diff options
| author | Frederick Muriuki Muriithi | 2023-01-11 11:20:36 +0300 |
|---|---|---|
| committer | Frederick Muriuki Muriithi | 2023-01-11 11:20:36 +0300 |
| commit | 53371fb668d1d18ba4696b3e4739f26edd677d8d (patch) | |
| tree | 1bdc74e65ed1c49de6414949d0a02e5cb05f7d75 /gn3/auth/authorisation/views.py | |
| parent | 1b28c4043b4e1199920bc848d752bcc154314842 (diff) | |
| download | genenetwork3-53371fb668d1d18ba4696b3e4739f26edd677d8d.tar.gz | |
auth: assign default role. separate group creation from group admin
A newly registered user will have the ability to create a group.
Once a user is a member of a group, either by creating a new group, or being
added to a group, they should not be able to create any more groups, i.e. they
lose the 'create-group' (and/or equivalent) privileges.
This means that the group-administration privileges should be separated from
the group-creation privilege.
* gn3/auth/authorisation/roles.py: assign default roles to user on
registration
* gn3/auth/authorisation/views.py: assign default roles to user on
registration
* migrations/auth/20230111_01_Wd6IZ-remove-create-group-privilege-from-group-leader.py:
separate group-creation role from group-administration role.
* tests/unit/auth/fixtures/user_fixtures.py: Add group-creation role to test
user
* tests/unit/auth/test_roles.py: Add the group-creation role explicitly in the
expected results for the test
Diffstat (limited to 'gn3/auth/authorisation/views.py')
| -rw-r--r-- | gn3/auth/authorisation/views.py | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/gn3/auth/authorisation/views.py b/gn3/auth/authorisation/views.py index 6ac3be0..2c47bd9 100644 --- a/gn3/auth/authorisation/views.py +++ b/gn3/auth/authorisation/views.py @@ -7,10 +7,10 @@ from gn3.auth.blueprint import oauth2 from .groups import user_group from .errors import UserRegistrationError -from .roles import user_roles as _user_roles +from .roles import assign_default_roles, user_roles as _user_roles from ..authentication.oauth2.resource_server import require_oauth -from ..authentication.users import User, save_user, set_user_password +from ..authentication.users import save_user, set_user_password from ..authentication.oauth2.models.oauth2token import token_by_access_token @oauth2.route("/user", methods=["GET"]) @@ -95,6 +95,7 @@ def register_user(): with db.cursor(conn) as cursor: user, _hashed_password = set_user_password( cursor, save_user(cursor, email, user_name), password) + assign_default_roles(cursor, user) return jsonify( { "user_id": user.user_id, |