role based access control and result upload

1. add role for user 2. user can upload test results Change-Id: I1c5370be7818edb0394f05e8b81f975deb98b286 Signed-off-by: grakiss <grakiss.wanglei@huawei.com>
author: grakiss <grakiss.wanglei@huawei.com> 2017-07-07 15:06:29 +0800
committer: grakiss <grakiss.wanglei@huawei.com> 2017-07-20 09:51:50 +0800
commit: 20826c00015567244153ab2e7b39452600fd38c7 (patch)
tree: 8ea100263f358b5b00f4e69e43f2164e38023f4d /utils/test/testapi/opnfv_testapi/ui/auth/sign.py
parent: 5b77ae789540f805199831427930476c9579916b (diff)
1 files changed, 21 insertions, 8 deletions
diff --git a/utils/test/testapi/opnfv_testapi/ui/auth/sign.py b/utils/test/testapi/opnfv_testapi/ui/auth/sign.py
index 6a9d94eb2..5b3622579 100644
--- a/utils/test/testapi/opnfv_testapi/ui/auth/sign.py
+++ b/utils/test/testapi/opnfv_testapi/ui/auth/sign.py
@@ -1,4 +1,7 @@
 from six.moves.urllib import parse
+from tornado import gen
+from tornado import web
+import logging
 
 from opnfv_testapi.common import config
 from opnfv_testapi.ui.auth import base
@@ -31,20 +34,31 @@ class SigninHandler(base.BaseHandler):
 
 
 class SigninReturnHandler(base.BaseHandler):
+    @web.asynchronous
+    @gen.coroutine
     def get(self):
         if self.get_query_argument(const.OPENID_MODE) == 'cancel':
             self._auth_failure('Authentication canceled.')
 
         openid = self.get_query_argument(const.OPENID_CLAIMED_ID)
-        user_info = {
+        role = const.DEFAULT_ROLE
+        new_user_info = {
             'openid': openid,
             'email': self.get_query_argument(const.OPENID_NS_SREG_EMAIL),
-            'fullname': self.get_query_argument(const.OPENID_NS_SREG_FULLNAME)
+            'fullname': self.get_query_argument(const.OPENID_NS_SREG_FULLNAME),
+            const.ROLE: role
         }
+        user = yield self.db_find_one({'openid': openid})
+        if not user:
+            self.db_save(self.table, new_user_info)
+            logging.info('save to db:%s', new_user_info)
+        else:
+            role = user.get(const.ROLE)
 
-        self.db_save(self.table, user_info)
-        if not self.get_secure_cookie('openid'):
-            self.set_secure_cookie('openid', openid)
+        self.clear_cookie(const.OPENID)
+        self.clear_cookie(const.ROLE)
+        self.set_secure_cookie(const.OPENID, openid)
+        self.set_secure_cookie(const.ROLE, role)
         self.redirect(url=CONF.ui_url)
 
     def _auth_failure(self, message):
@@ -57,9 +71,8 @@ class SigninReturnHandler(base.BaseHandler):
 class SignoutHandler(base.BaseHandler):
     def get(self):
         """Handle signout request."""
-        openid = self.get_secure_cookie(const.OPENID)
-        if openid:
-            self.clear_cookie(const.OPENID)
+        self.clear_cookie(const.OPENID)
+        self.clear_cookie(const.ROLE)
         params = {'openid_logout': CONF.osid_openid_logout_endpoint}
         url = parse.urljoin(CONF.ui_url,
                             '/#/logout?' + parse.urlencode(params))
author	grakiss <grakiss.wanglei@huawei.com>	2017-07-07 15:06:29 +0800
committer	grakiss <grakiss.wanglei@huawei.com>	2017-07-20 09:51:50 +0800
commit	20826c00015567244153ab2e7b39452600fd38c7 (patch)
tree	8ea100263f358b5b00f4e69e43f2164e38023f4d /utils/test/testapi/opnfv_testapi/ui/auth/sign.py
parent	5b77ae789540f805199831427930476c9579916b (diff)