chore: update & optimize admin user flows

wavefront/server/modules/auth_module/auth_module/controllers/superset_controller.py

@@ -3,10 +3,9 @@
 from common_module.common_container import CommonContainer
 from common_module.response_formatter import ResponseFormatter
 from db_repo_module.models.resource import ResourceScope
-from db_repo_module.models.role import Role
-from db_repo_module.repositories.sql_alchemy_repository import SQLAlchemyRepository
 from user_management_module.user_container import UserContainer
 from user_management_module.services.user_service import UserService
+from user_management_module.utils.user_utils import check_is_admin
 from dependency_injector.wiring import inject
 from dependency_injector.wiring import Provide
 from fastapi import Depends
@@ -19,20 +18,6 @@
 superset_controller = APIRouter()
 
 
-@inject
-async def check_is_admin(
-    role_id: str,
-    role_repository: SQLAlchemyRepository[Role] = Depends(
-        Provide[AuthContainer.role_repository]
-    ),
-) -> bool:
-    role = await role_repository.find_one(id=role_id)
-    if not role:
-        return False
-
-    return role.name == 'admin'
-
-
 @superset_controller.get('/v1/superset/authenticate')
 @inject
 async def superset_authenticator(
@@ -52,9 +37,12 @@ async def superset_authenticator(
     data_filters = []
     is_admin = await check_is_admin(role_id)
 
-    dashboards = await user_service.get_user_resources(
-        user_id=user_id, scope=ResourceScope.DASHBOARD
-    )
+    if is_admin:
+        dashboards = await user_service.get_all_resources(scope=ResourceScope.DASHBOARD)
+    else:
+        dashboards = await user_service.get_user_resources(
+            user_id=user_id, scope=ResourceScope.DASHBOARD
+        )
 
     if not dashboards:
         return JSONResponse(
@@ -68,14 +56,6 @@ async def superset_authenticator(
             user_id=user_id, scope=ResourceScope.DATA
         )
 
-    if not is_admin and not data_filters:
-        return JSONResponse(
-            status_code=status.HTTP_400_BAD_REQUEST,
-            content=response_formatter.buildErrorResponse(
-                'User does not have access to any dashboard'
-            ),
-        )
-
     if data_filters and len(data_filters) < 1:
         return JSONResponse(
             status_code=status.HTTP_403_FORBIDDEN,

wavefront/server/modules/llm_inference_config_module/llm_inference_config_module/controllers/llm_inference_config_controller.py

@@ -1,10 +1,7 @@
 import uuid
 
-from auth_module.auth_container import AuthContainer
 from common_module.common_container import CommonContainer
 from common_module.response_formatter import ResponseFormatter
-from db_repo_module.models.role import Role
-from db_repo_module.repositories.sql_alchemy_repository import SQLAlchemyRepository
 from dependency_injector.wiring import Provide, inject
 from fastapi import APIRouter, Depends, Request, status
 from fastapi.responses import JSONResponse
@@ -18,26 +15,11 @@
 from llm_inference_config_module.services.llm_inference_config_service import (
     LlmInferenceConfigService,
 )
-from user_management_module.constants.auth import SERVICE_AUTH_ROLE_ID
+from user_management_module.utils.user_utils import check_is_admin
 
 llm_inference_config_router = APIRouter()
 
 
-@inject
-async def check_admin(
-    role_id: str,
-    role_repository: SQLAlchemyRepository[Role] = Depends(
-        Provide[AuthContainer.role_repository]
-    ),
-) -> bool:
-    if role_id == SERVICE_AUTH_ROLE_ID:
-        return True
-    role = await role_repository.find_one(id=role_id)
-    if not role:
-        return False
-    return role.name == 'admin'
-
-
 @llm_inference_config_router.post('/v1/llm-inference-configs')
 @inject
 async def create_llm_inference_config(
@@ -51,7 +33,7 @@ async def create_llm_inference_config(
     ),
 ):
     role_id = request.state.session.role_id
-    is_admin = await check_admin(role_id)
+    is_admin = await check_is_admin(role_id)
     if not is_admin:
         return JSONResponse(
             status_code=status.HTTP_403_FORBIDDEN,
@@ -99,7 +81,7 @@ async def get_llm_inference_configs(
     ),
 ):
     role_id = request.state.session.role_id
-    is_admin = await check_admin(role_id)
+    is_admin = await check_is_admin(role_id)
     if not is_admin:
         return JSONResponse(
             status_code=status.HTTP_403_FORBIDDEN,
@@ -169,7 +151,7 @@ async def update_llm_inference_config(
     ),
 ):
     role_id = request.state.session.role_id
-    is_admin = await check_admin(role_id)
+    is_admin = await check_is_admin(role_id)
     if not is_admin:
         return JSONResponse(
             status_code=status.HTTP_403_FORBIDDEN,
@@ -293,7 +275,7 @@ async def delete_llm_inference_config(
     ),
 ):
     role_id = request.state.session.role_id
-    is_admin = await check_admin(role_id)
+    is_admin = await check_is_admin(role_id)
     if not is_admin:
         return JSONResponse(
             status_code=status.HTTP_403_FORBIDDEN,

wavefront/server/modules/plugins_module/plugins_module/controllers/authenticator_controller.py

