Skip to content
Snippets Groups Projects
Commit 9c3841b5 authored by Jorrit Schaap's avatar Jorrit Schaap
Browse files

temporarily allow any use to get updates via websocket. No secrets are shared.... 

temporarily allow any use to get updates via websocket. No secrets are shared. Do not touch the User/Token models. Seems to coincide with django db errors on production...
parent 30694948
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
SAS/TMSS/backend/services/websocket/lib/websocket_service.py
+ 66
59
View file @ 9c3841b5
...@@ -59,25 +59,29 @@ class TMSSWebSocket(WebSocket): ...@@ -59,25 +59,29 @@ class TMSSWebSocket(WebSocket):
self.authenticated = True self.authenticated = True
def handleMessage(self): def handleMessage(self):
try: # JS 2023-08-11: TODO: fix this! For now we want all users to get updates.
if not self.authenticated: # Not (yet) authenticated self._set_flags_to_default()
token_key = JSONloads(self.data).get('token', '') return
from rest_framework.authtoken.models import Token # try:
token_obj = Token.objects.filter(key=token_key).first() # if not self.authenticated: # Not (yet) authenticated
if token_obj: # token_key = JSONloads(self.data).get('token', '')
self.user = token_obj.user #
self.authenticated = True # from rest_framework.authtoken.models import Token
logger.info('Client authenticated. User: %s from IP: %s' % (self.user, self.address[0])) # token_obj = Token.objects.filter(key=token_key).first()
else: # if token_obj:
logger.info('Client not authenticated. IP: %s' % (self.address[0])) # self.user = token_obj.user
self.close(1011, u'Please login, so you have a token, and please submit the token in the 1st message after the connection was made.') # self.authenticated = True
else: # logger.info('Client authenticated. User: %s from IP: %s' % (self.user, self.address[0]))
logger.debug('Client already authenticated, ignoring incoming message. User: %s from IP: %s' % (self.user, self.address[0])) # else:
# NOTE: We just ignore incoming messages as we treat the communication as one-way only, except for the auth msg. # logger.info('Client not authenticated. IP: %s' % (self.address[0]))
except Exception as e: # self.close(1011, u'Please login, so you have a token, and please submit the token in the 1st message after the connection was made.')
logger.exception('Error when handling websocket message of User: %s from IP: %s' % (self.user, self.address[0])) # else:
raise # logger.debug('Client already authenticated, ignoring incoming message. User: %s from IP: %s' % (self.user, self.address[0]))
# # NOTE: We just ignore incoming messages as we treat the communication as one-way only, except for the auth msg.
# except Exception as e:
# logger.exception('Error when handling websocket message of User: %s from IP: %s' % (self.user, self.address[0]))
# raise
def handleConnected(self): def handleConnected(self):
# Enforce to initial values be safe # Enforce to initial values be safe
...@@ -134,46 +138,49 @@ class TMSSEventMessageHandlerForWebsocket(TMSSEventMessageHandler): ...@@ -134,46 +138,49 @@ class TMSSEventMessageHandlerForWebsocket(TMSSEventMessageHandler):
self.t.join() self.t.join()
def _get_authorised_clients_for_object_in_websocket(self, obj): def _get_authorised_clients_for_object_in_websocket(self, obj):
from django.contrib.auth import get_user_model # JS 2023-08-11: TODO: fix this! For now we want all users to get updates.
