feat: add settings for filtering the active shows and OIDC Provider Scope, Update Scope Claims

the Show IDs are now listed and filtered according to the settings BREAKING CHANGE: Closes: #179

feat: add settings for filtering the active shows and OIDC Provider Scope, Update Scope Claims
3ecd62a9 · Ernesto Rico Schmidt · 5892ecec · 3ecd62a9 · 3ecd62a9
Verified Commit 3ecd62a9 authored 1 year ago by Ernesto Rico Schmidt
--- a/steering/oidc_provider_settings.py
+++ b/steering/oidc_provider_settings.py
@@ -20,7 +20,10 @@

 from oidc_provider.lib.claims import ScopeClaims

+from django.conf import settings
+from django.utils import timezone
 from django.utils.translation import gettext as _
+from program.models import Show


 class AuraScopeClaims(ScopeClaims):
@@ -30,27 +33,40 @@ class AuraScopeClaims(ScopeClaims):
    )

    def scope_username(self):
-        dic = {
+        return {
            "username": self.user.username,
-            # 'privileged': (self.user.is_staff or self.user.is_superuser)
-            "privileged": self.user.is_superuser,
+            "privileged": self.user.is_superuser
+            or settings.PRIVILEGED_GROUP in self.user.groups.values_list("name", flat=True),
+            "entitled": any(
+                [
+                    name in settings.ENTITLED_GROUPS
+                    for name in self.user.groups.values_list("name", flat=True)
+                ]
+            ),
        }

-        return dic
-
    info_aura_shows = (
        _("AURA Shows"),
        _("AURA shows you have access to."),
    )

    def scope_aura_shows(self):
-        from program.models import Show
+        # we use annotated objects because filtering using properties is not possible
+        owned_shows = Show.objects.with_max_timeslot_start().filter(owners=self.user)
+        public_shows = Show.objects.with_max_timeslot_start().filter(is_public=True)
+
+        if settings.FILTER_ACTIVE_SHOWS_USING["is_active"]:
+            # use the `is_active` field
+            owned_shows = owned_shows.filter(is_active=True)
+            public_shows = public_shows.filter(is_active=True)

-        # TODO: should add filter `is_active=True` ?
-        public_show_slugs = list(
-            Show.objects.filter(is_public=True).values_list("slug", flat=True)
-        )
-        show_slugs = list(self.user.shows.all().values_list("slug", flat=True))
-        dic = {"shows": show_slugs, "public-shows": public_show_slugs}
+        if settings.FILTER_ACTIVE_SHOWS_USING["max_timeslot_start"]:
+            # use the `max_timeslot_start` annotation
+            now = timezone.datetime.now()
+            owned_shows = owned_shows.filter(max_timeslot_start__gt=now)
+            public_shows = public_shows.filter(max_timeslot_start__gt=now)

-        return dic
+        return {
+            "ownedShowIds": list(owned_shows.values_list("id", flat=True)),
+            "publicShowIds": list(public_shows.values_list("id", flat=True)),
+        }
--- a/steering/settings.py
+++ b/steering/settings.py
@@ -160,6 +160,21 @@ CBA_REST_API_URL = CBA_URL + "/wp-json/wp/v2/"
 LOGIN_URL = "/admin/login/"  # Login page OIDC redirects to
 OIDC_EXTRA_SCOPE_CLAIMS = "steering.oidc_provider_settings.AuraScopeClaims"

+# OIDC Provider extra scope claims
+# - Superusers and members of these group are privileged
+PRIVILEGED_GROUP = "Program"
+# - Members of these groups are entitled
+ENTITLED_GROUPS = ["Broadcast", "Broadcast+"]  # this needs to be a list
+
+# The API will filter the active shows using one of these filters
+# One of these should to be True.
+# - if both are True, shows will be filtered using the field AND the annotation
+# - if both are False, shows will NOT be filtered
+FILTER_ACTIVE_SHOWS_USING = {
+    "is_active": False,  # shows will be filtered using this field
+    "max_timeslot_start": True,  # shows will be filtered using this annotation
+}
+
 # WSGI_APPLICATION = 'steering.wsgi.application';

 if os.getenv("USE_LDAP_AUTH"):