auth: create group: Fix group creation.

* gn3/auth/authorisation/checks.py: Enable passing user to authorisation
  checking function. Raise error on authorisation failure for consistent error
  handling.
* gn3/auth/authorisation/groups.py: Add user to group, updating the privileges
  as appropriate.
* gn3/auth/authorisation/resources.py: Fix resources querying
* gn3/auth/authorisation/roles.py: Assign/revoke roles by name
* gn3/auth/authorisation/views.py: Create group
* migrations/auth/20221108_01_CoxYh-create-the-groups-table.py: Add
  group_metadata field
* tests/unit/auth/fixtures/group_fixtures.py: fix tests
* tests/unit/auth/test_groups.py: fix tests
* tests/unit/auth/test_resources.py: fix tests
* tests/unit/auth/test_roles.py: fix tests

1 files changed, 24 insertions, 15 deletions

diff --git a/gn3/auth/authorisation/resources.py b/gn3/auth/authorisation/resources.py
index f27d61a..29e50bf 100644
--- a/gn3/auth/authorisation/resources.py
+++ b/gn3/auth/authorisation/resources.py
@@ -1,4 +1,5 @@
 """Handle the management of resources."""
+import json
 from uuid import UUID, uuid4
 from typing import Dict, Sequence, NamedTuple
 
@@ -68,7 +69,11 @@ def public_resources(conn: db.DbConnection) -> Sequence[Resource]:
         query = ("SELECT * FROM groups WHERE group_id IN "
                  f"({', '.join(['?'] * len(group_uuids))})")
         cursor.execute(query, group_uuids)
-        groups = {row[0]: Group(UUID(row[0]), row[1]) for row in cursor.fetchall()}
+        groups = {
+            row[0]: Group(
+                UUID(row[0]), row[1], json.loads(row[2] or "{}"))
+            for row in cursor.fetchall()
+        }
         return tuple(
             Resource(groups[row[0]], UUID(row[1]), row[2], categories[row[3]],
                      bool(row[4]))
@@ -93,22 +98,26 @@ def user_resources(conn: db.DbConnection, user: User) -> Sequence[Resource]:
         cat.resource_category_id: cat for cat in resource_categories(conn)
     }
     with db.cursor(conn) as cursor:
-        group = user_group(cursor, user).maybe(False, lambda val: val) # type: ignore[misc]
-        if not group:
-            return public_resources(conn)
-
-        gl_resources = group_leader_resources(cursor, user, group, categories)
+        def __all_resources__(group) -> Sequence[Resource]:
+            gl_resources = group_leader_resources(cursor, user, group, categories)
 
-        cursor.execute(
-            ("SELECT resources.* FROM group_user_roles_on_resources "
-             "LEFT JOIN resources "
-             "ON group_user_roles_on_resources.resource_id=resources.resource_id "
-             "WHERE group_user_roles_on_resources.group_id = ? "
-             "AND group_user_roles_on_resources.user_id = ?"),
-            (str(group.group_id), str(user.user_id)))
-        private_res = tuple(
+            cursor.execute(
+                ("SELECT resources.* FROM group_user_roles_on_resources "
+                 "LEFT JOIN resources "
+                 "ON group_user_roles_on_resources.resource_id=resources.resource_id "
+                 "WHERE group_user_roles_on_resources.group_id = ? "
+                 "AND group_user_roles_on_resources.user_id = ?"),
+                (str(group.group_id), str(user.user_id)))
+            private_res = tuple(
                 Resource(group, UUID(row[1]), row[2], categories[UUID(row[3])],
                          bool(row[4]))
                 for row in cursor.fetchall())
+            return tuple({
+                res.resource_id: res
+                for res in
+                (private_res + gl_resources + public_resources(conn))# type: ignore[operator]
+            }.values())
 
-    return tuple(set(private_res).union(gl_resources).union(public_resources(conn)))
+        # Fix the typing here
+        return user_group(cursor, user).map(__all_resources__).maybe(# type: ignore[arg-type,misc]
+            public_resources(conn), lambda res: res)# type: ignore[arg-type,return-value]