auth: Specify types for privileges, roles, groups

Use specified types for privileges, roles and types rather than using strings
to help with limiting bugs.

* gn3/auth/authorisation/groups.py: Specify and use the `Group` type
* gn3/auth/authorisation/privileges.py: Specify and use the `Privilege` type
* gn3/auth/authorisation/roles.py: Specify the `Role` type. Add the
  `create_role` function.

1 files changed, 18 insertions, 4 deletions

diff --git a/gn3/auth/authorisation/groups.py b/gn3/auth/authorisation/groups.py
index 1be9f61..b996d21 100644
--- a/gn3/auth/authorisation/groups.py
+++ b/gn3/auth/authorisation/groups.py
@@ -1,17 +1,31 @@
 """Handle the management of resource/user groups."""
-import uuid
+from uuid import UUID, uuid4
+from typing import Iterable, NamedTuple
 
 from gn3.auth import db
+from .privileges import Privilege
+from .roles import Role, create_role
 from .checks import authorised_p
 
 @authorised_p(
     ("create-group",), success_message="Successfully created group.",
     error_message="Failed to create group.")
 def create_group(conn, group_name):
+class Group(NamedTuple):
+    """Class representing a group."""
+    group_id: UUID
+    group_name: str
+
+def create_group(conn: db.DbConnection, group_name: str) -> Group:
     """Create a group"""
+    group = Group(uuid4(), group_name)
     with db.cursor(conn) as cursor:
-        group_id = uuid.uuid4()
+        ## Maybe check whether the user is already a member of a group
+        ## if they are not a member of any group, proceed to create the group
+        ## if they are a member of a group, then fail with an exception
         cursor.execute(
             "INSERT INTO groups(group_id, group_name) VALUES (?, ?)",
-            (str(group_id), group_name))
-        return group_id
+            (str(group.group_id), group_name))
+        ## Maybe assign `group-leader` role to user creating the group
+
+    return group