From 5e95eb7ce7db9e720b31d73865a7d7ad7ebec927 Mon Sep 17 00:00:00 2001
From: Branson Stephens <branson.stephens@ligo.org>
Date: Thu, 24 Sep 2015 15:16:35 -0500
Subject: [PATCH] Small changes required for lvem_view path to work properly.
---
gracedb/permission_utils.py | 18 +++++++++---------
ligoauth/middleware/auth.py | 27 ++++++++++++++++++++++++---
static/css/style.css | 7 +++++++
templates/base.html | 10 ++++++++++
4 files changed, 50 insertions(+), 12 deletions(-)
diff --git a/gracedb/permission_utils.py b/gracedb/permission_utils.py
index ccd2f9462..c71157537 100644
--- a/gracedb/permission_utils.py
+++ b/gracedb/permission_utils.py
@@ -96,16 +96,16 @@ def lvem_user_required(view):
# in a view.
#-------------------------------------------------------------------------------
def is_external(user):
-# if user:
-# user_groups = [g.name for g in user.groups.all()]
-# if settings.LVC_GROUP not in user_groups:
-# return True
-# return False
-# else:
-# return True
- if user.username == 'branson.stephens@LIGO.ORG':
+ if user:
+ user_groups = [g.name for g in user.groups.all()]
+ if settings.LVC_GROUP not in user_groups:
+ return True
return False
- return True
+ else:
+ return True
+# if user.username == 'branson.stephens@LIGO.ORG':
+# return False
+# return True
#-------------------------------------------------------------------------------
# A utility for determining whether an external user should have access to a
diff --git a/ligoauth/middleware/auth.py b/ligoauth/middleware/auth.py
index 52702f43c..cc22d966d 100644
--- a/ligoauth/middleware/auth.py
+++ b/ligoauth/middleware/auth.py
@@ -107,16 +107,37 @@ class LigoAuthMiddleware:
message += "THIS SHOULD NEVER HAPPEN"
pass
- # Add shib user to groups. This operation is idempotent, but may
- # incur a performance hit.
+ # Update user groups
isMemberOf = request.META.get('isMemberOf',None)
+ user_group_names = []
if isMemberOf:
- for group_name in isMemberOf.split(';'):
+ user_group_names = isMemberOf.split(';')
+ user_group_names = set(user_group_names)
+
+ # The above user list is a raw list that contains many groups that are not of
+ # interest to GraceDB. We will intersect it with the known groups.
+ known_group_names = set([g.name for g in Group.objects.all()])
+ user_group_names = user_group_names & known_group_names
+
+ # Now get the stored user groups
+ stored_user_group_names = set([g.name for g in user.groups.all()])
+
+ # Take necessary action if the group sets differ
+ if user_group_names != stored_user_group_names:
+ # If the user has acquired a new group membership, add it.
+ for group_name in user_group_names - stored_user_group_names:
try:
g = Group.objects.get(name=group_name)
g.user_set.add(user)
except:
pass
+ # If the user has lost a group membership, remove it.
+ for group_name in stored_user_group_names - user_group_names:
+ try:
+ g = Group.objects.get(name=group_name)
+ g.user_set.remove(user)
+ except:
+ pass
if not user and dn:
user = authenticate(dn=dn)
diff --git a/static/css/style.css b/static/css/style.css
index 319108ec7..f83ed3144 100644
--- a/static/css/style.css
+++ b/static/css/style.css
@@ -38,6 +38,13 @@ table.gstlalcbc th {padding:3px;border:none;vertical-align:bottom;}
padding: 4px;
}
+#lvem_view_message {
+ margin-left: 15px;
+ max-width: 600px;
+ background-color: #ffe6e6;
+ padding: 10px;
+}
+
.signoff-area th {
background-color: rgb(200, 200, 200);
}
diff --git a/templates/base.html b/templates/base.html
index 150d40ad8..b53ec8a3d 100644
--- a/templates/base.html
+++ b/templates/base.html
@@ -62,6 +62,16 @@ function changeTime(obj, label) {
</h1>
{% endif %}
</center>
+
+{% if 'lvem_view' in request.path %}
+<div id="lvem_view_message">
+<b>IMPORTANT:</b> You are viewing this page as a member of the LV-EM Observers group.
+At the end of your session, please remove the 'lvem_view/' string from the URL to
+return to the regular GraceDB site. This will ensure that your group memberships
+are correct the next time you log in.
+</div>
+{% endif %}
+
{% endblock %}
<p> </p> <!-- bad way to create vertical space -->
--
GitLab