mirror of
https://github.com/clearml/clearml-server
synced 2025-03-16 02:18:43 +00:00
Fix fixed users creation/removal
This commit is contained in:
parent
14547155cb
commit
9c210bb4fa
@ -9,33 +9,60 @@ from apiserver.database.model.user import User
|
|||||||
from apiserver.service_repo.auth.fixed_user import FixedUser
|
from apiserver.service_repo.auth.fixed_user import FixedUser
|
||||||
|
|
||||||
|
|
||||||
def _ensure_auth_user(user_data: dict, company_id: str, log: Logger, revoke: bool = False):
|
def _ensure_user_credentials(
|
||||||
key, secret = user_data.get("key"), user_data.get("secret")
|
user: AuthUser, key: str, secret: str, log: Logger, revoke: bool = False
|
||||||
if not (key and secret):
|
) -> None:
|
||||||
credentials = None
|
|
||||||
else:
|
|
||||||
creds = Credentials(key=key, secret=secret)
|
|
||||||
|
|
||||||
user = AuthUser.objects(credentials__match=creds).first()
|
|
||||||
if user:
|
|
||||||
if revoke:
|
if revoke:
|
||||||
|
log.info(f"Revoking credentials for existing user {user.id} ({user.name})")
|
||||||
user.credentials = []
|
user.credentials = []
|
||||||
user.save()
|
user.save()
|
||||||
|
return
|
||||||
|
|
||||||
|
if not (key and secret):
|
||||||
|
return
|
||||||
|
|
||||||
|
new_credentials = Credentials(key=key, secret=secret)
|
||||||
|
log.info(f"Setting credentials for existing user {user.id} ({user.name})")
|
||||||
|
user.credentials = [new_credentials]
|
||||||
|
user.save()
|
||||||
|
return
|
||||||
|
|
||||||
|
|
||||||
|
def _ensure_auth_user(user_data: dict, company_id: str, log: Logger, revoke: bool = False) -> str:
|
||||||
|
user_id = user_data.get("id", f"__{user_data['name']}__")
|
||||||
|
role = user_data["role"]
|
||||||
|
email = user_data["email"]
|
||||||
|
autocreated = user_data.get("autocreated", False)
|
||||||
|
key, secret = user_data.get("key"), user_data.get("secret")
|
||||||
|
|
||||||
|
user: AuthUser = AuthUser.objects(id=user_id).first()
|
||||||
|
if user:
|
||||||
|
_ensure_user_credentials(user=user, key=key, secret=secret, log=log, revoke=revoke)
|
||||||
|
if (
|
||||||
|
user.role != role
|
||||||
|
or user.email != email
|
||||||
|
or user.autocreated != autocreated
|
||||||
|
):
|
||||||
|
user.email = email
|
||||||
|
user.role = role
|
||||||
|
user.autocreated = autocreated
|
||||||
|
user.save()
|
||||||
|
|
||||||
return user.id
|
return user.id
|
||||||
|
|
||||||
credentials = [] if revoke else [creds]
|
credentials = (
|
||||||
|
[Credentials(key=key, secret=secret)]
|
||||||
user_id = user_data.get("id", f"__{user_data['name']}__")
|
if not revoke and key and secret
|
||||||
autocreated = user_data.get("autocreated", False)
|
else []
|
||||||
|
)
|
||||||
log.info(f"Creating user: {user_data['name']}")
|
log.info(f"Creating user: {user_data['name']}")
|
||||||
|
|
||||||
user = AuthUser(
|
user = AuthUser(
|
||||||
id=user_id,
|
id=user_id,
|
||||||
name=user_data["name"],
|
name=user_data["name"],
|
||||||
company=company_id,
|
company=company_id,
|
||||||
role=user_data["role"],
|
role=role,
|
||||||
email=user_data["email"],
|
email=email,
|
||||||
created=datetime.utcnow(),
|
created=datetime.utcnow(),
|
||||||
credentials=credentials,
|
credentials=credentials,
|
||||||
autocreated=autocreated,
|
autocreated=autocreated,
|
||||||
@ -62,6 +89,15 @@ def _ensure_backend_user(user_id: str, company_id: str, user_name: str):
|
|||||||
|
|
||||||
|
|
||||||
def ensure_fixed_user(user: FixedUser, log: Logger, emails: set):
|
def ensure_fixed_user(user: FixedUser, log: Logger, emails: set):
|
||||||
|
data = attr.asdict(user)
|
||||||
|
data["id"] = user.user_id
|
||||||
|
email = f"{user.user_id}@example.com"
|
||||||
|
data["email"] = email
|
||||||
|
data["role"] = Role.guest if user.is_guest else Role.user
|
||||||
|
data["autocreated"] = True
|
||||||
|
|
||||||
|
_ensure_auth_user(user_data=data, company_id=user.company, log=log)
|
||||||
|
|
||||||
db_user = User.objects(company=user.company, id=user.user_id).first()
|
db_user = User.objects(company=user.company, id=user.user_id).first()
|
||||||
if db_user:
|
if db_user:
|
||||||
# noinspection PyBroadException
|
# noinspection PyBroadException
|
||||||
@ -71,16 +107,7 @@ def ensure_fixed_user(user: FixedUser, log: Logger, emails: set):
|
|||||||
db_user.update(name=user.name, given_name=given_name, family_name=family_name)
|
db_user.update(name=user.name, given_name=given_name, family_name=family_name)
|
||||||
except Exception:
|
except Exception:
|
||||||
pass
|
pass
|
||||||
return
|
else:
|
||||||
|
_ensure_backend_user(user.user_id, user.company, user.name)
|
||||||
|
|
||||||
data = attr.asdict(user)
|
|
||||||
data["id"] = user.user_id
|
|
||||||
email = f"{user.user_id}@example.com"
|
|
||||||
data["email"] = email
|
|
||||||
data["role"] = Role.guest if user.is_guest else Role.user
|
|
||||||
data["autocreated"] = True
|
|
||||||
|
|
||||||
_ensure_auth_user(user_data=data, company_id=user.company, log=log)
|
|
||||||
emails.add(email)
|
emails.add(email)
|
||||||
|
|
||||||
return _ensure_backend_user(user.user_id, user.company, user.name)
|
|
||||||
|
@ -296,7 +296,7 @@ class ServiceRepo(object):
|
|||||||
|
|
||||||
except APIError as ex:
|
except APIError as ex:
|
||||||
# report stack trace only for gene
|
# report stack trace only for gene
|
||||||
include_stack = cls._return_stack and cls._should_return_stack(
|
include_stack = cls._should_return_stack(
|
||||||
ex.code, ex.subcode
|
ex.code, ex.subcode
|
||||||
)
|
)
|
||||||
call.set_error_result(
|
call.set_error_result(
|
||||||
@ -310,8 +310,11 @@ class ServiceRepo(object):
|
|||||||
pass
|
pass
|
||||||
except Exception as ex:
|
except Exception as ex:
|
||||||
log.exception(ex)
|
log.exception(ex)
|
||||||
|
include_stack = cls._should_return_stack(
|
||||||
|
500, 0
|
||||||
|
)
|
||||||
call.set_error_result(
|
call.set_error_result(
|
||||||
code=500, subcode=0, msg=str(ex), include_stack=cls._return_stack
|
code=500, subcode=0, msg=str(ex), include_stack=include_stack
|
||||||
)
|
)
|
||||||
finally:
|
finally:
|
||||||
content, content_type = call.get_response()
|
content, content_type = call.get_response()
|
||||||
|
Loading…
Reference in New Issue
Block a user