        actual_result = self.controller.get()
        self.assertEqual({'openid': 'foo@bar.org',
                          'email': 'foo@bar.org',
-                          'fullname': 'Dobby'}, actual_result)
+                          'fullname': 'Dobby',
+                          'is_admin': True}, actual_result)


 class AuthControllerTestCase(BaseControllerTestCase):