From dd7268bc0c2d841779ba488b13ca0b1f0e9ea6bc Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Mon, 17 Jun 2024 15:52:23 -0500
Subject: Remove deprecated endpoints/views and templates

---
 gn2/wqflask/oauth2/groups.py                      |  24 -----
 gn2/wqflask/oauth2/roles.py                       |  56 ------------
 gn2/wqflask/templates/oauth2/view-group-role.html | 102 ----------------------
 3 files changed, 182 deletions(-)
 delete mode 100644 gn2/wqflask/templates/oauth2/view-group-role.html

(limited to 'gn2')

diff --git a/gn2/wqflask/oauth2/groups.py b/gn2/wqflask/oauth2/groups.py
index 3bc4bcb2..e4028497 100644
--- a/gn2/wqflask/oauth2/groups.py
+++ b/gn2/wqflask/oauth2/groups.py
@@ -136,30 +136,6 @@ def reject_join_request():
             handle_error("oauth2.group.list_join_requests"),
             __success__)
 
-@groups.route("/role/<uuid:group_role_id>", methods=["GET"])
-@require_oauth2
-def group_role(group_role_id: uuid.UUID):
-    """View the details of a particular role."""
-    def __render_error__(**kwargs):
-        return render_ui("oauth2/view-group-role.html", **kwargs)
-
-    def __gprivs_success__(role, group_privileges):
-        return render_ui(
-            "oauth2/view-group-role.html", group_role=role,
-            group_privileges=tuple(
-                priv for priv in group_privileges
-                if priv not in role["role"]["privileges"]))
-
-    def __role_success__(role):
-        return oauth2_get("auth/group/privileges").either(
-            lambda err: __render_error__(
-                group_role=group_role,
-                group_privileges_error=process_error(err)),
-            lambda privileges: __gprivs_success__(role, privileges))
-
-    return oauth2_get(f"auth/group/role/{group_role_id}").either(
-        lambda err: __render_error__(group_role_error=process_error(err)),
-        __role_success__)
 
 def add_delete_privilege_to_role(
         group_role_id: uuid.UUID, direction: str) -> Response:
diff --git a/gn2/wqflask/oauth2/roles.py b/gn2/wqflask/oauth2/roles.py
index b0f990c7..2a21670e 100644
--- a/gn2/wqflask/oauth2/roles.py
+++ b/gn2/wqflask/oauth2/roles.py
@@ -21,59 +21,3 @@ def role(role_id: uuid.UUID):
     return oauth2_get(f"auth/role/view/{role_id}").either(
         request_error, __success__)
 