@@ -19,7 +19,7 @@
     enable_authenticator,
     disable_authenticator,
 )
-from plugins_module.services.datasource_services import check_admin
+from user_management_module.utils.user_utils import check_is_admin
 
 
 authenticator_router = APIRouter()
@@ -52,7 +52,7 @@ async def create_authenticator(
     """Create a new authenticator configuration."""
     role_id = request.state.session.role_id
 
-    is_admin = await check_admin(role_id)
+    is_admin = await check_is_admin(role_id)
     if not is_admin:
         return JSONResponse(
             status_code=status.HTTP_403_FORBIDDEN,
@@ -105,7 +105,7 @@ async def get_all_authenticators_endpoint(
     """Get all authenticator configurations."""
     role_id = request.state.session.role_id
 
-    is_admin = await check_admin(role_id)
+    is_admin = await check_is_admin(role_id)
     if not is_admin:
         return JSONResponse(
             status_code=status.HTTP_403_FORBIDDEN,
@@ -145,7 +145,7 @@ async def get_authenticator(
     """Get authenticator configuration by ID."""
     role_id = request.state.session.role_id
 
-    is_admin = await check_admin(role_id)
+    is_admin = await check_is_admin(role_id)
     if not is_admin:
         return JSONResponse(
             status_code=status.HTTP_403_FORBIDDEN,
@@ -202,7 +202,7 @@ async def update_authenticator(
     """Update authenticator configuration."""
     role_id = request.state.session.role_id
 
-    is_admin = await check_admin(role_id)
+    is_admin = await check_is_admin(role_id)
     if not is_admin:
         return JSONResponse(
             status_code=status.HTTP_403_FORBIDDEN,
@@ -264,7 +264,7 @@ async def delete_authenticator(
     """Delete authenticator configuration."""
     role_id = request.state.session.role_id
 
-    is_admin = await check_admin(role_id)
+    is_admin = await check_is_admin(role_id)
     if not is_admin:
         return JSONResponse(
             status_code=status.HTTP_403_FORBIDDEN,
@@ -305,7 +305,7 @@ async def enable_authenticator_endpoint(
     """Enable an authenticator."""
     role_id = request.state.session.role_id
 
-    is_admin = await check_admin(role_id)
+    is_admin = await check_is_admin(role_id)
     if not is_admin:
         return JSONResponse(
             status_code=status.HTTP_403_FORBIDDEN,
@@ -346,7 +346,7 @@ async def disable_authenticator_endpoint(
     """Disable an authenticator."""
     role_id = request.state.session.role_id
 
-    is_admin = await check_admin(role_id)
+    is_admin = await check_is_admin(role_id)
     if not is_admin:
         return JSONResponse(
             status_code=status.HTTP_403_FORBIDDEN,

wavefront/server/modules/plugins_module/plugins_module/controllers/datasource_controller.py

@@ -21,7 +21,6 @@
 from datasource import DatasourcePlugin
 from datasource.types import DataSourceType, QueryResult, TableListResult
 from plugins_module.services.datasource_services import (
-    check_admin,
     check_is_valid_resource,
     fetch_data_filters,
     get_datasource_config,
@@ -37,6 +36,7 @@
 from user_management_module.services.user_service import UserService
 from flo_cloud.cloud_storage import CloudStorageManager
 from fastapi import HTTPException
+from user_management_module.utils.user_utils import check_is_admin
 from user_management_module.utils.user_utils import get_current_user
 from plugins_module.services.dynamic_query_service import DynamicQueryService
 from db_repo_module.cache.cache_manager import CacheManager
@@ -70,7 +70,7 @@ async def add_datasource(
 ):
     role_id = request.state.session.role_id
 
-    is_admin = await check_admin(role_id)
+    is_admin = await check_is_admin(role_id)
     if not is_admin:
         return JSONResponse(
             status_code=status.HTTP_403_FORBIDDEN,
@@ -141,7 +141,7 @@ async def update_datasource(
 ):
     role_id = request.state.session.role_id
 
-    is_admin = await check_admin(role_id)
+    is_admin = await check_is_admin(role_id)
     if not is_admin:
         return JSONResponse(
             status_code=status.HTTP_403_FORBIDDEN,
@@ -244,7 +244,7 @@ async def delete_datasource(
     ),
 ):
     role_id = request.state.session.role_id
-    is_admin = await check_admin(role_id)
+    is_admin = await check_is_admin(role_id)
 
     if not is_admin:
         return JSONResponse(
@@ -290,7 +290,7 @@ async def get_datasources(
     ),
 ):
     role_id = request.state.session.role_id
-    is_admin = await check_admin(role_id)
+    is_admin = await check_is_admin(role_id)
     if not is_admin:
         return JSONResponse(
             status_code=status.HTTP_403_FORBIDDEN,
@@ -319,7 +319,7 @@ async def get_datasource(
     ),
 ):
     role_id = request.state.session.role_id
-    is_admin = await check_admin(role_id)
+    is_admin = await check_is_admin(role_id)
     if not is_admin:
         return JSONResponse(
             status_code=status.HTTP_403_FORBIDDEN,
@@ -350,7 +350,7 @@ async def test_datasource_connection(
     ),
 ):
     role_id = request.state.session.role_id
-    is_admin = await check_admin(role_id)
+    is_admin = await check_is_admin(role_id)
     if not is_admin:
         return JSONResponse(
             status_code=status.HTTP_403_FORBIDDEN,
@@ -385,7 +385,7 @@ async def get_tables(
 ):
     role_id = request.state.session.role_id
 
