about summary refs log tree commit diff
path: root/gn3/auth/authorisation/data
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2023-04-24 11:45:45 +0300
committerFrederick Muriuki Muriithi2023-04-24 11:45:45 +0300
commit3e2198e39bc229553d118f367fbd2f9932a9a76b (patch)
tree8c388b14df38240a159358475ecf35f85b6d4d9c /gn3/auth/authorisation/data
parent993420e616e143684deb1c11565b6a8286cde37f (diff)
downloadgenenetwork3-3e2198e39bc229553d118f367fbd2f9932a9a76b.tar.gz
auth: Return the actual privileges for the user
Previously, the `oauth2/data/authorisation` endpoint was returning hard-coded
values for the privileges assigned to the user for each resource. In this
change, we rework to return the actual privileges for the user.
Diffstat (limited to 'gn3/auth/authorisation/data')
-rw-r--r--gn3/auth/authorisation/data/views.py38
1 files changed, 29 insertions, 9 deletions
diff --git a/gn3/auth/authorisation/data/views.py b/gn3/auth/authorisation/data/views.py
index 81b3e2f..d2bdbf3 100644
--- a/gn3/auth/authorisation/data/views.py
+++ b/gn3/auth/authorisation/data/views.py
@@ -22,6 +22,8 @@ from gn3.auth.authorisation.errors import InvalidData, NotFoundError
 
 from gn3.auth.authorisation.groups.models import group_by_id
 
+from gn3.auth.authorisation.users.models import user_resource_roles
+
 from gn3.auth.authorisation.resources.checks import authorised_for
 from gn3.auth.authorisation.resources.models import (
     user_resources, public_resources, attach_resources_data)
@@ -53,14 +55,17 @@ def authorisation() -> Response:
             with require_oauth.acquire("profile group resource") as the_token:
                 resources = attach_resources_data(
                     auth_conn, user_resources(auth_conn, the_token.user))
+                resources_roles = user_resource_roles(auth_conn, the_token.user)
                 privileges = {
-                    resource_id: ("group:resource:view-resource",)
+                    resource_id: tuple(
+                        privilege.privilege_id
+                        for roles in resources_roles[resource_id]
+                        for privilege in roles.privileges)#("group:resource:view-resource",)
                     for resource_id, is_authorised
                     in authorised_for(
                         auth_conn, the_token.user,
                         ("group:resource:view-resource",), tuple(
-                            resource.resource_id for resource in resources
-                            if not resource.public)).items()
+                            resource.resource_id for resource in resources)).items()
                     if is_authorised
                 }
         except _HTTPException as exc:
@@ -76,18 +81,26 @@ def authorisation() -> Response:
         #    -H "Content-Type: application/json" \
         #    -d '{"traits": ["HC_M2_0606_P::1442370_at", "BXDGeno::01.001.695",
         #        "BXDPublish::10001"]}'
+        def __gen_key__(resource, data_item):
+            if resource.resource_category.resource_category_key.lower() == "phenotype":
+                return (
+                    f"{resource.resource_category.resource_category_key.lower()}::"
+                    f"{data_item['dataset_name']}::{data_item['PublishXRefId']}")
+            return (
+                f"{resource.resource_category.resource_category_key.lower()}::"
+                f"{data_item['dataset_name']}")
+
         data_to_resource_map = {
-            (f"{data_item['dataset_type'].lower()}::"
-             f"{data_item['dataset_name']}"): resource.resource_id
+            __gen_key__(resource, data_item): resource.resource_id
             for resource in resources
             for data_item in resource.resource_data
         }
         privileges = {
-            **privileges,
             **{
                 resource.resource_id: ("system:resource:public-read",)
                 for resource in resources if resource.public
-            }}
+            },
+            **privileges}
 
         args = request.get_json()
         traits_names = args["traits"] # type: ignore[index]
@@ -97,6 +110,14 @@ def authorisation() -> Response:
                 "Geno": "Genotype",
                 "Publish": "Phenotype"
             }[val]
+
+        def __trait_key__(trait):
+            dataset_type = __translate__(trait['db']['dataset_type']).lower()
+            dataset_name = trait["db"]["dataset_name"]
+            if dataset_type == "phenotype":
+                return f"{dataset_type}::{dataset_name}::{trait['trait_name']}"
+            return f"{dataset_type}::{dataset_name}"
+
         return jsonify(tuple(
             {
                 **{key:trait[key] for key in ("trait_fullname", "trait_name")},
@@ -104,8 +125,7 @@ def authorisation() -> Response:
                 "dataset_type": __translate__(trait["db"]["dataset_type"]),
                 "privileges": privileges.get(
                     data_to_resource_map.get(
-                        f"{__translate__(trait['db']['dataset_type']).lower()}"
-                        f"::{trait['db']['dataset_name']}",
+                        __trait_key__(trait),
                         uuid.UUID("4afa415e-94cb-4189-b2c6-f9ce2b6a878d")),
                     tuple())
             } for trait in