From a51a4cc182c156efdf7c1dcceb4880d5d14d8a44 Mon Sep 17 00:00:00 2001 From: Rob Nagler <5495179+robnagler@users.noreply.github.com> Date: Wed, 6 Nov 2024 06:47:44 -0700 Subject: [PATCH] Fix #7344 require premium for sbatch (#7348) --- sirepo/api_auth.py | 3 + sirepo/api_perm.py | 2 + sirepo/auth/__init__.py | 4 ++ sirepo/job_api.py | 4 +- sirepo/package_data/static/en/plans.html | 69 +++++++++++++++++++ .../static/js/sirepo-components.js | 7 +- sirepo/package_data/static/js/sirepo.js | 8 +++ .../static/json/schema-common.json | 2 +- 8 files changed, 95 insertions(+), 4 deletions(-) create mode 100644 sirepo/package_data/static/en/plans.html diff --git a/sirepo/api_auth.py b/sirepo/api_auth.py index 065446e8f2..ab484d77d9 100644 --- a/sirepo/api_auth.py +++ b/sirepo/api_auth.py @@ -33,6 +33,7 @@ def check_api_call(qcall, func): a.REQUIRE_COOKIE_SENTINEL, a.REQUIRE_USER, a.REQUIRE_ADM, + a.REQUIRE_PREMIUM, ): if not qcall.cookie.has_sentinel(): raise sirepo.util.SRException("missingCookies", None) @@ -42,6 +43,8 @@ def check_api_call(qcall, func): qcall.auth.require_email_user() elif expect == a.REQUIRE_ADM: qcall.auth.require_adm() + elif expect == a.REQUIRE_PREMIUM: + qcall.auth.require_premium() elif expect == a.ALLOW_VISITOR: pass elif expect == a.INTERNAL_TEST: diff --git a/sirepo/api_perm.py b/sirepo/api_perm.py index f5d39e0ed6..1c28eb750b 100644 --- a/sirepo/api_perm.py +++ b/sirepo/api_perm.py @@ -32,6 +32,8 @@ class APIPerm(aenum.Flag): REQUIRE_USER = aenum.auto() #: only usable on internal test systems INTERNAL_TEST = aenum.auto() + #: a user with a a premium subscription is required + REQUIRE_PREMIUM = aenum.auto() #: A user can access APIs decorated with these permissions even if they don't have the role diff --git a/sirepo/auth/__init__.py b/sirepo/auth/__init__.py index d9ecbffba0..a521abcb1d 100644 --- a/sirepo/auth/__init__.py +++ b/sirepo/auth/__init__.py @@ -517,6 +517,10 @@ def require_email_user(self): if m != METHOD_EMAIL: raise sirepo.util.Forbidden(f"method={m} is not email for uid={i}") + def require_premium(self): + if not self.is_premium_user(): + raise sirepo.util.Forbidden(f"not premium user") + def require_user(self): """Asserts whether user is logged in diff --git a/sirepo/job_api.py b/sirepo/job_api.py index 5780758ee6..f103f3441e 100644 --- a/sirepo/job_api.py +++ b/sirepo/job_api.py @@ -211,7 +211,7 @@ async def api_runStatus(self): # runStatus receives models when an animation status if first queried return await self._request_api(_request_content=self._request_content(PKDict())) - @sirepo.quest.Spec("require_user") + @sirepo.quest.Spec("require_premium") async def api_sbatchLogin(self): r = self._request_content( PKDict(computeJobHash="unused", jobRunMode=sirepo.job.SBATCH), @@ -221,7 +221,7 @@ async def api_sbatchLogin(self): r.pkdel("data") return await self._request_api(_request_content=r) - @sirepo.quest.Spec("require_user") + @sirepo.quest.Spec("require_premium") async def api_sbatchLoginStatus(self): return await self._request_api( _request_content=self._request_content( diff --git a/sirepo/package_data/static/en/plans.html b/sirepo/package_data/static/en/plans.html new file mode 100644 index 0000000000..937920ba26 --- /dev/null +++ b/sirepo/package_data/static/en/plans.html @@ -0,0 +1,69 @@ + + + + + + + + + + RadiaSoft + + + + + + +
+
+
+ +
+ +
+
+
+
+

Sirepo Plans

+

+ You are running a private instance of sirepo. +
+ license +

+
+
+
+

Sirepo Plans

+

You should only see this page if you are developing Sirepo.

+
+
+
+
+ + +
+ + diff --git a/sirepo/package_data/static/js/sirepo-components.js b/sirepo/package_data/static/js/sirepo-components.js index 896a6a4072..6d38f0baa9 100644 --- a/sirepo/package_data/static/js/sirepo-components.js +++ b/sirepo/package_data/static/js/sirepo-components.js @@ -4757,7 +4757,11 @@ SIREPO.app.directive('sbatchLoginModal', function() {