add roles to get-user-permissions schema and add a rule to get user t…

…enants from the pdp
permitio · Nov 5, 2023 · 4d31302 · 4d31302
1 parent 16272e8
commit 4d31302
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 0 deletions.
diff --git a/horizon/enforcer/api.py b/horizon/enforcer/api.py
@@ -31,6 +31,8 @@
     BulkAuthorizationQuery,
     UserPermissionsQuery,
     UserPermissionsResult,
+    UserTenantsQuery,
+    UserTenantsResult,
 )
 from horizon.enforcer.schemas_kong import (
     KongAuthorizationInput,
@@ -348,6 +350,38 @@ async def user_permissions(
             )
         return result
 
+    @router.post(
+        "/user-tenants",
+        response_model=UserTenantsResult,
+        name="Get User Tenants",
+        status_code=status.HTTP_200_OK,
+        response_model_exclude_none=True,
+        dependencies=[Depends(enforce_pdp_token)],
+    )
+    async def user_tenants(
+        request: Request,
+        query: UserTenantsQuery,
+        x_permit_sdk_language: Optional[str] = Depends(notify_seen_sdk),
+    ):
+        response = await _is_allowed(query, request, USER_PERMISSIONS_POLICY_PACKAGE)
+        log_query_result(query, response)
+        try:
+            raw_result = json.loads(response.body).get("result", {})
+            processed_query = (
+                get_v1_processed_query(raw_result)
+                or get_v2_processed_query(raw_result)
+                or {}
+            )
+
+            result = parse_obj_as(UserTenantsResult, raw_result.get("tenants", {}))
+        except:
+            result = parse_obj_as(UserTenantsResult, {})
+            logger.warning(
+                "get user tenants (fallback response)",
+                reason="cannot decode opa response",
+            )
+        return result
+
     @router.post(
         "/allowed/all-tenants",
         response_model=AllTenantsAuthorizationResult,

diff --git a/horizon/enforcer/schemas.py b/horizon/enforcer/schemas.py
@@ -60,6 +60,11 @@ class UrlAuthorizationQuery(BaseSchema):
     sdk: Optional[str]
 
 
+class UserTenantsQuery(BaseSchema):
+    user: User
+    context: Optional[dict[str, Any]] = {}
+
+
 class UserPermissionsQuery(BaseSchema):
     user: User
     tenants: Optional[list[str]] = Field(None, exclude=True)
@@ -103,9 +108,11 @@ class _UserPermissionsResult(BaseSchema):
     tenant: Optional[_TenantDetails]
     resource: Optional[_ResourceDetails]
     permissions: list[str] = Field(..., regex="^.+:.+$")
+    roles: Optional[list[str]] = None
 
 
 UserPermissionsResult = dict[str, _UserPermissionsResult]
+UserTenantsResult = list[_TenantDetails]
 
 
 class _AllTenantsAuthorizationResult(AuthorizationResult):