diff options
| author | Frederick Muriuki Muriithi | 2023-01-23 14:30:20 +0300 |
|---|---|---|
| committer | Frederick Muriuki Muriithi | 2023-01-23 14:30:20 +0300 |
| commit | b9139c2356f75103bc5fd17f074f4ee0e74b64aa (patch) | |
| tree | 06803f97ccea91ce5137d42f42e1abe33c38365c /gn3/auth/authorisation/checks.py | |
| parent | e92ceacccb4c8d32f28ed7d2530ddc6912a730d4 (diff) | |
| download | genenetwork3-b9139c2356f75103bc5fd17f074f4ee0e74b64aa.tar.gz | |
auth: create group: Fix group creation.
* gn3/auth/authorisation/checks.py: Enable passing user to authorisation
checking function. Raise error on authorisation failure for consistent error
handling.
* gn3/auth/authorisation/groups.py: Add user to group, updating the privileges
as appropriate.
* gn3/auth/authorisation/resources.py: Fix resources querying
* gn3/auth/authorisation/roles.py: Assign/revoke roles by name
* gn3/auth/authorisation/views.py: Create group
* migrations/auth/20221108_01_CoxYh-create-the-groups-table.py: Add
group_metadata field
* tests/unit/auth/fixtures/group_fixtures.py: fix tests
* tests/unit/auth/test_groups.py: fix tests
* tests/unit/auth/test_resources.py: fix tests
* tests/unit/auth/test_roles.py: fix tests
Diffstat (limited to 'gn3/auth/authorisation/checks.py')
| -rw-r--r-- | gn3/auth/authorisation/checks.py | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/gn3/auth/authorisation/checks.py b/gn3/auth/authorisation/checks.py index d847c1e..8fef209 100644 --- a/gn3/auth/authorisation/checks.py +++ b/gn3/auth/authorisation/checks.py @@ -1,35 +1,38 @@ """Functions to check for authorisation.""" from functools import wraps -from typing import Callable +from typing import Callable, Optional from flask import g, current_app as app from gn3.auth import db + from . import privileges as auth_privs +from .errors import AuthorisationError + +from ..authentication.users import User def authorised_p( privileges: tuple[str], error_message: str = ( - "You lack authorisation to perform requested action")): + "You lack authorisation to perform requested action"), + user: Optional[User] = None): """Authorisation decorator.""" assert len(privileges) > 0, "You must provide at least one privilege" def __build_authoriser__(func: Callable): @wraps(func) def __authoriser__(*args, **kwargs): - if hasattr(g, "user") and g.user: + the_user = user or (hasattr(g, "user") and g.user) + if the_user: with db.connection(app.config["AUTH_DB"]) as conn: user_privileges = tuple( priv.privilege_id for priv in - auth_privs.user_privileges(conn, g.user)) + auth_privs.user_privileges(conn, the_user)) not_assigned = [ priv for priv in privileges if priv not in user_privileges] if len(not_assigned) == 0: return func(*args, **kwargs) - return { - "status": "error", - "message": f"Unauthorised: {error_message}" - } + raise AuthorisationError(error_message) return __authoriser__ return __build_authoriser__ |