oauth2: resources: toggle whether a resource is public or not

2 files changed, 51 insertions, 3 deletions

diff --git a/gn3/auth/authorisation/resources/models.py b/gn3/auth/authorisation/resources/models.py
index 4049fae..afda5e8 100644
--- a/gn3/auth/authorisation/resources/models.py
+++ b/gn3/auth/authorisation/resources/models.py
@@ -529,3 +529,30 @@ def unassign_resource_user(
                 f"The user '{user.name}'({user.email}) had the "
                 f"'{role.role.role_name}' role on resource with ID "
                 f"'{resource.resource_id}' taken away.")}
+
+def save_resource(
+        conn: db.DbConnection, user: User, resource: Resource) -> Resource:
+    """Update an existing resource."""
+    resource_id = resource.resource_id
+    authorised = authorised_for(
+        conn, user, ("group:resource:edit-resource",), (resource_id,))
+    if authorised[resource_id]:
+        with db.cursor(conn) as cursor:
+            params = {**dictify(resource), "public": 1 if resource.public else 0}
+            print(f"THE PARAMS: {params}")
+            cursor.execute(
+                "UPDATE resources SET "
+                "resource_name=:resource_name, "
+                "public=:public "
+                "WHERE group_id=:group_id "
+                "AND resource_id=:resource_id",
+                {
+                    "resource_name": resource.resource_name,
+                    "public": 1 if resource.public else 0,
+                    "group_id": str(resource.group.group_id),
+                    "resource_id": str(resource.resource_id)
+                })
+            return resource
+
+    raise AuthorisationError(
+        "You do not have the appropriate privileges to edit this resource.")
diff --git a/gn3/auth/authorisation/resources/views.py b/gn3/auth/authorisation/resources/views.py
index 6f7b65c..5615b11 100644
--- a/gn3/auth/authorisation/resources/views.py
+++ b/gn3/auth/authorisation/resources/views.py
@@ -10,9 +10,10 @@ from gn3.auth.db_utils import with_db_connection
 
 from .checks import authorised_for
 from .models import (
-    resource_by_id, resource_categories, assign_resource_user,
-    link_data_to_resource, unassign_resource_user, resource_category_by_id,
-    unlink_data_from_resource, create_resource as _create_resource)
+    Resource, save_resource, resource_by_id, resource_categories,
+    assign_resource_user, link_data_to_resource, unassign_resource_user,
+    resource_category_by_id, unlink_data_from_resource,
+    create_resource as _create_resource)
 
 from ..roles import Role
 from ..errors import InvalidData, InconsistencyError, AuthorisationError
@@ -214,3 +215,23 @@ def unassign_role_to_user(resource_id: uuid.UUID) -> Response:
             raise AuthorisationError(aserr.args[0]) from aserr
 
         return jsonify(with_db_connection(__assign__))
+
+@resources.route("<uuid:resource_id>/toggle-public", methods=["POST"])
+@require_oauth("profile group resource role")
+def toggle_public(resource_id: uuid.UUID) -> Response:
+    """Make a resource public if it is private, or private if public."""
+    with require_oauth.acquire("profile group resource") as the_token:
+        def __toggle__(conn: db.DbConnection) -> Resource:
+            old_rsc = resource_by_id(conn, the_token.user, resource_id)
+            return save_resource(
+                conn, the_token.user, Resource(
+                    old_rsc.group, old_rsc.resource_id, old_rsc.resource_name,
+                    old_rsc.resource_category, not old_rsc.public,
+                    old_rsc.resource_data))
+
+        resource = with_db_connection(__toggle__)
+        return jsonify({
+            "resource": dictify(resource),
+            "description": (
+                "Made resource public" if resource.public
+                else "Made resource private")})