feat(ppm/fhir/auth): PPM-532 - RANT Questionnaire handling improvemen…

…ts; added authorization support for apps; minor tweaks and fixes
hms-dbmi · Oct 29, 2020 · f46c7b7 · f46c7b7
1 parent 0a0402b
commit f46c7b7
Show file tree

Hide file tree

Showing 3 changed files with 365 additions and 73 deletions.
diff --git a/ppmutils/auth.py b/ppmutils/auth.py
@@ -0,0 +1,53 @@
+from ppmutils.ppm import PPM
+
+import logging
+
+logger = logging.getLogger(__name__)
+
+
+class Auth(object):
+
+    ITEM = "ppm"
+    ADMIN = "admin"
+    VIEW = "view"
+    PERMISSIONS = {
+        "HEAD": [ADMIN, VIEW],
+        "OPTION": [ADMIN, VIEW],
+        "GET": [ADMIN, VIEW],
+        "POST": [ADMIN],
+        "PATCH": [ADMIN],
+        "PUT": [ADMIN],
+        "DELETE": [ADMIN],
+    }
+
+    @classmethod
+    def has_permission(cls, method, permissions, study=None):
+        """
+        Inspects the set of permissions and returns True if permissions
+        contain admin level permissions. If a study is passed, this method
+        returns True if permissions are admin on PPM or on study.
+
+        :param method: The requested method to check permissions for
+        :type method: str
+        :param permissions: A list of permissions from DBMI-AuthZ
+        :type permissions: list
+        :param study: A specific study, defaults to None
+        :type study: str, optional
+        """
+
+        # Map permissions
+        map = {a["item"].lower(): a["permission"].lower() for a in permissions}
+
+        # Check for site level permissions first
+        if map.get(cls.ITEM) in cls.PERMISSIONS[method]:
+            return cls.ITEM, map[cls.ITEM]
+
+        # Check study, if passed
+        if study:
+
+            # Set the item string
+            item = f"{cls.ITEM}.{PPM.Study.get(study).value}"
+            if map.get(item) in cls.PERMISSIONS[method]:
+                return item, map[item]
+
+        return None, None