Skip to content
Snippets Groups Projects

Greg 116 non oidc sessions

Merged Greg 116 non oidc sessions
GREG-116-non-oidc-sessions into master
All threads resolved!
Merged Andreas Ellewsen requested to merge GREG-116-non-oidc-sessions into master
All threads resolved!
Compare
and
1 file
+ 58
94
Compare changes
  • Side-by-side
  • Inline
gregui/api/views/userinfo.py
+ 58
94
@@ -3,13 +3,12 @@ from typing import (
@@ -3,13 +3,12 @@ from typing import (
Type,
Type,
)
)
from rest_framework import permissions
from rest_framework.authentication import BaseAuthentication, SessionAuthentication
from rest_framework.authentication import BaseAuthentication, SessionAuthentication
from rest_framework.permissions import AllowAny, BasePermission
from rest_framework.permissions import AllowAny, BasePermission
from rest_framework.status import HTTP_403_FORBIDDEN
from rest_framework.status import HTTP_403_FORBIDDEN
from rest_framework.views import APIView
from rest_framework.views import APIView
from rest_framework.response import Response
from rest_framework.response import Response
from greg.models import Identity, InvitationLink
from greg.models import InvitationLink
from gregui.models import GregUserProfile
from gregui.models import GregUserProfile
@@ -27,112 +26,77 @@ class UserInfoView(APIView):
@@ -27,112 +26,77 @@ class UserInfoView(APIView):
def get(self, request, format=None):
def get(self, request, format=None):
"""
"""
Get info about the visiting user
Get info about the visiting user.
Works for users logged in using Feide, and those relying solely on an
Works for users logged in using Feide, and those relying solely on an
invitation id.
invitation id. Pure django users, and anonymous users are denied access.
TODO: Can this be modified into a permission class to reduce clutter?
"""
"""
user = request.user
user = request.user
invite_id = request.session.get("invite_id")
invite_id = request.session.get("invite_id")
# Authenticated user, allow access
person = None
if user.is_authenticated:
sponsor = None
user_profile = GregUserProfile.objects.get(user=user)
content = {
sponsor_id = None
"feide_id": None,
person_id = None
"sponsor_id": None,
if user_profile.sponsor:
"person_id": None,
sponsor_id = user_profile.sponsor.id
"roles": [],
if user_profile.person:
}
person_id = user_profile.person.id
content = {
"feide_id": user_profile.userid_feide,
"sponsor_id": sponsor_id,
"person_id": person_id,
"roles": [],
}
person = user_profile.person
if person:
passports = person.identities.filter(
type=Identity.IdentityType.PASSPORT_NUMBER
).first()
 
# Fetch sponsor and/or person object from profile of authenticated user
 
if user.is_authenticated:
 
try:
 
user_profile = GregUserProfile.objects.get(user=user)
 
sponsor = user_profile.sponsor
 
person = user_profile.person
content.update(
content.update(
{
{
"first_name": person.first_name,
"feide_id": user_profile.userid_feide,
"last_name": person.last_name,
"email": person.private_email and person.private_email.value,
"mobile_phone": person.private_mobile
and person.private_mobile.value,
"fnr": person.fnr and "".join((person.fnr.value[:-5], "*****")),
"passport": passports and passports.value,
"roles": [],
}
}
)
)
roles = person.roles
except GregUserProfile.DoesNotExist:
if roles:
return Response(status=HTTP_403_FORBIDDEN)
content.update(
{
"roles": [
{
"id": role.id,
"ou_nb": role.orgunit.name_nb,
"ou_en": role.orgunit.name_en,
"name_nb": role.type.name_nb,
"name_en": role.type.name_en,
"start_date": role.start_date,
"end_date": role.end_date,
"sponsor": {
"first_name": role.sponsor.first_name,
"last_name": role.sponsor.last_name,
},
}
for role in roles.all()
],
}
)
return Response(content)
# Invitation cookie, allow access
# Or fetch person info for invited guest
elif invite_id:
elif invite_id:
link = InvitationLink.objects.get(uuid=invite_id)
link = InvitationLink.objects.get(uuid=invite_id)
invitation = link.invitation
person = link.invitation.role.person
person = invitation.role.person
passports = person.identities.filter(
type=Identity.IdentityType.PASSPORT_NUMBER
).first()
content = {
"feide_id": None,
"sponsor_id": None,
"person_id": person.id,
"first_name": person.first_name,
"last_name": person.last_name,
"email": person.private_email and person.private_email.value,
"mobile_phone": person.private_mobile and person.private_mobile.value,
"fnr": person.fnr and "".join((person.fnr.value[:-5], "*****")),
"passport": passports and passports.value,
"roles": [
{
"id": role.id,
"ou_nb": role.orgunit.name_nb,
"ou_en": role.orgunit.name_en,
"name_nb": role.type.name_nb,
"name_en": role.type.name_en,
"start_date": role.start_date,
"end_date": role.end_date,
"sponsor": {
"first_name": role.sponsor.first_name,
"last_name": role.sponsor.last_name,
},
}
for role in person.roles.all()
],
}
return Response(content)
# Neither, deny access
# Otherwise, deny access
else:
else:
return Response(status=HTTP_403_FORBIDDEN)
return Response(status=HTTP_403_FORBIDDEN)
 
 
# Add sponsor fields if sponsor object present
 
if sponsor:
 
content.update({"sponsor_id": user_profile.sponsor.id})
 
# Add person fields if person object present
 
if person:
 
content.update(
 
{
 
"person_id": person.id,
 
"first_name": person.first_name,
 
"last_name": person.last_name,
 
"email": person.private_email and person.private_email.value,
 
"mobile_phone": person.private_mobile
 
and person.private_mobile.value,
 
"fnr": person.fnr and "".join((person.fnr.value[:-5], "*****")),
 
"passport": person.passport and person.passport.value,
 
"roles": [
 
{
 
"id": role.id,
 
"ou_nb": role.orgunit.name_nb,
 
"ou_en": role.orgunit.name_en,
 
"name_nb": role.type.name_nb,
 
"name_en": role.type.name_en,
 
"start_date": role.start_date,
 
"end_date": role.end_date,
 
"sponsor": {
 
"first_name": role.sponsor.first_name,
 
"last_name": role.sponsor.last_name,
 
},
 
}
 
for role in person.roles.all()
 
],
 
}
 
)
 
return Response(content)