Merge pull request #14 from inuits/feature/anonymous-user-policies

Add build_user_context_for_anonymous_user and remove token checks.
inuits · Mar 25, 2024 · c8ba872 · c8ba872
2 parents c7b737d + 36b76ae
commit c8ba872
Show file tree

Hide file tree

Showing 7 changed files with 20 additions and 7 deletions.
diff --git a/pyproject.toml b/pyproject.toml
@@ -6,7 +6,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "elody"
-version = "0.0.65"
+version = "0.0.66"
 description = "elody SDK for Python"
 readme = "README.md"
 authors = [{ name = "Inuits", email = "[email protected]" }]

diff --git a/src/elody/policies/authentication/base_user_tenant_validation_policy.py b/src/elody/policies/authentication/base_user_tenant_validation_policy.py
@@ -18,7 +18,7 @@ def get_user(self, id: str) -> dict:
         pass
 
     @abstractmethod
-    def build_user_context(self, request, user_context: UserContext, user: dict):
+    def build_user_context_for_authenticated_user(self, request, user_context: UserContext, user: dict):
         self.user = user
         user_context.x_tenant = Tenant()
         user_context.x_tenant.id = request.headers.get(
@@ -33,6 +33,19 @@ def build_user_context(self, request, user_context: UserContext, user: dict):
         user_context.bag["tenant_defining_entity_id"] = user_context.x_tenant.id
         user_context.bag["tenant_relation_type"] = "isIn"
         user_context.bag["user_ids"] = self.user["identifiers"]
+
+    @abstractmethod
+    def build_user_context_for_anonymous_user(self, user_context: UserContext, user: dict):
+        self.user = user
+        user_context.x_tenant = Tenant()
+        user_context.x_tenant.id =  self.super_tenant_id
+        user_context.x_tenant.roles = ["anonymous"]
+        user_context.x_tenant.raw = self.__get_x_tenant_raw(user_context.x_tenant.id)
+        user_context.tenants = [user_context.x_tenant]
+        user_context.bag["x_tenant_id"] = user_context.x_tenant.id
+        user_context.bag["tenant_defining_entity_id"] = user_context.x_tenant.id
+        user_context.bag["tenant_relation_type"] = "isIn"
+        user_context.bag["user_ids"] = self.user["identifiers"]
 
     def __get_tenant_roles(self, x_tenant_id: str, request) -> list[str]:
         roles = self.__get_user_tenant_relation(self.super_tenant_id).get("roles", [])

diff --git a/src/elody/policies/authorization/filter_generic_objects_policy.py b/src/elody/policies/authorization/filter_generic_objects_policy.py
@@ -20,7 +20,7 @@ def authorize(
         self, policy_context: PolicyContext, user_context: UserContext, request_context
     ):
         request: Request = request_context.http_request
-        if not user_context.auth_objects.get("token") or not regex.match(
+        if not regex.match(
             "^/[^/]+/filter$", request.path
         ):
             return policy_context

diff --git a/src/elody/policies/authorization/generic_object_detail_policy.py b/src/elody/policies/authorization/generic_object_detail_policy.py
@@ -22,7 +22,7 @@ def authorize(
         self, policy_context: PolicyContext, user_context: UserContext, request_context
     ):
         request: Request = request_context.http_request
-        if not user_context.auth_objects.get("token") or not regex.match(
+        if not regex.match(
             "^/[^/]+/[^/]+$|^/ngsi-ld/v1/entities/[^/]+$", request.path
         ):
             return policy_context

diff --git a/src/elody/policies/authorization/generic_object_metadata_policy.py b/src/elody/policies/authorization/generic_object_metadata_policy.py
@@ -22,7 +22,7 @@ def authorize(
         self, policy_context: PolicyContext, user_context: UserContext, request_context
     ):
         request: Request = request_context.http_request
-        if not user_context.auth_objects.get("token") or not regex.match(
+        if not regex.match(
             "^/[^/]+/[^/]+/metadata$", request.path
         ):
             return policy_context

diff --git a/src/elody/policies/authorization/generic_object_relations_policy.py b/src/elody/policies/authorization/generic_object_relations_policy.py
@@ -22,7 +22,7 @@ def authorize(
         self, policy_context: PolicyContext, user_context: UserContext, request_context
     ):
         request: Request = request_context.http_request
-        if not user_context.auth_objects.get("token") or not regex.match(
+        if not regex.match(
             "^/[^/]+/[^/]+/relations$", request.path
         ):
             return policy_context

diff --git a/src/elody/policies/authorization/generic_object_request_policy.py b/src/elody/policies/authorization/generic_object_request_policy.py
@@ -20,7 +20,7 @@ def authorize(
         self, policy_context: PolicyContext, user_context: UserContext, request_context
     ):
         request: Request = request_context.http_request
-        if not user_context.auth_objects.get("token") or not regex.match(
+        if not regex.match(
             "^/[^/]+$|^/ngsi-ld/v1/entities$", request.path
         ):
             return policy_context