fix permissions delivery

teemukataja · teemukataja · commit 52c51afd8f2f · 2019-11-05T10:22:00.000+02:00
diff --git a/beacon_api/permissions/ga4gh.py b/beacon_api/permissions/ga4gh.py
@@ -95,16 +95,17 @@
 
 async def check_ga4gh_token(decoded_data, token, bona_fide_status, dataset_permissions):
     """Check the token for GA4GH claims."""
+    LOG.debug('Checking GA4GH claims from scope.')
+
     if 'scope' in decoded_data:
         ga4gh_scopes = ['openid', 'ga4gh_passport_v1']
         token_scopes = decoded_data.get('scope').split(' ')
-        LOG.info(f'GA4H Required scopes: {ga4gh_scopes}')
-        LOG.info(f'Token scopes: {token_scopes}')
-        LOG.info(f'Bona fide before: {bona_fide_status}')
-        LOG.info(f'Permissions before: {dataset_permissions}')
+
         if all(scope in token_scopes for scope in ga4gh_scopes):
             dataset_permissions, bona_fide_status = await get_ga4gh_permissions(token)
 
+    return dataset_permissions, bona_fide_status
+
 
 async def decode_passport(encoded_passport):
     """Return decoded header and payload from encoded passport JWT.
diff --git a/beacon_api/utils/validate.py b/beacon_api/utils/validate.py
@@ -183,19 +183,13 @@ async def token_middleware(request, handler):
                 # for now the permissions just reflects that the data can be decoded from token
                 # the bona fide status is checked against ELIXIR AAI by default or the URL from config
                 # the bona_fide_status is specific to ELIXIR Tokens
-                dataset_permissions, bona_fide_status = [], ''
-
                 # Retrieve GA4GH Passports from /userinfo and process them into dataset permissions and bona fide status
-                bona_fide_status = False
-                dataset_permissions = set()
-                await check_ga4gh_token(decoded_data, token, bona_fide_status, dataset_permissions)
-
-                LOG.info(f'Bona fide after: {bona_fide_status}')
-                LOG.info(f'Permissions after: {dataset_permissions}')
-                controlled_datasets = set()
+                dataset_permissions, bona_fide_status = set(), False
+                dataset_permissions, bona_fide_status = await check_ga4gh_token(decoded_data, token, bona_fide_status, dataset_permissions)
                 # currently we offer module for parsing GA4GH permissions, but multiple claims and providers can be utilised
                 # by updating the set, meaning replicating the line below with the permissions function and its associated claim
                 # For GA4GH DURI permissions (ELIXIR Permissions API 2.0)
+                controlled_datasets = set()
                 controlled_datasets.update(dataset_permissions)
                 all_controlled = list(controlled_datasets) if bool(controlled_datasets) else None
                 request["token"] = {"bona_fide_status": bona_fide_status,
