auth: group_roles: Enable addition/deletion of privileges

author: Frederick Muriuki Muriithi 2023-03-07 13:53:29 +0300
committer: Frederick Muriuki Muriithi 2023-03-07 13:53:29 +0300
commit: 8621b737b01be5a6f238725c65771dea1410f0bb (patch)
tree: 925e050d6f7e02e550553f12e663077a84e8da97 /gn3/auth/authorisation/groups/models.py
parent: a3a87ae52200cca7586b64d4e15cb12c88b17cd7 (diff)
download: genenetwork3-8621b737b01be5a6f238725c65771dea1410f0bb.tar.gz
1 files changed, 34 insertions, 0 deletions
diff --git a/gn3/auth/authorisation/groups/models.py b/gn3/auth/authorisation/groups/models.py
index b1f307f..5a58322 100644
--- a/gn3/auth/authorisation/groups/models.py
+++ b/gn3/auth/authorisation/groups/models.py
@@ -344,3 +344,37 @@ def group_role_by_id(
             return GroupRole(group_role_id, group, roles[0])
         raise NotFoundError(
             f"Group role with ID '{group_role_id}' does not exist.")
+
+def add_privilege_to_group_role(conn: db.DbConnection, group_role: GroupRole,
+                                privilege: Privilege) -> GroupRole:
+    """Add `privilege` to `group_role`."""
+    ## TODO: do privileges check.
+    with db.cursor(conn) as cursor:
+        cursor.execute(
+            "INSERT INTO role_privileges(role_id,privilege_id) "
+            "VALUES (?, ?) ON CONFLICT (role_id, privilege_id) "
+            "DO NOTHING",
+            (str(group_role.role.role_id), str(privilege.privilege_id)))
+        return GroupRole(
+            group_role.group_role_id,
+            group_role.group,
+            Role(group_role.role.role_id,
+                 group_role.role.role_name,
+                 group_role.role.privileges + (privilege,)))
+
+def delete_privilege_to_group_role(conn: db.DbConnection, group_role: GroupRole,
+                                   privilege: Privilege) -> GroupRole:
+    """Delete `privilege` to `group_role`."""
+    ## TODO: do privileges check.
+    with db.cursor(conn) as cursor:
+        cursor.execute(
+            "DELETE FROM role_privileges WHERE "
+            "role_id=? AND privilege_id=?",
+            (str(group_role.role.role_id), str(privilege.privilege_id)))
+        return GroupRole(
+            group_role.group_role_id,
+            group_role.group,
+            Role(group_role.role.role_id,
+                 group_role.role.role_name,
+                 tuple(priv for priv in group_role.role.privileges
+                       if priv != privilege)))
author	Frederick Muriuki Muriithi	2023-03-07 13:53:29 +0300
committer	Frederick Muriuki Muriithi	2023-03-07 13:53:29 +0300
commit	8621b737b01be5a6f238725c65771dea1410f0bb (patch)
tree	925e050d6f7e02e550553f12e663077a84e8da97 /gn3/auth/authorisation/groups/models.py
parent	a3a87ae52200cca7586b64d4e15cb12c88b17cd7 (diff)
download	genenetwork3-8621b737b01be5a6f238725c65771dea1410f0bb.tar.gz