57 lines
1.8 KiB
Python
57 lines
1.8 KiB
Python
from __future__ import annotations
|
|
|
|
from app.schemas.identity import IdentityUser
|
|
|
|
|
|
class IdentityService:
|
|
DEMO_USERS = {
|
|
"alice": {
|
|
"user_id": "u1001",
|
|
"user_name": "alice",
|
|
"display_name": "Alice",
|
|
"roles": ["DEPLOY_OPERATOR"],
|
|
"tenant_id": "tenant-demo",
|
|
"permissions": ["task:create", "task:confirm", "software_a:deploy"],
|
|
"allowed_envs": ["test", "staging"],
|
|
"allowed_apps": ["order-service", "user-service"],
|
|
},
|
|
"bob": {
|
|
"user_id": "u2001",
|
|
"user_name": "bob",
|
|
"display_name": "Bob",
|
|
"roles": ["APPROVER"],
|
|
"tenant_id": "tenant-demo",
|
|
"permissions": ["approval:decision"],
|
|
"allowed_envs": ["prod"],
|
|
"allowed_apps": ["order-service", "user-service"],
|
|
},
|
|
}
|
|
|
|
def login(self, username: str, _: str) -> tuple[str, dict] | None:
|
|
user = self.DEMO_USERS.get(username)
|
|
if not user:
|
|
return None
|
|
return f"demo-token-{username}", user
|
|
|
|
def get_user_by_token(self, access_token: str) -> dict | None:
|
|
if not access_token.startswith("demo-token-"):
|
|
return None
|
|
username = access_token.removeprefix("demo-token-")
|
|
return self.DEMO_USERS.get(username)
|
|
|
|
def get_permissions(self, user_id: str) -> dict | None:
|
|
for user in self.DEMO_USERS.values():
|
|
if user["user_id"] == user_id:
|
|
return user
|
|
return None
|
|
|
|
@staticmethod
|
|
def to_identity_user(user: dict) -> IdentityUser:
|
|
return IdentityUser(
|
|
user_id=user["user_id"],
|
|
user_name=user["user_name"],
|
|
display_name=user["display_name"],
|
|
roles=user["roles"],
|
|
tenant_id=user["tenant_id"],
|
|
)
|