-@roles.route("/create", methods=["GET", "POST"])
-@require_oauth2
-def create_role():
-    """Create a new role."""
-    def __roles_error__(error):
-        return render_ui(
-            "oauth2/create-role.html", roles_error=process_error(error))
-
-    def __gprivs_error__(roles, error):
-        return render_ui(
-            "oauth2/create-role.html", roles=roles,
-            group_privileges_error=process_error(error))
-
-    def __success__(roles, gprivs):
-        uprivs = tuple(
-            privilege["privilege_id"] for role in roles
-            for privilege in role["privileges"])
-        return render_ui(
-            "oauth2/create-role.html", roles=roles, user_privileges=uprivs,
-            group_privileges=gprivs,
-            prev_role_name=request.args.get("role_name"))
-
-    def __fetch_gprivs__(roles):
-        return oauth2_get("auth/group/privileges").either(
-            lambda err: __gprivs_error__(roles, err),
-            lambda gprivs: __success__(roles, gprivs))
-
-    if request.method == "GET":
-        return oauth2_get("auth/user/roles").either(
-            __roles_error__, __fetch_gprivs__)
-
-    form = request.form
-    role_name = form.get("role_name")
-    privileges = form.getlist("privileges[]")
-    if len(privileges) == 0:
-        flash("You must assign at least one privilege to the role",
-              "alert-danger")
-        return redirect(url_for(
-            "oauth2.role.create_role", role_name=role_name))
-    def __create_error__(error):
-        err = process_error(error)
-        flash(f"{err['error']}: {err['error_description']}",
-              "alert-danger")
-        return redirect(url_for("oauth2.role.create_role"))
-    def __create_success__(*args):
-        flash("Role created successfully.", "alert-success")
-        return redirect(url_for("oauth2.role.user_roles"))
-
-    raise DeprecationWarning(
-        f"The `{__name__}.create_role(…)` function, as is currently, can "
-        "lead to unbounded privilege escalation. See "
-        "https://issues.genenetwork.org/issues/gn-auth/problems-with-roles")
-    # return oauth2_post(
-    #     "auth/group/role/create",data={
-    #         "role_name": role_name, "privileges[]": privileges}).either(
-    #     __create_error__,__create_success__)
diff --git a/gn2/wqflask/templates/oauth2/view-group-role.html b/gn2/wqflask/templates/oauth2/view-group-role.html
deleted file mode 100644
index 5da023bf..00000000
--- a/gn2/wqflask/templates/oauth2/view-group-role.html
+++ /dev/null
@@ -1,102 +0,0 @@
-{%extends "base.html"%}
-{%from "oauth2/profile_nav.html" import profile_nav%}
-{%from "oauth2/display_error.html" import display_error%}
-{%block title%}View User{%endblock%}
-{%block content%}
-<div class="container" style="min-width: 1250px;">
-  {{profile_nav("roles", user_privileges)}}
-  <h3>View Group Role</h3>
-
-  {{flash_me()}}
-
-  <div class="container-fluid">
-    <div class="row">
-      <h3>Role Details</h3>
-      {%if group_role_error is defined%}
-      {{display_error("Group Role", group_role_error)}}
-      {%else%}
-      <table class="table">
-	<caption>Details for '{{group_role.role.role_name}}' Role</caption>
-	<thead>
-	  <tr>
-	    <th>Privilege</th>
-	    <th>Description</th>
-	    <th>Action</th>
-	  </tr>
-	</thead>
-	<tbody>
-	  {%for privilege in group_role.role.privileges%}
-	  <tr>
-	    <td>{{privilege.privilege_id}}</td>
-	    <td>{{privilege.privilege_description}}</td>
-	    <td>
-	      <form action="{{url_for(
-			    'oauth2.group.delete_privilege_from_role',
-			    group_role_id=group_role.group_role_id)}}"
-		    method="POST">
-		<input type="hidden" name="privilege_id"
-		       value="{{privilege.privilege_id}}" />
-		<input type="submit" class="btn btn-danger"
-		       value="Remove"
-		       {%if not group_role.role.user_editable%}
-		       disabled="disabled"
-		       {%endif%} />
-	      </form>
-	    </td>
-	  </tr>
-	  {%endfor%}
-	</tbody>
-      </table>
-      {%endif%}
-    </div>
-
-    <div class="row">
-      <h3>Other Privileges</h3>
-      <table class="table">
-	<caption>Other Privileges not Assigned to this Role</caption>
-	<thead>
-	  <tr>
-	    <th>Privilege</th>
-	    <th>Description</th>
-	    <th>Action</th>
-	  </tr>
-	</thead>
-
-	<tbody>
-	  {%for priv in group_privileges%}
-	  <tr>
-	    <td>{{priv.privilege_id}}</td>
-	    <td>{{priv.privilege_description}}</td>
-	    <td>
-	      <form action="{{url_for(
-			    'oauth2.group.add_privilege_to_role',
-			    group_role_id=group_role.group_role_id)}}"
-		    method="POST">
-		<input type="hidden" name="privilege_id"
-		       value="{{priv.privilege_id}}" />
-		<input type="submit" class="btn btn-warning"
-		       value="Add to Role"
-		       {%if not group_role.role.user_editable%}
-		       disabled="disabled"
-		       {%endif%} />
-	      </form>
-	    </td>
-	  </tr>
-	  {%else%}
-	  <tr>
-	    <td colspan="3">
-	      <span class="glyphicon glyphicon-info-sign text-info">
-	      </span>
-	      &nbsp;
-	      <span class="text-info">All privileges assigned!</span>
-	    </td>
-	  </tr>
-	  {%endfor%}
-	</tbody>
-      </table>
-    </div>
-
-  </div>
-
-</div>
-{%endblock%}
-- 
cgit v1.2.3