yasithdev opened a new pull request, #162: URL: https://github.com/apache/airavata-portals/pull/162
## Summary Pure-token auth (#160) skips the session-based `gateway_groups_middleware` that set `request.is_gateway_admin` / `is_read_only_gateway_admin`. Several serializers read those (app modules, app interfaces, gateway resource profiles, user profiles) for `userHasWriteAccess`, so they would raise `AttributeError` once a request returns data. This defaults them to non-admin in `KeycloakTokenAuthentication`. Real admin derivation (gRPC `compute.get_gateway_groups()` + `sharing.gm_get_all_groups_user_belongs(username)`, cached) is **deferred** until there's an admin gateway user to validate the group/field shapes against — same lesson as the sharing `permission_type` (don't ship unvalidated proto-field assumptions). ## Test plan - `manage.py check` — no issues. - `/api/applications/` and `/api/projects/` continue to return 200 (validated against the running backend with a Bearer token). 🤖 Generated with [Claude Code](https://claude.com/claude-code) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
