initial dev on appllication list with search

alevie75 · alevie75 · commit 5776fffd1ced · 2023-02-24T00:03:01.000-05:00
diff --git a/api/src/controller/userSearch.py b/api/src/controller/userSearch.py
@@ -17,7 +17,9 @@ def get(self):
         permissions = canAccessUserData(auth0_id)
         if permissions is None:
             return {"message": "Internal Server Error"}, 500
-        if not permissions:
+        if not (permissions or authenticationPayload['gty'] == 'client-credentials'):
+            # check that the grant type is client-credentials which will exist only for the machine to machine
+            # auth0 connections using client id and secret, aka: discord bots and s3 resume downloader
             return {"message": "Permission Denied"}, 403
 
         parser = reqparse.RequestParser()
diff --git a/api/src/controller/users.py b/api/src/controller/users.py
@@ -4,7 +4,6 @@
 from utils.authentication import authenticate
 from data.permissions import canAccessUserData
 
-
 class Users(Resource):
     PATH = '/users'
 
@@ -13,6 +12,7 @@ def get(self):
         if authenticationPayload is None:
             return {"message": "Must be logged in"}, 401
         auth0_id = authenticationPayload['sub']
+
         permissions = canAccessUserData(auth0_id)
         if permissions is None:
             return {"message": "Internal Server Error"}, 500
diff --git a/api/src/data/permissions.py b/api/src/data/permissions.py
@@ -54,6 +54,8 @@ def checkUserPermissionsByAuth0Id(auth0Id, permission, accessType) -> bool:
     result, err = exec_get_one(sql, args)
     if err:
         return None
+    if result is None:
+        return False
     if len(result) > 0:
         # check if there are keys in result, if there are then user has permission
         return True
diff --git a/api/src/data/users.py b/api/src/data/users.py
@@ -39,7 +39,8 @@ def getUsers(applicationStatusFilterList: List[str] = None, is_virtual=None, fir
 
     if applicationStatusFilterList is not None:
         sql += f" WHERE app.status in ({','.join(['%s'] * len(applicationStatusFilterList))}) "
-        args = args + (tuple(applicationStatusFilterList),)
+        for status in applicationStatusFilterList:
+            args = args + (status,)
     if is_virtual is not None:
         sql += getOptionalAnd(firstWhereClause) + " WHERE app.is_virtual = %s "
         args = args + (is_virtual,)
