diff options
| author | Frederick Muriuki Muriithi | 2023-01-04 06:34:30 +0300 |
|---|---|---|
| committer | Frederick Muriuki Muriithi | 2023-01-04 06:34:30 +0300 |
| commit | dcd09e820ff142a8ca932363a0b67b72182d355c (patch) | |
| tree | f9b42e1630af81e41ebbc914f6c98edf36a4f225 | |
| parent | 0a31f61ee9db84eb35087073ef6b58f352252aae (diff) | |
| download | genenetwork3-dcd09e820ff142a8ca932363a0b67b72182d355c.tar.gz | |
auth: Return only non-resource roles on `/user-roles` endpoint
Resource roles will be returned as part of the resources request.
* gn3/auth/authorisation/roles.py: Simplify query - only get non-resource
roles
* gn3/auth/authorisation/views.py: update docstring
| -rw-r--r-- | gn3/auth/authorisation/roles.py | 12 | ||||
| -rw-r--r-- | gn3/auth/authorisation/views.py | 2 |
2 files changed, 4 insertions, 10 deletions
diff --git a/gn3/auth/authorisation/roles.py b/gn3/auth/authorisation/roles.py index e71d427..562d3bc 100644 --- a/gn3/auth/authorisation/roles.py +++ b/gn3/auth/authorisation/roles.py @@ -69,20 +69,14 @@ def __organise_privileges__(roles_dict, privilege_row): } def user_roles(conn: db.DbConnection, user: User): - """Retrieve ALL roles assigned to the user.""" + """Retrieve non-resource roles assigned to the user.""" with db.cursor(conn) as cursor: cursor.execute( "SELECT r.*, p.* FROM user_roles AS ur INNER JOIN roles AS r " "ON ur.role_id=r.role_id INNER JOIN role_privileges AS rp " "ON r.role_id=rp.role_id INNER JOIN privileges AS p " - "ON rp.privilege_id=p.privilege_id WHERE ur.user_id=? " - "UNION " - "SELECT r.*, p.* FROM group_user_roles_on_resources AS guror " - "INNER JOIN roles AS r ON guror.role_id=r.role_id " - "INNER JOIN role_privileges AS rp ON r.role_id=rp.role_id " - "INNER JOIN privileges AS p ON rp.privilege_id=p.privilege_id " - "WHERE guror.user_id=?", - ((str(user.user_id),)*2)) + "ON rp.privilege_id=p.privilege_id WHERE ur.user_id=?", + (str(user.user_id),)) results = cursor.fetchall() if results: diff --git a/gn3/auth/authorisation/views.py b/gn3/auth/authorisation/views.py index 2481633..2a419af 100644 --- a/gn3/auth/authorisation/views.py +++ b/gn3/auth/authorisation/views.py @@ -9,7 +9,7 @@ from ..authentication.oauth2.resource_server import require_oauth @oauth2.route("/user-roles") @require_oauth def user_roles(): - """Return the roles assigned to the user.""" + """Return the non-resource roles assigned to the user.""" with require_oauth.acquire("role") as token: with db.connection(current_app.config["AUTH_DB"]) as conn: return jsonify(_user_roles(conn, token.user)) |