diff options
| author | Frederick Muriuki Muriithi | 2023-01-23 14:30:20 +0300 |
|---|---|---|
| committer | Frederick Muriuki Muriithi | 2023-01-23 14:30:20 +0300 |
| commit | b9139c2356f75103bc5fd17f074f4ee0e74b64aa (patch) | |
| tree | 06803f97ccea91ce5137d42f42e1abe33c38365c /gn3/auth/authorisation/roles.py | |
| parent | e92ceacccb4c8d32f28ed7d2530ddc6912a730d4 (diff) | |
| download | genenetwork3-b9139c2356f75103bc5fd17f074f4ee0e74b64aa.tar.gz | |
auth: create group: Fix group creation.
* gn3/auth/authorisation/checks.py: Enable passing user to authorisation checking function. Raise error on authorisation failure for consistent error handling. * gn3/auth/authorisation/groups.py: Add user to group, updating the privileges as appropriate. * gn3/auth/authorisation/resources.py: Fix resources querying * gn3/auth/authorisation/roles.py: Assign/revoke roles by name * gn3/auth/authorisation/views.py: Create group * migrations/auth/20221108_01_CoxYh-create-the-groups-table.py: Add group_metadata field * tests/unit/auth/fixtures/group_fixtures.py: fix tests * tests/unit/auth/test_groups.py: fix tests * tests/unit/auth/test_resources.py: fix tests * tests/unit/auth/test_roles.py: fix tests
Diffstat (limited to 'gn3/auth/authorisation/roles.py')
| -rw-r--r-- | gn3/auth/authorisation/roles.py | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/gn3/auth/authorisation/roles.py b/gn3/auth/authorisation/roles.py index e84eb71..cd59a36 100644 --- a/gn3/auth/authorisation/roles.py +++ b/gn3/auth/authorisation/roles.py @@ -98,3 +98,28 @@ def assign_default_roles(cursor: db.DbCursor, user: User): cursor.executemany( ("INSERT INTO user_roles VALUES (:user_id, :role_id)"), params) + +def revoke_user_role_by_name(cursor: db.DbCursor, user: User, role_name: str): + """Revoke a role from `user` by the role's name""" + cursor.execute( + "SELECT role_id FROM roles WHERE role_name=:role_name", + {"role_name": role_name}) + role = cursor.fetchone() + if role: + cursor.execute( + ("DELETE FROM user_roles " + "WHERE user_id=:user_id AND role_id=:role_id"), + {"user_id": str(user.user_id), "role_id": role["role_id"]}) + +def assign_user_role_by_name(cursor: db.DbCursor, user: User, role_name: str): + """Revoke a role from `user` by the role's name""" + cursor.execute( + "SELECT role_id FROM roles WHERE role_name=:role_name", + {"role_name": role_name}) + role = cursor.fetchone() + + if role: + cursor.execute( + ("INSERT INTO user_roles VALUES(:user_id, :role_id) " + "ON CONFLICT DO NOTHING"), + {"user_id": str(user.user_id), "role_id": role["role_id"]}) |