aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2023-04-27 05:43:52 +0300
committerFrederick Muriuki Muriithi2023-04-27 05:43:52 +0300
commit0e96276a56e3a3fdf61d9f409eaac37072bdd292 (patch)
tree4db77f56f28c5bd263f5af180165b98e96248ddb
parent53b054787bc2adb679fe6cbf46ee9c20fbbc91ff (diff)
downloadgenenetwork3-0e96276a56e3a3fdf61d9f409eaac37072bdd292.tar.gz
auth: Add authorisation checks for role editting.
Diffstat
-rw-r--r--gn3/auth/authorisation/groups/models.py11
-rw-r--r--gn3/auth/authorisation/groups/views.py4
2 files changed, 11 insertions, 4 deletions
diff --git a/gn3/auth/authorisation/groups/models.py b/gn3/auth/authorisation/groups/models.py
index accf2f2..ea629e0 100644
--- a/gn3/auth/authorisation/groups/models.py
+++ b/gn3/auth/authorisation/groups/models.py
@@ -354,6 +354,9 @@ def group_role_by_id(
raise NotFoundError(
f"Group role with ID '{group_role_id}' does not exist.")
+@authorised_p(("group:role:edit-role",),
+ "You do not have the privilege to edit a role.",
+ oauth2_scope="profile group role")
def add_privilege_to_group_role(conn: db.DbConnection, group_role: GroupRole,
privilege: Privilege) -> GroupRole:
"""Add `privilege` to `group_role`."""
@@ -373,8 +376,12 @@ def add_privilege_to_group_role(conn: db.DbConnection, group_role: GroupRole,
group_role.role.user_editable,
group_role.role.privileges + (privilege,)))
-def delete_privilege_to_group_role(conn: db.DbConnection, group_role: GroupRole,
- privilege: Privilege) -> GroupRole:
+@authorised_p(("group:role:edit-role",),
+ "You do not have the privilege to edit a role.",
+ oauth2_scope="profile group role")
+def delete_privilege_from_group_role(
+ conn: db.DbConnection, group_role: GroupRole,
+ privilege: Privilege) -> GroupRole:
"""Delete `privilege` to `group_role`."""
## TODO: do privileges check.
check_user_editable(group_role.role)
diff --git a/gn3/auth/authorisation/groups/views.py b/gn3/auth/authorisation/groups/views.py
index 3f4ced0..3aa54eb 100644
--- a/gn3/auth/authorisation/groups/views.py
+++ b/gn3/auth/authorisation/groups/views.py
@@ -19,7 +19,7 @@ from .models import (
join_requests, group_role_by_id, GroupCreationError,
accept_reject_join_request, group_users as _group_users,
create_group as _create_group, add_privilege_to_group_role,
- delete_privilege_to_group_role, create_group_role as _create_group_role)
+ delete_privilege_from_group_role, create_group_role as _create_group_role)
from ..roles.models import Role
from ..checks import authorised_p
@@ -392,7 +392,7 @@ def __add_remove_priv_to_from_role__(conn: db.DbConnection,
raise NotFoundError("Privilege not found.")
dir_fns = {
"ADD": add_privilege_to_group_role,
- "DELETE": delete_privilege_to_group_role
+ "DELETE": delete_privilege_from_group_role
}
return dir_fns[direction](
conn,
generated by cgit v1.2.3 (git 2.44.0) at 2024-11-21 14:17:43 +0000