andreypopp/sfp.patch

## sfp.patch
diff --git a/src/client.ash.site_feedback_portal/src/ash/site_feedback_portal/management_api.py b/src/client.ash.site_feedback_portal/src/ash/site_feedback_portal/management_api.py
index 37187e9ca..ada7b2dc7 100644
--- a/src/client.ash.site_feedback_portal/src/ash/site_feedback_portal/management_api.py
+++ b/src/client.ash.site_feedback_portal/src/ash/site_feedback_portal/management_api.py
@@ -18,7 +18,7 @@ from rex.graphql import (
 class ManagementGraphQLBase(ManagementGraphQLEndpoint):
     enable_site_tasks = False
     enable_cohort_builder = False
-    # access = 'cohort-finder'
+    access = 'cohort-finder'

     @classmethod
     def create_context(cls, site, db, req):
diff --git a/src/client.ash.site_feedback_portal/src/ash/site_feedback_portal/utils.py b/src/client.ash.site_feedback_portal/src/ash/site_feedback_portal/utils.py
index a5e6bb740..e42a0408e 100644
--- a/src/client.ash.site_feedback_portal/src/ash/site_feedback_portal/utils.py
+++ b/src/client.ash.site_feedback_portal/src/ash/site_feedback_portal/utils.py
@@ -4,7 +4,7 @@ from rex.attach import upload

 from .ash_scd.database import pscopg_db_execute
 from rex.site_feedback_portal import GetSite
-from rex.web import Authorize
+from rex.web import Authorize, authenticate

 SORT_DIRECTION_MAPPING = {
     'asc': '+',
@@ -184,7 +184,7 @@ def check_user_permission(user, site, permission) -> bool:
     cursor = connection.cursor()
     query = """
         SELECT id FROM portal_user_permission
-        WHERE portal_sfp_user__id = (SELECT id FROM portal_sfp_user WHERE remote_user = (%(user)s) and is_active = 'true')
+        WHERE portal_sfp_user__id = (SELECT id FROM portal_sfp_user WHERE remote_user = (%(user)s) and is_active)
         AND portal_permission__id = (SELECT id FROM portal_permission WHERE code = (%(permission)s))
         AND portal_site__id = (SELECT id FROM portal_site WHERE code = (%(site_code)s))
         AND has_access = true
@@ -204,15 +204,16 @@ def check_user_permission(user, site, permission) -> bool:
 class CustomAuthorize(Authorize, GetSite):

     def __call__(self, req):
-        remote_user, site = self.get_user_site(req)
+        remote_user = authenticate(req)
+        site = req.environ.get('rex.sfp_site')
+        if site is None:
+            raise Exception('expected rex.sfp_site to be in WSGI environ')
         print("==============================")
         print(remote_user, site)
         print("==============================")
         if remote_user is None:
             return False
-        if site is None:
-            return False
-        return check_user_permission(remote_user, site, self.access)
+        return check_user_permission(remote_user, site.id, self.access)


 class SiteDashabordAuthorize(CustomAuthorize):
@@ -222,4 +223,4 @@ class DataSubmissionsAuthorize(CustomAuthorize):
     access = 'data-submissions'

 class CohortFinderAuthorize(CustomAuthorize):
-    access = 'cohort-finder'
\ No newline at end of file
+    access = 'cohort-finder'
diff --git a/src/rex.site_feedback_portal/src/rex/site_feedback_portal/handle.py b/src/rex.site_feedback_portal/src/rex/site_feedback_portal/handle.py
index 9e69f6b80..d28a08493 100644
--- a/src/rex.site_feedback_portal/src/rex/site_feedback_portal/handle.py
+++ b/src/rex.site_feedback_portal/src/rex/site_feedback_portal/handle.py
@@ -65,6 +65,7 @@ class APILocation(HandleLocation, GetSite):