-    is_admin = await check_admin(role_id)
+    is_admin = await check_is_admin(role_id)
     if not is_admin:
         return JSONResponse(
             status_code=status.HTTP_403_FORBIDDEN,
@@ -448,7 +448,7 @@ async def query_datasource(
 
     rls_filters = []
     filter = query_filter
-    is_admin = await check_admin(role_id)
+    is_admin = await check_is_admin(role_id)
     if not is_admin:
         rls_filters = await user_service.get_user_resources(
             user_id=user_id, scope=ResourceScope.DATA
@@ -551,7 +551,7 @@ async def create_dynamic_query(
     ),
 ):
     role_id, _, _ = get_current_user(request)
-    is_admin = await check_admin(role_id)
+    is_admin = await check_is_admin(role_id)
     if not is_admin:
         raise HTTPException(status_code=401, detail='Unauthorized')
 
@@ -588,7 +588,7 @@ async def get_all_dynamic_query_yaml(
     ),
 ):
     role_id, _, _ = get_current_user(request)
-    is_admin = await check_admin(role_id)
+    is_admin = await check_is_admin(role_id)
     if not is_admin:
         raise HTTPException(status_code=401, detail='Unauthorized')
 
@@ -621,7 +621,7 @@ async def get_dynamic_query(
     ),
 ):
     role_id, _, _ = get_current_user(request)
-    is_admin = await check_admin(role_id)
+    is_admin = await check_is_admin(role_id)
     if not is_admin:
         raise HTTPException(status_code=401, detail='Unauthorized')
 
@@ -679,7 +679,7 @@ async def execute_dynamic_query(
     yaml_query, _ = await dynamic_query_yaml_service.get_dynamic_yaml_query(query_id)
 
     rls_filter_str = None
-    is_admin = await check_admin(role_id)
+    is_admin = await check_is_admin(role_id)
     if not is_admin:
         rls_filters = await user_service.get_user_resources(
             user_id=user_id, scope=ResourceScope.DATA
@@ -787,7 +787,7 @@ async def export_dynamic_query_csv(
         )
 
     rls_filter_str = None
-    is_admin = await check_admin(role_id)
+    is_admin = await check_is_admin(role_id)
     if not is_admin:
         rls_filters = await user_service.get_user_resources(
             user_id=user_id, scope=ResourceScope.DATA
@@ -919,7 +919,7 @@ async def delete_dynamic_query(
     ),
 ):
     role_id, _, _ = get_current_user(request)
-    is_admin = await check_admin(role_id)
+    is_admin = await check_is_admin(role_id)
     if not is_admin:
         raise HTTPException(status_code=401, detail='Unauthorized')
     await dynamic_query_yaml_service.delete_dynamic_query(datasource_id, query_id)

wavefront/server/modules/plugins_module/plugins_module/services/datasource_services.py

@@ -1,15 +1,11 @@
 import collections
 from datasource import DataSourceType, BigQueryConfig, RedshiftConfig, PostgresConfig
 from db_repo_module.models.datasource import Datasource
-from db_repo_module.models.role import Role
 from db_repo_module.repositories.sql_alchemy_repository import SQLAlchemyRepository
-from dependency_injector.wiring import inject
 from dependency_injector.wiring import Provide
 from fastapi import Depends
-from auth_module.auth_container import AuthContainer
 from plugins_module.plugins_container import PluginsContainer
 from plugins_module.utils.helper import AddDatasourcePayload
-from user_management_module.constants.auth import SERVICE_AUTH_ROLE_ID
 
 
 async def get_datasource_config(
@@ -34,21 +30,6 @@ async def get_datasource_config(
         raise ValueError(f'Invalid datasource type: {datasource.type}')
 
 
-@inject
-async def check_admin(
-    role_id: str,
-    role_repositroy: SQLAlchemyRepository[Role] = Depends(
-        Provide(AuthContainer.role_repository)
-    ),
-) -> bool:
-    if role_id == SERVICE_AUTH_ROLE_ID:
-        return True
-    role = await role_repositroy.find_one(id=role_id)
-    if not role:
-        return False
-    return role.name == 'admin'
-
-
 def check_is_valid_resource(resource_id: str) -> bool:
     if resource_id in [
         'parsed_data_object',

wavefront/server/modules/user_management_module/user_management_module/constants/auth.py

@@ -9,3 +9,5 @@ class RootfloHeaders:
 
 
 SERVICE_AUTH_ROLE_ID = 'floconsole-service'
+
+ADMIN_ROLE_NAME = 'admin'