break out get_opa_permissions

CanDIG · Jan 17, 2025 · a0be093 · a0be093
1 parent 0f8cf1e
commit a0be093
Showing 1 changed file with 13 additions and 7 deletions.
diff --git a/src/authx/auth.py b/src/authx/auth.py
@@ -200,11 +200,7 @@ def is_site_admin(request, token=None, opa_url=OPA_URL, admin_secret=None):
     return False
 
 
-def is_action_allowed_for_program(token, method=None, path=None, program=None, opa_url=OPA_URL, admin_secret=None):
-    """
-    Is the user allowed to perform this action on this program?
-    """
-
+def get_opa_permissions(token, method=None, path=None, program=None, opa_url=OPA_URL, admin_secret=None):
     token = get_auth_token(None, token=token)
     if opa_url is None:
         print("WARNING: AUTHORIZATION IS DISABLED; OPA_URL is not present")
@@ -227,8 +223,18 @@ def is_action_allowed_for_program(token, method=None, path=None, program=None, o
             }
         )
     if response.status_code == 200:
-        if 'allowed' in response.json()["result"]:
-            return response.json()["result"]["allowed"]
+        return response.json()["result"], 200
+    return response.text, response.status_code
+
+def is_action_allowed_for_program(token, method=None, path=None, program=None, opa_url=OPA_URL, admin_secret=None):
+    """
+    Is the user allowed to perform this action on this program?
+    """
+
+    response, status_code = get_opa_permissions(token, method, path, program, opa_url, admin_secret)
+    if status_code == 200:
+        if 'allowed' in response:
+            return response["allowed"]
     return False