User = get_user_model() return list(self._ws_server.connections.values())
from lofar.sas.tmss.tmss.tmssapp.viewsets.permissions import get_project_roles_for_user, get_project_roles_with_permission # from django.contrib.auth import get_user_model
from lofar.sas.tmss.tmss.tmssapp.models import ProjectRole # User = get_user_model()
#
auth_clients = [] # from lofar.sas.tmss.tmss.tmssapp.viewsets.permissions import get_project_roles_for_user, get_project_roles_with_permission
logger.debug('Checking which of these users should receive websocket update for obj=%s: %s' % (obj, [ws.user for ws in list(self._ws_server.connections.values())])) # from lofar.sas.tmss.tmss.tmssapp.models import ProjectRole
for ws in list(self._ws_server.connections.values()): #
if ws.authenticated: # Check user permissions for the object # auth_clients = []
# JS 2023-08-11: TODO: fix this! For now we want all users to get updates. # logger.debug('Checking which of these users should receive websocket update for obj=%s: %s' % (obj, [ws.user for ws in list(self._ws_server.connections.values())]))
auth_clients.append(ws) # for ws in list(self._ws_server.connections.values()):
continue # if ws.authenticated: # Check user permissions for the object
# # JS 2023-08-11: TODO: fix this! For now we want all users to get updates.
user = User.objects.filter(username=ws.user).first() # auth_clients.append(ws)
if user is None: # continue
continue #
# user = User.objects.filter(username=ws.user).first()
if user.is_superuser: # if user is None:
logger.debug('User=%s is superuser and will receive websocket update for obj=%s' % (user, obj)) # continue
auth_clients.append(ws) #
elif user.has_perm("tmssapp.view_%s" % type(obj).__name__.lower()): # if user.is_superuser:
logger.debug('User=%s has permission=%s and will receive websocket update for obj=%s' % (user, "tmssapp.view_%s" % type(obj).__name__.lower(), obj)) # logger.debug('User=%s is superuser and will receive websocket update for obj=%s' % (user, obj))
auth_clients.append(ws) # auth_clients.append(ws)
else: # elif user.has_perm("tmssapp.view_%s" % type(obj).__name__.lower()):
logger.debug('User=%s has no permission=%s, checking for project-based permission to receive websocket update for obj=%s' % (user, "tmssapp.view_%s" % type(obj).__name__.lower(), obj)) # logger.debug('User=%s has permission=%s and will receive websocket update for obj=%s' % (user, "tmssapp.view_%s" % type(obj).__name__.lower(), obj))
# project-based permission # auth_clients.append(ws)
permitted_project_roles = get_project_roles_with_permission(type(obj).__name__.lower(), 'GET') # else:
user_project_roles = get_project_roles_for_user(user) # logger.debug('User=%s has no permission=%s, checking for project-based permission to receive websocket update for obj=%s' % (user, "tmssapp.view_%s" % type(obj).__name__.lower(), obj))
related_project = getattr(obj, 'project', None) # # project-based permission
for project_role in user_project_roles: # permitted_project_roles = get_project_roles_with_permission(type(obj).__name__.lower(), 'GET')
if related_project: # user_project_roles = get_project_roles_for_user(user)
if project_role['project'].lower() == related_project.name.lower() and \ # related_project = getattr(obj, 'project', None)
ProjectRole.objects.get(value=project_role['role']) in permitted_project_roles: # for project_role in user_project_roles:
auth_clients.append(ws) # if related_project:
logger.debug("User=%s has project-based permission for project=%s and will receive websocket update for obj=%s" % (user, project_role['project'].lower(), obj)) # if project_role['project'].lower() == related_project.name.lower() and \
break # ProjectRole.objects.get(value=project_role['role']) in permitted_project_roles:
else: # auth_clients.append(ws)
logger.debug("%s websocket is not authenticated and will not receive websocket update for obj=%s" % (ws.user, obj)) # logger.debug("User=%s has project-based permission for project=%s and will receive websocket update for obj=%s" % (user, project_role['project'].lower(), obj))
return auth_clients # break
# else:
# logger.debug("%s websocket is not authenticated and will not receive websocket update for obj=%s" % (ws.user, obj))
# return auth_clients
def _broadcast_notify_to_clients_websocket(self, msg, clients): def _broadcast_notify_to_clients_websocket(self, msg, clients):
# Send a broadcast message to all ws clients passed as argument # Send a broadcast message to all ws clients passed as argument
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment