aboutsummaryrefslogtreecommitdiff
path: root/gn3/auth
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2023-01-04 06:34:30 +0300
committerFrederick Muriuki Muriithi2023-01-04 06:34:30 +0300
commitdcd09e820ff142a8ca932363a0b67b72182d355c (patch)
treef9b42e1630af81e41ebbc914f6c98edf36a4f225 /gn3/auth
parent0a31f61ee9db84eb35087073ef6b58f352252aae (diff)
downloadgenenetwork3-dcd09e820ff142a8ca932363a0b67b72182d355c.tar.gz
auth: Return only non-resource roles on `/user-roles` endpoint
Resource roles will be returned as part of the resources request. * gn3/auth/authorisation/roles.py: Simplify query - only get non-resource roles * gn3/auth/authorisation/views.py: update docstring
Diffstat (limited to 'gn3/auth')
-rw-r--r--gn3/auth/authorisation/roles.py12
-rw-r--r--gn3/auth/authorisation/views.py2
2 files changed, 4 insertions, 10 deletions
diff --git a/gn3/auth/authorisation/roles.py b/gn3/auth/authorisation/roles.py
index e71d427..562d3bc 100644
--- a/gn3/auth/authorisation/roles.py
+++ b/gn3/auth/authorisation/roles.py
@@ -69,20 +69,14 @@ def __organise_privileges__(roles_dict, privilege_row):
}
def user_roles(conn: db.DbConnection, user: User):
- """Retrieve ALL roles assigned to the user."""
+ """Retrieve non-resource roles assigned to the user."""
with db.cursor(conn) as cursor:
cursor.execute(
"SELECT r.*, p.* FROM user_roles AS ur INNER JOIN roles AS r "
"ON ur.role_id=r.role_id INNER JOIN role_privileges AS rp "
"ON r.role_id=rp.role_id INNER JOIN privileges AS p "
- "ON rp.privilege_id=p.privilege_id WHERE ur.user_id=? "
- "UNION "
- "SELECT r.*, p.* FROM group_user_roles_on_resources AS guror "
- "INNER JOIN roles AS r ON guror.role_id=r.role_id "
- "INNER JOIN role_privileges AS rp ON r.role_id=rp.role_id "
- "INNER JOIN privileges AS p ON rp.privilege_id=p.privilege_id "
- "WHERE guror.user_id=?",
- ((str(user.user_id),)*2))
+ "ON rp.privilege_id=p.privilege_id WHERE ur.user_id=?",
+ (str(user.user_id),))
results = cursor.fetchall()
if results:
diff --git a/gn3/auth/authorisation/views.py b/gn3/auth/authorisation/views.py
index 2481633..2a419af 100644
--- a/gn3/auth/authorisation/views.py
+++ b/gn3/auth/authorisation/views.py
@@ -9,7 +9,7 @@ from ..authentication.oauth2.resource_server import require_oauth
@oauth2.route("/user-roles")
@require_oauth
def user_roles():
- """Return the roles assigned to the user."""
+ """Return the non-resource roles assigned to the user."""
with require_oauth.acquire("role") as token:
with db.connection(current_app.config["AUTH_DB"]) as conn:
return jsonify(_user_roles(conn, token.user))