Add constructors for the QuayDeferredPermissionUser so that we can avoid extraneous DB lookups of the user whenever we already have the object
This commit is contained in:
parent
3cec22defe
commit
8eb9c376cd
3 changed files with 19 additions and 10 deletions
|
@ -34,7 +34,7 @@ def _load_user_from_cookie():
|
|||
|
||||
logger.debug('Loading user from cookie: %s', current_user.get_id())
|
||||
set_authenticated_user_deferred(current_user.get_id())
|
||||
loaded = QuayDeferredPermissionUser(current_user.get_id(), 'user_uuid', {scopes.DIRECT_LOGIN})
|
||||
loaded = QuayDeferredPermissionUser.for_user(current_user.db_user())
|
||||
identity_changed.send(app, identity=loaded)
|
||||
return current_user.db_user()
|
||||
return None
|
||||
|
@ -67,7 +67,7 @@ def _validate_and_apply_oauth_token(token):
|
|||
set_authenticated_user(validated.authorized_user)
|
||||
set_validated_oauth_token(validated)
|
||||
|
||||
new_identity = QuayDeferredPermissionUser(validated.authorized_user.uuid, 'user_uuid', scope_set)
|
||||
new_identity = QuayDeferredPermissionUser.for_user(validated.authorized_user, scope_set)
|
||||
identity_changed.send(app, identity=new_identity)
|
||||
|
||||
|
||||
|
@ -107,7 +107,7 @@ def _process_basic_auth(auth):
|
|||
logger.debug('Successfully validated robot: %s' % credentials[0])
|
||||
set_authenticated_user(robot)
|
||||
|
||||
deferred_robot = QuayDeferredPermissionUser(robot.uuid, 'user_uuid', {scopes.DIRECT_LOGIN})
|
||||
deferred_robot = QuayDeferredPermissionUser.for_user(robot)
|
||||
identity_changed.send(app, identity=deferred_robot)
|
||||
return
|
||||
except model.InvalidRobotException:
|
||||
|
@ -121,8 +121,7 @@ def _process_basic_auth(auth):
|
|||
logger.debug('Successfully validated user: %s' % authenticated.username)
|
||||
set_authenticated_user(authenticated)
|
||||
|
||||
new_identity = QuayDeferredPermissionUser(authenticated.uuid, 'user_uuid',
|
||||
{scopes.DIRECT_LOGIN})
|
||||
new_identity = QuayDeferredPermissionUser.for_user(authenticated)
|
||||
identity_changed.send(app, identity=new_identity)
|
||||
return
|
||||
|
||||
|
|
|
@ -66,11 +66,21 @@ def repository_write_grant(namespace, repository):
|
|||
|
||||
|
||||
class QuayDeferredPermissionUser(Identity):
|
||||
def __init__(self, uuid, auth_type, scopes):
|
||||
def __init__(self, uuid, auth_type, auth_scopes, user=None):
|
||||
super(QuayDeferredPermissionUser, self).__init__(uuid, auth_type)
|
||||
|
||||
self._permissions_loaded = False
|
||||
self._scope_set = scopes
|
||||
self._scope_set = auth_scopes
|
||||
self._user_object = user
|
||||
|
||||
@staticmethod
|
||||
def for_id(uuid, auth_scopes=None):
|
||||
return QuayDeferredPermissionUser(uuid, 'user_uuid', auth_scopes or {scopes.DIRECT_LOGIN})
|
||||
|
||||
@staticmethod
|
||||
def for_user(user, auth_scopes=None):
|
||||
return QuayDeferredPermissionUser(user.uuid, 'user_uuid', auth_scopes or {scopes.DIRECT_LOGIN},
|
||||
user=user)
|
||||
|
||||
def _translate_role_for_scopes(self, cardinality, max_roles, role):
|
||||
if self._scope_set is None:
|
||||
|
@ -96,7 +106,7 @@ class QuayDeferredPermissionUser(Identity):
|
|||
def can(self, permission):
|
||||
if not self._permissions_loaded:
|
||||
logger.debug('Loading user permissions after deferring.')
|
||||
user_object = model.get_user_by_uuid(self.id)
|
||||
user_object = self._user_object or model.get_user_by_uuid(self.id)
|
||||
if user_object is None:
|
||||
return super(QuayDeferredPermissionUser, self).can(permission)
|
||||
|
||||
|
@ -249,7 +259,7 @@ def on_identity_loaded(sender, identity):
|
|||
|
||||
elif identity.auth_type == 'user_uuid':
|
||||
logger.debug('Switching username permission to deferred object with uuid: %s', identity.id)
|
||||
switch_to_deferred = QuayDeferredPermissionUser(identity.id, 'user_uuid', {scopes.DIRECT_LOGIN})
|
||||
switch_to_deferred = QuayDeferredPermissionUser.for_id(identity.id)
|
||||
identity_changed.send(app, identity=switch_to_deferred)
|
||||
|
||||
elif identity.auth_type == 'token':
|
||||
|
|
|
@ -103,7 +103,7 @@ def param_required(param_name):
|
|||
def common_login(db_user):
|
||||
if login_user(LoginWrappedDBUser(db_user.uuid, db_user)):
|
||||
logger.debug('Successfully signed in as: %s (%s)' % (db_user.username, db_user.uuid))
|
||||
new_identity = QuayDeferredPermissionUser(db_user.uuid, 'user_uuid', {scopes.DIRECT_LOGIN})
|
||||
new_identity = QuayDeferredPermissionUser.for_user(db_user)
|
||||
identity_changed.send(app, identity=new_identity)
|
||||
session['login_time'] = datetime.datetime.now()
|
||||
return True
|
||||
|
|
Reference in a new issue