api: Remove user handling from OpenDC API server

This change removes any of the user handling and endpoints from the
OpenDC API server. The API server does not need to store user
information other than an identifier in the database.

1 files changed, 5 insertions, 11 deletions

diff --git a/opendc-web/opendc-web-api/opendc/models/scenario.py b/opendc-web/opendc-web-api/opendc/models/scenario.py
index 8d53e408..3dfde012 100644
--- a/opendc-web/opendc-web-api/opendc/models/scenario.py
+++ b/opendc-web/opendc-web-api/opendc/models/scenario.py
@@ -1,8 +1,5 @@
 from opendc.models.model import Model
 from opendc.models.portfolio import Portfolio
-from opendc.models.user import User
-from opendc.util.exceptions import ClientError
-from opendc.util.rest import Response
 
 
 class Scenario(Model):
@@ -10,17 +7,14 @@ class Scenario(Model):
 
     collection_name = 'scenarios'
 
-    def check_user_access(self, google_id, edit_access):
-        """Raises an error if the user with given [google_id] has insufficient access.
+    def check_user_access(self, user_id, edit_access):
+        """Raises an error if the user with given [user_id] has insufficient access.
 
         Checks access on the parent project.
 
-        :param google_id: The Google ID of the user.
+        :param user_id: The User ID of the user.
         :param edit_access: True when edit access should be checked, otherwise view access.
         """
         portfolio = Portfolio.from_id(self.obj['portfolioId'])
-        user = User.from_google_id(google_id)
-        authorizations = list(
-            filter(lambda x: str(x['projectId']) == str(portfolio.obj['projectId']), user.obj['authorizations']))
-        if len(authorizations) == 0 or (edit_access and authorizations[0]['authorizationLevel'] == 'VIEW'):
-            raise ClientError(Response(403, 'Forbidden from retrieving/editing scenario.'))
+        print(portfolio.obj)
+        portfolio.check_user_access(user_id, edit_access)