1 files changed, 29 insertions, 17 deletions

diff --git a/osdf/adapters/aaf/aaf_authentication.py b/osdf/adapters/aaf/aaf_authentication.py
index 26eac29..b9aa510 100644
--- a/osdf/adapters/aaf/aaf_authentication.py
+++ b/osdf/adapters/aaf/aaf_authentication.py
@@ -17,12 +17,14 @@
 #
 
 import base64
-import re
-from datetime import datetime, timedelta
+from datetime import datetime
+from datetime import timedelta
 from flask import request
+import re
 
 from osdf.config.base import osdf_config
-from osdf.logging.osdf_logging import error_log, debug_log
+from osdf.logging.osdf_logging import debug_log
+from osdf.logging.osdf_logging import error_log
 from osdf.utils.interfaces import RestClient
 
 AUTHZ_PERMS_USER = '{}/authz/perms/user/{}'
@@ -43,7 +45,6 @@ def authenticate(uid, passwd):
         return has_valid_role(perms)
     except Exception as exp:
         error_log.error("Error Authenticating the user {} : {}: ".format(uid, exp))
-        pass
     return False
 
 
@@ -57,27 +58,38 @@ else return false
 def has_valid_role(perms):
     aaf_user_roles = deploy_config['aaf_user_roles']
 
+    aaf_roles = get_role_list(perms)
+
     for roles in aaf_user_roles:
         path_perm = roles.split(':')
         uri = path_perm[0]
-        role = path_perm[1].split('|')[0]
-        if re.search(uri, request.path) and perms:
-            roles = perms.get('roles')
-            if roles:
-                perm_list = roles.get('perm')
-                for p in perm_list:
-                    if role == p['type']:
-                        return True
+        perm = path_perm[1].split('|')
+        p = (perm[0], perm[1], perm[2].split()[0])
+        if re.search(uri, request.path) and p in aaf_roles:
+            return True
     return False
 
+
 """
-Make the remote aaf api call if user is not in the cache.
+Build a list of roles tuples from the AAF response.
 
-Return the perms
 """
+
+
+def get_role_list(perms):
+    role_list = []
+    if perms:
+        roles = perms.get('roles')
+        if roles:
+            perm = roles.get('perm', [])
+            for p in perm:
+                role_list.append((p['type'], p['instance'], p['action']))
+    return role_list
+
+
 def get_aaf_permissions(uid, passwd):
     key = base64.b64encode(bytes("{}_{}".format(uid, passwd), "ascii"))
-    time_delta = timedelta(hours=deploy_config.get('aaf_cache_expiry_hrs', 3))
+    time_delta = timedelta(minutes=deploy_config.get('aaf_cache_expiry_mins', 5))
 
     perms = perm_cache.get(key)
 
@@ -91,8 +103,8 @@ def get_aaf_permissions(uid, passwd):
 
 
 def remote_api(passwd, uid):
-    headers = {"Accept": "application/Users+xml;q=1.0;charset=utf-8;version=2.0,text/xml;q=1.0;version=2.0",
-               "Accept": "application/Users+json;q=1.0;charset=utf-8;version=2.0,application/json;q=1.0;version=2.0,*/*;q=1.0"}
+    headers = {"Accept": "application/Users+json;q=1.0;charset=utf-8;version=2.0,application/json;q=1.0;version=2.0,"
+                         "*/*;q=1.0"}
     url = AUTHZ_PERMS_USER.format(deploy_config['aaf_url'], uid)
     rc = RestClient(userid=uid, passwd=passwd, headers=headers, url=url, log_func=debug_log.debug,
                     req_id='aaf_user_id')