aboutsummaryrefslogtreecommitdiff
path: root/gn3/auth/authorisation/resources/views.py
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2023-03-07 06:24:37 +0300
committerFrederick Muriuki Muriithi2023-03-07 06:24:37 +0300
commita3a87ae52200cca7586b64d4e15cb12c88b17cd7 (patch)
treee6ee9bab751382ea379694ef83735625f234206e /gn3/auth/authorisation/resources/views.py
parent09c2330e9e8279f6c9fd391a736435ceb4705873 (diff)
downloadgenenetwork3-a3a87ae52200cca7586b64d4e15cb12c88b17cd7.tar.gz
auth: resources: unassign roles on resource from a user.
Diffstat (limited to 'gn3/auth/authorisation/resources/views.py')
-rw-r--r--gn3/auth/authorisation/resources/views.py29
1 files changed, 26 insertions, 3 deletions
diff --git a/gn3/auth/authorisation/resources/views.py b/gn3/auth/authorisation/resources/views.py
index 6d4098a..220181e 100644
--- a/gn3/auth/authorisation/resources/views.py
+++ b/gn3/auth/authorisation/resources/views.py
@@ -10,8 +10,8 @@ from gn3.auth.db_utils import with_db_connection
from .checks import authorised_for
from .models import (
resource_by_id, resource_categories, assign_resource_user,
- link_data_to_resource, resource_category_by_id, unlink_data_from_resource,
- create_resource as _create_resource)
+ link_data_to_resource, unassign_resource_user, resource_category_by_id,
+ unlink_data_from_resource, create_resource as _create_resource)
from ..roles import Role
from ..errors import InvalidData, AuthorisationError
@@ -19,8 +19,8 @@ from ..groups.models import Group, GroupRole, group_role_by_id
from ... import db
from ...dictify import dictify
-from ...authentication.users import User, user_by_email
from ...authentication.oauth2.resource_server import require_oauth
+from ...authentication.users import User, user_by_id, user_by_email
resources = Blueprint("resources", __name__)
@@ -181,3 +181,26 @@ def assign_role_to_user(resource_id: uuid.UUID) -> Response:
raise AuthorisationError(aserr.args[0]) from aserr
return jsonify(with_db_connection(__assign__))
+
+@resources.route("<uuid:resource_id>/user/unassign", methods=["POST"])
+@require_oauth("profile group resource role")
+def unassign_role_to_user(resource_id: uuid.UUID) -> Response:
+ """Unassign a role on the specified resource from a user."""
+ with require_oauth.acquire("profile group resource role") as the_token:
+ try:
+ form = request.form
+ group_role_id = form.get("group_role_id", "")
+ user_id = form.get("user_id", "")
+ assert bool(group_role_id), "The role must be provided."
+ assert bool(user_id), "The user id must be provided."
+
+ def __assign__(conn: db.DbConnection) -> dict:
+ resource = resource_by_id(conn, the_token.user, resource_id)
+ return unassign_resource_user(
+ conn, resource, user_by_id(conn, uuid.UUID(user_id)),
+ group_role_by_id(conn, resource.group,
+ uuid.UUID(group_role_id)))
+ except AssertionError as aserr:
+ raise AuthorisationError(aserr.args[0]) from aserr
+
+ return jsonify(with_db_connection(__assign__))