diff options
| author | Frederick Muriuki Muriithi | 2023-03-06 10:14:20 +0300 |
|---|---|---|
| committer | Frederick Muriuki Muriithi | 2023-03-06 10:14:20 +0300 |
| commit | 4fc72af7e851f12a9f4edc98b0a55c66c9bf1b13 (patch) | |
| tree | c235b8c3aea241d61b01b1e063799baace599138 /gn3/auth/authorisation | |
| parent | 053ee795fa48a9937bc6844f8791ce71f5d93500 (diff) | |
| download | genenetwork3-4fc72af7e851f12a9f4edc98b0a55c66c9bf1b13.tar.gz | |
auth: resources: Link role's group to the resource's group
Diffstat (limited to 'gn3/auth/authorisation')
| -rw-r--r-- | gn3/auth/authorisation/resources/views.py | 11 |
1 files changed, 3 insertions, 8 deletions
diff --git a/gn3/auth/authorisation/resources/views.py b/gn3/auth/authorisation/resources/views.py index 1da93d0..e1386ab 100644 --- a/gn3/auth/authorisation/resources/views.py +++ b/gn3/auth/authorisation/resources/views.py @@ -14,8 +14,8 @@ from .models import ( create_resource as _create_resource) from ..roles import Role +from ..groups.models import Group, GroupRole from ..errors import InvalidData, AuthorisationError -from ..groups.models import Group, GroupRole, user_group, DUMMY_GROUP from ... import db from ...dictify import dictify @@ -107,24 +107,19 @@ def resource_users(resource_id: uuid.UUID): """Retrieve all users with access to the given resource.""" with require_oauth.acquire("profile group resource") as the_token: def __the_users__(conn: db.DbConnection): + resource = resource_by_id(conn, the_token.user, resource_id) authorised = authorised_for( conn, the_token.user, ("group:resource:edit-resource",), (resource_id,)) if authorised.get(resource_id, False): with db.cursor(conn) as cursor: - group = user_group(cursor, the_token.user).maybe( - DUMMY_GROUP, lambda grp: grp) - if group == DUMMY_GROUP: - raise AuthorisationError( - "Users who are not members of groups cannot access " - "resource details.") def __organise_users_n_roles__(users_n_roles, row): user_id = uuid.UUID(row["user_id"]) user = users_n_roles.get( user_id, User(user_id, row["email"], row["name"])) role = GroupRole( uuid.UUID(row["group_role_id"]), - group, + resource.group, Role(uuid.UUID(row["role_id"]), row["role_name"], tuple())) return { |