genenetwork3/gn3/auth/authorisation/checks.py, branch auth/implement-authorization-code-flow

auth: Retrieve `system:*` privileges from resource roles

2023-04-27T03:46:48+00:00

With the assignment of `system:*` privileges to roles, we need to check for their existence when doing authorisation. This commit provides a hack for that, seeing as user groups (and the system itself) are not treated as resources, and therefore the way to fetch the privileges is not entirely consistent.

auth: groups: handle join requests.

2023-02-08T14:44:50+00:00

auth: tests: mock token acquisition. Fix minor bugs.

2023-02-03T12:15:26+00:00

auth: Improve authorisation

2023-02-02T11:15:29+00:00

Retrieve the token, and user in the authorisation decorator to enable checking of privileges.

auth: create group: Fix group creation.

2023-01-23T11:30:20+00:00

* gn3/auth/authorisation/checks.py: Enable passing user to authorisation checking function. Raise error on authorisation failure for consistent error handling. * gn3/auth/authorisation/groups.py: Add user to group, updating the privileges as appropriate. * gn3/auth/authorisation/resources.py: Fix resources querying * gn3/auth/authorisation/roles.py: Assign/revoke roles by name * gn3/auth/authorisation/views.py: Create group * migrations/auth/20221108_01_CoxYh-create-the-groups-table.py: Add group_metadata field * tests/unit/auth/fixtures/group_fixtures.py: fix tests * tests/unit/auth/test_groups.py: fix tests * tests/unit/auth/test_resources.py: fix tests * tests/unit/auth/test_roles.py: fix tests

auth: update privileges format

2023-01-16T09:14:24+00:00

Save privileges with ids of the form :: rather than using a UUID, to reduce indirection levels. * migrations/auth/20230116_01_KwuJ3-rework-privileges-schema.py: new migration to change the schema and IDs for the privileges. * Update code to use new privileges format * gn3/auth/authorisation/checks.py * gn3/auth/authorisation/groups.py * gn3/auth/authorisation/privileges.py * gn3/auth/authorisation/resources.py * gn3/auth/authorisation/roles.py * migrations/auth/20230116_01_KwuJ3-rework-privileges-schema.py * tests/unit/auth/fixtures/role_fixtures.py * tests/unit/auth/test_groups.py * tests/unit/auth/test_privileges.py * tests/unit/auth/test_roles.py

auth: Implement `create_resource` function

2022-11-24T10:52:29+00:00

* gn3/auth/authentication/checks.py: new `authenticated_p` decorator to apply on any function that requires the user to be authenticated before it runs. * gn3/auth/authorisation/checks.py: use a `auth.authentication.users.User` object rather than a UUID object in the global `g`. * gn3/auth/authorisation/groups.py: Implement the `authenticated_user_group` function to get the group(s) in which the currently authenticated user belongs. * gn3/auth/authorisation/resources.py: Implement the `create_resource` function correctly. * tests/unit/auth/conftest.py: extract the User objects into a global variable for reusability with the tests. * tests/unit/auth/test_resources.py: Use global user objects from conftest in the tests. Set a User object (rather than UUID) in the global `g` variable.

auth: Return results of calling function directly

2022-11-15T10:08:56+00:00

* gn3/auth/authorisation/checks.py: Return results of calling the function rather than a dict of values that include the results. * gn3/auth/authorisation/groups.py: Use the newer form of `authorised_p` decorator. * tests/unit/auth/test_groups.py: Update tests

auth: Reorganise package - move function to `checks` module

2022-11-15T03:20:59+00:00

* gn3/auth/authorisation/__init__.py: delete function * gn3/auth/authorisation/checks.py: move function to `checks` module