Late-initialise CLI user & late-import UserClass class

This may fix some unit tests issues.
2017-08-18 19:14:29 +02:00 · 2017-08-18 19:14:29 +02:00 · 566f2a4835
commit 566f2a4835
parent 575a7ed1a7
3 changed files with 28 additions and 14 deletions
--- a/pillar/api/utils/authentication.py
+++ b/pillar/api/utils/authentication.py
@ -15,17 +15,9 @@ from flask import g
 from flask import request
 from flask import current_app

-from pillar.auth import UserClass
-
 log = logging.getLogger(__name__)

-CLI_USER = UserClass.construct('CLI', {
-    '_id': 'CLI',
-    'groups': [],
-    'roles': {'admin'},
-    'email': 'local@nowhere',
-    'username': 'CLI',
-})
+CLI_USER = ...


 def force_cli_user():
@ -34,7 +26,22 @@ def force_cli_user():
    This is used as a marker to avoid authorization checks and just allow everything.
    """

-    log.warning('Logging in as CLI_USER, circumventing authentication.')
+    global CLI_USER
+
+    from pillar.auth import UserClass
+
+    if CLI_USER is ...:
+        CLI_USER = UserClass.construct('CLI', {
+            '_id': 'CLI',
+            'groups': [],
+            'roles': {'admin'},
+            'email': 'local@nowhere',
+            'username': 'CLI',
+        })
+        log.warning('CONSTRUCTED CLI USER %s of type %s', id(CLI_USER), id(type(CLI_USER)))
+
+    log.warning('Logging in as CLI_USER (%s) of type %s, circumventing authentication.',
+                id(CLI_USER), id(type(CLI_USER)))
    g.current_user = CLI_USER


--- a/pillar/api/utils/authorization.py
+++ b/pillar/api/utils/authorization.py
@ -7,8 +7,6 @@ from flask import abort
 from flask import current_app
 from werkzeug.exceptions import Forbidden

-from pillar.auth import UserClass
-
 CHECK_PERMISSIONS_IMPLEMENTED_FOR = {'projects', 'nodes', 'flamenco_jobs'}

 log = logging.getLogger(__name__)
@ -355,9 +353,11 @@ def ab_testing(require_roles=set(),
    return decorator


-def user_has_role(role, user: UserClass=None):
+def user_has_role(role, user=None):
    """Returns True iff the user is logged in and has the given role."""

+    from pillar.auth import UserClass
+
    if user is None:
        user = g.get('current_user')
        if user is not None and not isinstance(user, UserClass):
@ -371,9 +371,11 @@ def user_has_role(role, user: UserClass=None):
    return user.has_role(role)


-def user_has_cap(capability: str, user: UserClass=None) -> bool:
+def user_has_cap(capability: str, user=None) -> bool:
    """Returns True iff the user is logged in and has the given capability."""

+    from pillar.auth import UserClass
+
    assert capability

    if user is None:
@ -400,6 +402,8 @@ def user_matches_roles(require_roles=set(),
        returning True.
    """

+    from pillar.auth import UserClass
+
    current_user: UserClass = g.get('current_user')
    if current_user is None:
        return False
--- a/pillar/auth/init.py
+++ b/pillar/auth/init.py
@ -61,6 +61,9 @@ class UserClass(flask_login.UserMixin):

        return user

+    def __str__(self):
+        return f'UserClass(user_id={self.user_id})'
+
    def __getitem__(self, item):
        """Compatibility layer with old dict-based g.current_user object."""