aboutsummaryrefslogtreecommitdiff
path: root/gn3/auth/authorisation/groups/views.py
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2023-04-27 06:30:46 +0300
committerFrederick Muriuki Muriithi2023-04-27 06:46:48 +0300
commit12e9f87753d5ef0d3343a2a92a824f2ace696e4e (patch)
tree2323936027c86a2449ccae811d69f34b940b82af /gn3/auth/authorisation/groups/views.py
parent0e96276a56e3a3fdf61d9f409eaac37072bdd292 (diff)
downloadgenenetwork3-12e9f87753d5ef0d3343a2a92a824f2ace696e4e.tar.gz
auth: List also the non-resource privileges the user has
While creating new group roles, enable the listing of non-resource privileges, e.g. `system:group:*` and `system:user:*` that the user has to allow for them to be used in role creation.
Diffstat (limited to 'gn3/auth/authorisation/groups/views.py')
-rw-r--r--gn3/auth/authorisation/groups/views.py9
1 files changed, 7 insertions, 2 deletions
diff --git a/gn3/auth/authorisation/groups/views.py b/gn3/auth/authorisation/groups/views.py
index 3aa54eb..628df36 100644
--- a/gn3/auth/authorisation/groups/views.py
+++ b/gn3/auth/authorisation/groups/views.py
@@ -22,6 +22,8 @@ from .models import (
delete_privilege_from_group_role, create_group_role as _create_group_role)
from ..roles.models import Role
+from ..roles.models import user_roles
+
from ..checks import authorised_p
from ..privileges import Privilege, privileges_by_ids
from ..errors import InvalidData, NotFoundError, AuthorisationError
@@ -308,15 +310,18 @@ def group_roles():
@require_oauth("profile group")
def group_privileges():
"""Return a list of all available group roles."""
- with require_oauth.acquire("profile group role") as _the_token:
+ with require_oauth.acquire("profile group role") as the_token:
def __list_privileges__(conn: db.DbConnection) -> Iterable[Privilege]:
## TODO: Check that user has appropriate privileges
+ this_user_roles = user_roles(conn, the_token.user)
with db.cursor(conn) as cursor:
cursor.execute("SELECT * FROM privileges "
"WHERE privilege_id LIKE 'group:%'")
- return (
+ group_level_roles = tuple(
Privilege(row["privilege_id"], row["privilege_description"])
for row in cursor.fetchall())
+ return tuple(privilege for arole in this_user_roles
+ for privilege in arole.privileges) + group_level_roles
return jsonify(tuple(
dictify(priv) for priv in with_db_connection(__list_privileges__)))