From 20826c00015567244153ab2e7b39452600fd38c7 Mon Sep 17 00:00:00 2001
From: grakiss <grakiss.wanglei@huawei.com>
Date: Fri, 7 Jul 2017 15:06:29 +0800
Subject: role based access control and result upload

1. add role for user
2. user can upload test results

Change-Id: I1c5370be7818edb0394f05e8b81f975deb98b286
Signed-off-by: grakiss <grakiss.wanglei@huawei.com>
---
 utils/test/testapi/opnfv_testapi/ui/auth/sign.py | 29 +++++++++++++++++-------
 1 file changed, 21 insertions(+), 8 deletions(-)

(limited to 'utils/test/testapi/opnfv_testapi/ui/auth/sign.py')

diff --git a/utils/test/testapi/opnfv_testapi/ui/auth/sign.py b/utils/test/testapi/opnfv_testapi/ui/auth/sign.py
index 6a9d94eb2..5b3622579 100644
--- a/utils/test/testapi/opnfv_testapi/ui/auth/sign.py
+++ b/utils/test/testapi/opnfv_testapi/ui/auth/sign.py
@@ -1,4 +1,7 @@
 from six.moves.urllib import parse
+from tornado import gen
+from tornado import web
+import logging
 
 from opnfv_testapi.common import config
 from opnfv_testapi.ui.auth import base
@@ -31,20 +34,31 @@ class SigninHandler(base.BaseHandler):
 
 
 class SigninReturnHandler(base.BaseHandler):
+    @web.asynchronous
+    @gen.coroutine
     def get(self):
         if self.get_query_argument(const.OPENID_MODE) == 'cancel':
             self._auth_failure('Authentication canceled.')
 
         openid = self.get_query_argument(const.OPENID_CLAIMED_ID)
-        user_info = {
+        role = const.DEFAULT_ROLE
+        new_user_info = {
             'openid': openid,
             'email': self.get_query_argument(const.OPENID_NS_SREG_EMAIL),
-            'fullname': self.get_query_argument(const.OPENID_NS_SREG_FULLNAME)
+            'fullname': self.get_query_argument(const.OPENID_NS_SREG_FULLNAME),
+            const.ROLE: role
         }
+        user = yield self.db_find_one({'openid': openid})
+        if not user:
+            self.db_save(self.table, new_user_info)
+            logging.info('save to db:%s', new_user_info)
+        else:
+            role = user.get(const.ROLE)
 
-        self.db_save(self.table, user_info)
-        if not self.get_secure_cookie('openid'):
-            self.set_secure_cookie('openid', openid)
+        self.clear_cookie(const.OPENID)
+        self.clear_cookie(const.ROLE)
+        self.set_secure_cookie(const.OPENID, openid)
+        self.set_secure_cookie(const.ROLE, role)
         self.redirect(url=CONF.ui_url)
 
     def _auth_failure(self, message):
@@ -57,9 +71,8 @@ class SigninReturnHandler(base.BaseHandler):
 class SignoutHandler(base.BaseHandler):
     def get(self):
         """Handle signout request."""
-        openid = self.get_secure_cookie(const.OPENID)
-        if openid:
-            self.clear_cookie(const.OPENID)
+        self.clear_cookie(const.OPENID)
+        self.clear_cookie(const.ROLE)
         params = {'openid_logout': CONF.osid_openid_logout_endpoint}
         url = parse.urljoin(CONF.ui_url,
                             '/#/logout?' + parse.urlencode(params))
-- 
cgit 1.2.3-korg