AAI-182 refactor and clean up user/role checking to enable admin endpoints by marius-mather · Pull Request #19 · AustralianBioCommons/aai-backend

marius-mather · 2025-05-23T02:09:41Z

Description

AAI-182: I started on implementing admin endpoints, but realised we needed a bit of a refactor of how we check users/roles. This PR contains an initial admin endpoint to show the approach, but also refactors our existing user checks.

Changes

Implement a user_is_admin check that we can apply to all admin routes
Set the list of Admin roles via config
Initial /admin/users endpoint to demonstrate a route that requires admin
Unit tests of admin checking/user endpoint
Refactor of existing validation/user checks

Checklist

I have commented my code, particularly in hard-to-understand areas
I have added unit / integration tests that prove my fix is effective or that my feature works
I have run all tests locally and they pass
I have updated the documentation (if applicable)

How to Test Manually (if necessary)

Run uv run pytest

… everywhere

… by user_is_admin)

… file

amandazhuyilan · 2025-05-25T23:01:46Z

Overall looks great - just a nick pick on linting...

marius-mather added 15 commits May 23, 2025 11:00

Define admin roles in config

c62bd6d

Update .env example with admin_roles

8c9eaee

Add a user_is_admin dependency for checking admin roles

cc2a151

Fix roles claim name: we now prefix with HTTPS (as recommended by Auth0)

1a2d5cd

Remove old admin check

7971073

Update AccessTokenPayload so it's easier to specify roles

e88afdc

Update User.is_admin() to check configured roles

1ef747b

Add a fixture for acting as an admin

243d548

Add admin_roles to mock settings

7dc7578

Rename client_with_settings_override: too clunky for something we use…

8800f50

… everywhere

Add data generation for Auth0 user API data

5d4530b

Move user schema tests to test_user_schema

ffdbbdb

Initial Auth0 client for making requests to the management API

f72c89a

Initial admin router with one route defined (and all routes protected…

0c22725

… by user_is_admin)

Add admin router to app

be557e1

marius-mather requested review from amandazhuyilan and minh-biocommons May 23, 2025 02:09

marius-mather added 5 commits May 23, 2025 13:46

Add tests for admin endpoints

8e6de4d

Force .env file to be ignored in tests

56a074d

Don't load env variables in main, just grab the needed value from the…

9b984d7

… file

Rework how we force the env file to be ignored in tests

184bfa3

Update tests to use the test client

bb08277

amandazhuyilan previously approved these changes May 25, 2025

View reviewed changes

Comment thread schemas/tokens.py

Comment thread tests/conftest.py

Style fix

99bbaca

marius-mather dismissed amandazhuyilan’s stale review via 99bbaca May 25, 2025 23:36

marius-mather requested a review from amandazhuyilan May 25, 2025 23:36

amandazhuyilan approved these changes May 25, 2025

View reviewed changes

marius-mather merged commit 8ae8773 into main May 25, 2025
1 check passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

AAI-182 refactor and clean up user/role checking to enable admin endpoints#19

AAI-182 refactor and clean up user/role checking to enable admin endpoints#19
marius-mather merged 21 commits into
mainfrom
admin-endpoints

marius-mather commented May 23, 2025 •

edited

Loading

Uh oh!

amandazhuyilan commented May 25, 2025

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Uh oh!

Conversation

marius-mather commented May 23, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Description

Changes

Checklist

How to Test Manually (if necessary)

Uh oh!

amandazhuyilan commented May 25, 2025

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

marius-mather commented May 23, 2025 •

edited

Loading