     def __call__(self, req):
         remote_user, site = self.get_user_site(req)
+        req.environ['rex.sfp_site'] = site
         req.path_info_pop()
         req.path_info_pop()
         return call_site_endpoint(site, req, remote_user)
	diff --git a/src/client.ash.site_feedback_portal/src/ash/site_feedback_portal/management_api.py b/src/client.ash.site_feedback_portal/src/ash/site_feedback_portal/management_api.py
	index 37187e9ca..ada7b2dc7 100644
	--- a/src/client.ash.site_feedback_portal/src/ash/site_feedback_portal/management_api.py
	+++ b/src/client.ash.site_feedback_portal/src/ash/site_feedback_portal/management_api.py
	@@ -18,7 +18,7 @@ from rex.graphql import (
	class ManagementGraphQLBase(ManagementGraphQLEndpoint):
	enable_site_tasks = False
	enable_cohort_builder = False
	- # access = 'cohort-finder'
	+ access = 'cohort-finder'

	@classmethod
	def create_context(cls, site, db, req):
	diff --git a/src/client.ash.site_feedback_portal/src/ash/site_feedback_portal/utils.py b/src/client.ash.site_feedback_portal/src/ash/site_feedback_portal/utils.py
	index a5e6bb740..e42a0408e 100644
	--- a/src/client.ash.site_feedback_portal/src/ash/site_feedback_portal/utils.py
	+++ b/src/client.ash.site_feedback_portal/src/ash/site_feedback_portal/utils.py
	@@ -4,7 +4,7 @@ from rex.attach import upload

	from .ash_scd.database import pscopg_db_execute
	from rex.site_feedback_portal import GetSite
	-from rex.web import Authorize
	+from rex.web import Authorize, authenticate

	SORT_DIRECTION_MAPPING = {
	'asc': '+',
	@@ -184,7 +184,7 @@ def check_user_permission(user, site, permission) -> bool:
	cursor = connection.cursor()
	query = """
	SELECT id FROM portal_user_permission
	- WHERE portal_sfp_user__id = (SELECT id FROM portal_sfp_user WHERE remote_user = (%(user)s) and is_active = 'true')
	+ WHERE portal_sfp_user__id = (SELECT id FROM portal_sfp_user WHERE remote_user = (%(user)s) and is_active)
	AND portal_permission__id = (SELECT id FROM portal_permission WHERE code = (%(permission)s))
	AND portal_site__id = (SELECT id FROM portal_site WHERE code = (%(site_code)s))
	AND has_access = true
	@@ -204,15 +204,16 @@ def check_user_permission(user, site, permission) -> bool:
	class CustomAuthorize(Authorize, GetSite):

	def __call__(self, req):
	- remote_user, site = self.get_user_site(req)
	+ remote_user = authenticate(req)
	+ site = req.environ.get('rex.sfp_site')
	+ if site is None:
	+ raise Exception('expected rex.sfp_site to be in WSGI environ')
	print("==============================")
	print(remote_user, site)
	print("==============================")
	if remote_user is None:
	return False
	- if site is None:
	- return False
	- return check_user_permission(remote_user, site, self.access)
	+ return check_user_permission(remote_user, site.id, self.access)


	class SiteDashabordAuthorize(CustomAuthorize):
	@@ -222,4 +223,4 @@ class DataSubmissionsAuthorize(CustomAuthorize):
	access = 'data-submissions'

	class CohortFinderAuthorize(CustomAuthorize):
	- access = 'cohort-finder'
	\ No newline at end of file
	+ access = 'cohort-finder'
	diff --git a/src/rex.site_feedback_portal/src/rex/site_feedback_portal/handle.py b/src/rex.site_feedback_portal/src/rex/site_feedback_portal/handle.py
	index 9e69f6b80..d28a08493 100644
	--- a/src/rex.site_feedback_portal/src/rex/site_feedback_portal/handle.py
	+++ b/src/rex.site_feedback_portal/src/rex/site_feedback_portal/handle.py
	@@ -65,6 +65,7 @@ class APILocation(HandleLocation, GetSite):

	def __call__(self, req):
	remote_user, site = self.get_user_site(req)
	+ req.environ['rex.sfp_site'] = site
	req.path_info_pop()
	req.path_info_pop()
	return call_site_endpoint(site, req, remote_user)