diff options
Diffstat (limited to 'gn2/wqflask/oauth2/roles.py')
| -rw-r--r-- | gn2/wqflask/oauth2/roles.py | 56 |
1 files changed, 0 insertions, 56 deletions
diff --git a/gn2/wqflask/oauth2/roles.py b/gn2/wqflask/oauth2/roles.py index b0f990c7..2a21670e 100644 --- a/gn2/wqflask/oauth2/roles.py +++ b/gn2/wqflask/oauth2/roles.py @@ -21,59 +21,3 @@ def role(role_id: uuid.UUID): return oauth2_get(f"auth/role/view/{role_id}").either( request_error, __success__) -@roles.route("/create", methods=["GET", "POST"]) -@require_oauth2 -def create_role(): - """Create a new role.""" - def __roles_error__(error): - return render_ui( - "oauth2/create-role.html", roles_error=process_error(error)) - - def __gprivs_error__(roles, error): - return render_ui( - "oauth2/create-role.html", roles=roles, - group_privileges_error=process_error(error)) - - def __success__(roles, gprivs): - uprivs = tuple( - privilege["privilege_id"] for role in roles - for privilege in role["privileges"]) - return render_ui( - "oauth2/create-role.html", roles=roles, user_privileges=uprivs, - group_privileges=gprivs, - prev_role_name=request.args.get("role_name")) - - def __fetch_gprivs__(roles): - return oauth2_get("auth/group/privileges").either( - lambda err: __gprivs_error__(roles, err), - lambda gprivs: __success__(roles, gprivs)) - - if request.method == "GET": - return oauth2_get("auth/user/roles").either( - __roles_error__, __fetch_gprivs__) - - form = request.form - role_name = form.get("role_name") - privileges = form.getlist("privileges[]") - if len(privileges) == 0: - flash("You must assign at least one privilege to the role", - "alert-danger") - return redirect(url_for( - "oauth2.role.create_role", role_name=role_name)) - def __create_error__(error): - err = process_error(error) - flash(f"{err['error']}: {err['error_description']}", - "alert-danger") - return redirect(url_for("oauth2.role.create_role")) - def __create_success__(*args): - flash("Role created successfully.", "alert-success") - return redirect(url_for("oauth2.role.user_roles")) - - raise DeprecationWarning( - f"The `{__name__}.create_role(…)` function, as is currently, can " - "lead to unbounded privilege escalation. See " - "https://issues.genenetwork.org/issues/gn-auth/problems-with-roles") - # return oauth2_post( - # "auth/group/role/create",data={ - # "role_name": role_name, "privileges[]": privileges}).either( - # __create_error__,__create_success__) |