auth: Finish implementation of `create_group_role`

* gn3/auth/authorisation/groups.py: Add `GroupRole` type. Fix typing
  annotations. Fix bugs.
* tests/unit/auth/conftest.py: Fix bugs.
* tests/unit/auth/test_groups.py: Fix test to run.

3 files changed, 42 insertions, 19 deletions

diff --git a/gn3/auth/authorisation/groups.py b/gn3/auth/authorisation/groups.py
index 210c8de..6d7b885 100644
--- a/gn3/auth/authorisation/groups.py
+++ b/gn3/auth/authorisation/groups.py
@@ -12,6 +12,11 @@ class Group(NamedTuple):
     group_id: UUID
     group_name: str
 
+class GroupRole(NamedTuple):
+    """Class representing a role tied/belonging to a group."""
+    group_role_id: UUID
+    role: Role
+
 @authorised_p(("create-group",), error_message="Failed to create group.")
 def create_group(conn: db.DbConnection, group_name: str) -> Group:
     """Create a group"""
@@ -30,12 +35,14 @@ def create_group(conn: db.DbConnection, group_name: str) -> Group:
 @authorised_p(("create-role",), error_message="Could not create the group role")
 def create_group_role(
         conn: db.DbConnection, group: Group, role_name: str,
-        privileges: Iterable[Privilege]) -> Role:
+        privileges: Iterable[Privilege]) -> GroupRole:
     """Create a role attached to a group."""
     with db.cursor(conn) as cursor:
+        group_role_id = uuid4()
         role = create_role(cursor, role_name, privileges)
         cursor.execute(
-            "INSERT INTO group_roles(group_id, role_id) VALUES(?, ?)",
-            (str(group.group_id), role.role_id))
+            ("INSERT INTO group_roles(group_role_id, group_id, role_id) "
+             "VALUES(?, ?, ?)"),
+            (str(group_role_id), str(group.group_id), str(role.role_id)))
 
-    return role
+    return GroupRole(group_role_id, role)
diff --git a/tests/unit/auth/conftest.py b/tests/unit/auth/conftest.py
index 4f4f1f8..37d78a3 100644
--- a/tests/unit/auth/conftest.py
+++ b/tests/unit/auth/conftest.py
@@ -101,22 +101,22 @@ def test_users(conn_after_auth_migrations):# pylint: disable=[redefined-outer-na
              ("9a0c7ce5-2f40-4e78-979e-bf3527a59579",)))
 
 @pytest.fixture(scope="function")
-def test_users_in_group(test_group, test_users):#pytest: disable=[redefined-outer-name]
+def test_users_in_group(test_group, test_users):# pylint: disable=[redefined-outer-name]
     """Link the users to the groups."""
     conn = test_group[0]
     group = test_group[1]
     users = test_users[1]
-    query_params = (
+    query_params = tuple(
         (str(group.group_id), str(user.user_id)) for user in users
         if user.email not in ("unaff@iliated.user",))
     with db.cursor(conn) as cursor:
-        cursor.execute(
+        cursor.executemany(
             "INSERT INTO group_users(group_id, user_id) VALUES (?, ?)",
             query_params)
 
     yield (conn, group, users)
 
     with db.cursor(conn) as cursor:
-        cursor.execute(
+        cursor.executemany(
             "DELETE FROM group_users WHERE group_id=? AND user_id=?",
             query_params)
diff --git a/tests/unit/auth/test_groups.py b/tests/unit/auth/test_groups.py
index 0cd370e..9471cac 100644
--- a/tests/unit/auth/test_groups.py
+++ b/tests/unit/auth/test_groups.py
@@ -4,7 +4,10 @@ from uuid import UUID
 import pytest
 
 from gn3.auth import db
-from gn3.auth.authorisation.groups import Group, create_group, create_group_role
+from gn3.auth.authorisation.roles import Role
+from gn3.auth.authorisation.privileges import Privilege
+from gn3.auth.authorisation.groups import (
+    Group, GroupRole, create_group, create_group_role)
 
 create_group_failure = {
     "status": "error",
@@ -13,6 +16,13 @@ create_group_failure = {
 
 uuid_fn = lambda : UUID("d32611e3-07fc-4564-b56c-786c6db6de2b")
 
+GROUP = Group(UUID("9988c21d-f02f-4d45-8966-22c968ac2fbf"), "TheTestGroup")
+PRIVILEGES = (
+    Privilege(
+        UUID("7f261757-3211-4f28-a43f-a09b800b164d"), "view-resource"),
+    Privilege(
+        UUID("2f980855-959b-4339-b80e-25d1ec286e21"), "edit-resource"))
+
 @pytest.mark.unit_test
 @pytest.mark.parametrize(
     "user_id,expected", (
@@ -36,15 +46,22 @@ def test_create_group(# pylint: disable=[too-many-arguments]
         with db.connection(auth_testdb_path) as conn:
             assert create_group(conn, "a_test_group") == expected
 
+create_role_failure = {
+    "status": "error",
+    "message": "Unauthorised: Could not create the group role"
+}
+
 @pytest.mark.unit_test
 @pytest.mark.parametrize(
     "user_id,expected", (
-    ("ecb52977-3004-469e-9428-2a1856725c7f", Group(
-        UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), "a_test_group")),
-    ("21351b66-8aad-475b-84ac-53ce528451e3", create_group_failure),
-    ("ae9c6245-0966-41a5-9a5e-20885a96bea7", create_group_failure),
-    ("9a0c7ce5-2f40-4e78-979e-bf3527a59579", create_group_failure),
-    ("e614247d-84d2-491d-a048-f80b578216cb", create_group_failure)))
+    ("ecb52977-3004-469e-9428-2a1856725c7f", GroupRole(
+        UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"),
+        Role(UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"),
+             "ResourceEditor", PRIVILEGES))),
+    ("21351b66-8aad-475b-84ac-53ce528451e3", create_role_failure),
+    ("ae9c6245-0966-41a5-9a5e-20885a96bea7", create_role_failure),
+    ("9a0c7ce5-2f40-4e78-979e-bf3527a59579", create_role_failure),
+    ("e614247d-84d2-491d-a048-f80b578216cb", create_role_failure)))
 def test_create_group_role(mocker, test_users_in_group, test_app, user_id, expected):
     """
     GIVEN: an authenticated user
@@ -54,9 +71,8 @@ def test_create_group_role(mocker, test_users_in_group, test_app, user_id, expec
     """
     mocker.patch("gn3.auth.authorisation.groups.uuid4", uuid_fn)
     mocker.patch("gn3.auth.authorisation.roles.uuid4", uuid_fn)
-    conn, group, users = test_users_in_group
+    conn, _group, _users = test_users_in_group
     with test_app.app_context() as flask_context:
         flask_context.g.user_id = UUID(user_id)
-        assert create_group_role(conn, GROUP, "a_test_role", PRIVILEGES)
-
-    assert False, "NOT IMPLEMENTED"
+        assert create_group_role(
+            conn, GROUP, "ResourceEditor", PRIVILEGES) == expected