[airavata-django-portal] 04/04: Merge branch 'airavata-3383' into develop

[ma...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

machristie pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata-django-portal.git

commit 3b022ea407ed75873515930f12ac31d6b31260cc
Merge: 27dc31b f08c213
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Mon Jun 14 16:08:29 2021 -0400

    Merge branch 'airavata-3383' into develop

 django_airavata/apps/auth/views.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --cc django_airavata/apps/auth/views.py
index 33684b5,1ef0259..fb0d295
--- a/django_airavata/apps/auth/views.py
+++ b/django_airavata/apps/auth/views.py
@@@ -520,91 -509,9 +520,91 @@@ def _create_login_desktop_failed_respon
  
  
  @login_required
 +def access_token_redirect(request):
 +    redirect_uri = request.GET['redirect_uri']
 +    config = next(filter(lambda d: d.get('URI') == redirect_uri,
 +                         settings.ACCESS_TOKEN_REDIRECT_ALLOWED_URIS), None)
 +    if config is None:
 +        logger.warning(f"redirect_uri value '{redirect_uri}' is not configured "
 +                       "in ACCESS_TOKEN_REDIRECT_ALLOWED_URIS setting")
 +        return HttpResponseForbidden("Invalid redirect_uri value")
 +    return redirect(redirect_uri + f"{'&' if '?' in redirect_uri else '?'}{config.get('PARAM_NAME', 'access_token')}="
 +                    f"{quote(request.authz_token.accessToken)}")
 +
 +
 +def user_profile(request):
 +    return render(request, "django_airavata_auth/base.html", {
 +        'bundle_name': "user-profile"
 +    })
 +
 +
 +class IsUserOrReadOnlyForAdmins(permissions.BasePermission):
 +    def has_permission(self, request, view):
 +        return request.user.is_authenticated
 +
 +    def has_object_permission(self, request, view, obj):
 +        if (request.method in permissions.SAFE_METHODS and
 +                request.is_gateway_admin):
 +            return True
 +        return obj == request.user
 +
 +
 +# TODO: disable deleting and creating?
 +class UserViewSet(viewsets.ModelViewSet):
 +    serializer_class = serializers.UserSerializer
 +    queryset = get_user_model().objects.all()
 +    permission_classes = [IsUserOrReadOnlyForAdmins]
 +
 +    def get_queryset(self):
 +        user = self.request.user
 +        if user.is_superuser:
 +            return get_user_model().objects.all()
 +        else:
 +            return get_user_model().objects.get(pk=user.pk)
 +
 +    @action(detail=False)
 +    def current(self, request):
 +        return redirect(reverse('django_airavata_auth:user-detail', kwargs={'pk': request.user.id}))
 +
 +    @action(methods=['post'], detail=True)
 +    def resend_email_verification(self, request, pk=None):
 +        pending_email_change = models.PendingEmailChange.objects.get(user=request.user, verified=False)
 +        if pending_email_change is not None:
 +            serializer = serializers.UserSerializer()
 +            serializer._send_email_verification_link(request, pending_email_change)
 +        return JsonResponse({})
 +
 +    @action(methods=['post'], detail=True)
 +    @atomic
 +    def verify_email_change(self, request, pk=None):
 +        user = self.get_object()
 +        code = request.data['code']
 +
 +        try:
 +            pending_email_change = models.PendingEmailChange.objects.get(user=user, verification_code=code)
 +        except models.PendingEmailChange.DoesNotExist:
 +            raise Exception('Verification code is invalid. Please try again.')
 +        pending_email_change.verified = True
 +        pending_email_change.save()
 +        user.email = pending_email_change.email_address
 +        user.save()
 +        user.refresh_from_db()
 +
 +        try:
 +            user_profile_client = request.profile_service['user_profile']
 +            airavata_user_profile = user_profile_client.getUserProfileById(
 +                request.authz_token, user.username, settings.GATEWAY_ID)
 +            airavata_user_profile.emails = [pending_email_change.email_address]
 +            user_profile_client.updateUserProfile(request.authz_token, airavata_user_profile)
 +        except Exception as e:
 +            raise Exception(f"Failed to update Airavata User Profile with new email address: {e}") from e
 +        serializer = self.get_serializer(user)
 +        return Response(serializer.data)
 +
 +
  def download_settings_local(request):
  
-     if not request.is_gateway_admin or not request.is_read_only_gateway_admin:
+     if not (request.is_gateway_admin or request.is_read_only_gateway_admin):
          raise PermissionDenied()
  
      if settings.DEBUG: