aboutsummaryrefslogtreecommitdiff
path: root/gn3/auth/authorisation/resources/views.py
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2023-03-18 11:35:36 +0300
committerFrederick Muriuki Muriithi2023-03-18 11:35:36 +0300
commitf7b27947495b4dc928f6c257286bcb6a7112dbed (patch)
tree7fd12449a99ed759b139980fa7733eab27e460c4 /gn3/auth/authorisation/resources/views.py
parent30900b963c043939caa4492aca6d130843e048d0 (diff)
downloadgenenetwork3-f7b27947495b4dc928f6c257286bcb6a7112dbed.tar.gz
oauth2: resources: toggle whether a resource is public or not
Diffstat (limited to 'gn3/auth/authorisation/resources/views.py')
-rw-r--r--gn3/auth/authorisation/resources/views.py27
1 files changed, 24 insertions, 3 deletions
diff --git a/gn3/auth/authorisation/resources/views.py b/gn3/auth/authorisation/resources/views.py
index 6f7b65c..5615b11 100644
--- a/gn3/auth/authorisation/resources/views.py
+++ b/gn3/auth/authorisation/resources/views.py
@@ -10,9 +10,10 @@ from gn3.auth.db_utils import with_db_connection
from .checks import authorised_for
from .models import (
- resource_by_id, resource_categories, assign_resource_user,
- link_data_to_resource, unassign_resource_user, resource_category_by_id,
- unlink_data_from_resource, create_resource as _create_resource)
+ Resource, save_resource, resource_by_id, resource_categories,
+ assign_resource_user, link_data_to_resource, unassign_resource_user,
+ resource_category_by_id, unlink_data_from_resource,
+ create_resource as _create_resource)
from ..roles import Role
from ..errors import InvalidData, InconsistencyError, AuthorisationError
@@ -214,3 +215,23 @@ def unassign_role_to_user(resource_id: uuid.UUID) -> Response:
raise AuthorisationError(aserr.args[0]) from aserr
return jsonify(with_db_connection(__assign__))
+
+@resources.route("<uuid:resource_id>/toggle-public", methods=["POST"])
+@require_oauth("profile group resource role")
+def toggle_public(resource_id: uuid.UUID) -> Response:
+ """Make a resource public if it is private, or private if public."""
+ with require_oauth.acquire("profile group resource") as the_token:
+ def __toggle__(conn: db.DbConnection) -> Resource:
+ old_rsc = resource_by_id(conn, the_token.user, resource_id)
+ return save_resource(
+ conn, the_token.user, Resource(
+ old_rsc.group, old_rsc.resource_id, old_rsc.resource_name,
+ old_rsc.resource_category, not old_rsc.public,
+ old_rsc.resource_data))
+
+ resource = with_db_connection(__toggle__)
+ return jsonify({
+ "resource": dictify(resource),
+ "description": (
+ "Made resource public" if resource.public
+ else "Made resource private")})