diff options
| author | Frederick Muriuki Muriithi | 2023-09-26 03:17:54 +0300 |
|---|---|---|
| committer | Frederick Muriuki Muriithi | 2023-09-26 03:44:34 +0300 |
| commit | 5d3dffd703822b019f39e7b898758085b88b4809 (patch) | |
| tree | f140ff95bd4c79678a227c628708ef54828c6e16 | |
| parent | ac11c943c50633ed39f31688e78f9bcb933f78a7 (diff) | |
| download | gn-auth-refactor-resources.tar.gz | |
Update queryrefactor-resources
Replace `group_user_roles_on_resources` table with `user_roles` for
the query that checks whether the user has appropriate permissions to
act on a specific resource.
| -rw-r--r-- | gn_auth/auth/authorisation/resources/checks.py | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/gn_auth/auth/authorisation/resources/checks.py b/gn_auth/auth/authorisation/resources/checks.py index db975de..717e5e4 100644 --- a/gn_auth/auth/authorisation/resources/checks.py +++ b/gn_auth/auth/authorisation/resources/checks.py @@ -24,14 +24,12 @@ def authorised_for(conn: db.DbConnection, user: User, privileges: tuple[str], """ with db.cursor(conn) as cursor: cursor.execute( - ("SELECT guror.*, rp.privilege_id FROM " - "group_user_roles_on_resources AS guror " - "INNER JOIN group_roles AS gr ON " - "(guror.group_id=gr.group_id AND guror.role_id=gr.role_id) " - "INNER JOIN roles AS r ON gr.role_id=r.role_id " + ("SELECT ur.*, rp.privilege_id FROM " + "user_roles AS ur " + "INNER JOIN roles AS r ON ur.role_id=r.role_id " "INNER JOIN role_privileges AS rp ON r.role_id=rp.role_id " - "WHERE guror.user_id=? " - f"AND guror.resource_id IN ({', '.join(['?']*len(resource_ids))})" + "WHERE ur.user_id=? " + f"AND ur.resource_id IN ({', '.join(['?']*len(resource_ids))})" f"AND rp.privilege_id IN ({', '.join(['?']*len(privileges))})"), ((str(user.user_id),) + tuple( str(r_id) for r_id in resource_ids) + tuple(privileges))) |