aboutsummaryrefslogtreecommitdiff
path: root/gn3/auth/authorisation/data
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2023-04-24 11:45:45 +0300
committerFrederick Muriuki Muriithi2023-04-24 11:45:45 +0300
commit3e2198e39bc229553d118f367fbd2f9932a9a76b (patch)
tree8c388b14df38240a159358475ecf35f85b6d4d9c /gn3/auth/authorisation/data
parent993420e616e143684deb1c11565b6a8286cde37f (diff)
downloadgenenetwork3-3e2198e39bc229553d118f367fbd2f9932a9a76b.tar.gz
auth: Return the actual privileges for the user
Previously, the `oauth2/data/authorisation` endpoint was returning hard-coded values for the privileges assigned to the user for each resource. In this change, we rework to return the actual privileges for the user.
Diffstat (limited to 'gn3/auth/authorisation/data')
-rw-r--r--gn3/auth/authorisation/data/views.py38
1 files changed, 29 insertions, 9 deletions
diff --git a/gn3/auth/authorisation/data/views.py b/gn3/auth/authorisation/data/views.py
index 81b3e2f..d2bdbf3 100644
--- a/gn3/auth/authorisation/data/views.py
+++ b/gn3/auth/authorisation/data/views.py
@@ -22,6 +22,8 @@ from gn3.auth.authorisation.errors import InvalidData, NotFoundError
from gn3.auth.authorisation.groups.models import group_by_id
+from gn3.auth.authorisation.users.models import user_resource_roles
+
from gn3.auth.authorisation.resources.checks import authorised_for
from gn3.auth.authorisation.resources.models import (
user_resources, public_resources, attach_resources_data)
@@ -53,14 +55,17 @@ def authorisation() -> Response:
with require_oauth.acquire("profile group resource") as the_token:
resources = attach_resources_data(
auth_conn, user_resources(auth_conn, the_token.user))
+ resources_roles = user_resource_roles(auth_conn, the_token.user)
privileges = {
- resource_id: ("group:resource:view-resource",)
+ resource_id: tuple(
+ privilege.privilege_id
+ for roles in resources_roles[resource_id]
+ for privilege in roles.privileges)#("group:resource:view-resource",)
for resource_id, is_authorised
in authorised_for(
auth_conn, the_token.user,
("group:resource:view-resource",), tuple(
- resource.resource_id for resource in resources
- if not resource.public)).items()
+ resource.resource_id for resource in resources)).items()
if is_authorised
}
except _HTTPException as exc:
@@ -76,18 +81,26 @@ def authorisation() -> Response:
# -H "Content-Type: application/json" \
# -d '{"traits": ["HC_M2_0606_P::1442370_at", "BXDGeno::01.001.695",
# "BXDPublish::10001"]}'
+ def __gen_key__(resource, data_item):
+ if resource.resource_category.resource_category_key.lower() == "phenotype":
+ return (
+ f"{resource.resource_category.resource_category_key.lower()}::"
+ f"{data_item['dataset_name']}::{data_item['PublishXRefId']}")
+ return (
+ f"{resource.resource_category.resource_category_key.lower()}::"
+ f"{data_item['dataset_name']}")
+
data_to_resource_map = {
- (f"{data_item['dataset_type'].lower()}::"
- f"{data_item['dataset_name']}"): resource.resource_id
+ __gen_key__(resource, data_item): resource.resource_id
for resource in resources
for data_item in resource.resource_data
}
privileges = {
- **privileges,
**{
resource.resource_id: ("system:resource:public-read",)
for resource in resources if resource.public
- }}
+ },
+ **privileges}
args = request.get_json()
traits_names = args["traits"] # type: ignore[index]
@@ -97,6 +110,14 @@ def authorisation() -> Response:
"Geno": "Genotype",
"Publish": "Phenotype"
}[val]
+
+ def __trait_key__(trait):
+ dataset_type = __translate__(trait['db']['dataset_type']).lower()
+ dataset_name = trait["db"]["dataset_name"]
+ if dataset_type == "phenotype":
+ return f"{dataset_type}::{dataset_name}::{trait['trait_name']}"
+ return f"{dataset_type}::{dataset_name}"
+
return jsonify(tuple(
{
**{key:trait[key] for key in ("trait_fullname", "trait_name")},
@@ -104,8 +125,7 @@ def authorisation() -> Response:
"dataset_type": __translate__(trait["db"]["dataset_type"]),
"privileges": privileges.get(
data_to_resource_map.get(
- f"{__translate__(trait['db']['dataset_type']).lower()}"
- f"::{trait['db']['dataset_name']}",
+ __trait_key__(trait),
uuid.UUID("4afa415e-94cb-4189-b2c6-f9ce2b6a878d")),
tuple())
} for trait in