diff options
author | Frederick Muriuki Muriithi | 2022-11-24 13:53:59 +0300 |
---|---|---|
committer | Frederick Muriuki Muriithi | 2022-11-24 13:53:59 +0300 |
commit | 9810731b8432624c3817633ea0877dd80d0eea39 (patch) | |
tree | e30a620e9d549c6df19c80e3e27f0ac59cd7cb6e /gn3 | |
parent | 021b8dfcb99928b363e4546f626e3deb5793e392 (diff) | |
download | genenetwork3-9810731b8432624c3817633ea0877dd80d0eea39.tar.gz |
auth: Check for authentication and fix errors
* gn3/auth/authorisation/groups.py: base `MembershipError` on new
`AuthorisationError` base exception. Use new authentication checking
decorator.
* gn3/auth/authorisation/privileges.py: Change argument to User object rather
than UUID object
* gn3/auth/authorisation/roles.py: Use new authentication checking decorator.
* tests/unit/auth/test_groups.py: use `conftest.TEST_USER`
* tests/unit/auth/test_privileges.py: use `conftest.TEST_USER`
* tests/unit/auth/test_roles.py: use `conftest.TEST_USER`
Diffstat (limited to 'gn3')
-rw-r--r-- | gn3/auth/authorisation/groups.py | 5 | ||||
-rw-r--r-- | gn3/auth/authorisation/privileges.py | 5 | ||||
-rw-r--r-- | gn3/auth/authorisation/roles.py | 2 |
3 files changed, 9 insertions, 3 deletions
diff --git a/gn3/auth/authorisation/groups.py b/gn3/auth/authorisation/groups.py index ac80089..6496e87 100644 --- a/gn3/auth/authorisation/groups.py +++ b/gn3/auth/authorisation/groups.py @@ -12,6 +12,7 @@ from gn3.auth.authentication.checks import authenticated_p from .checks import authorised_p from .privileges import Privilege from .roles import Role, create_role +from .exceptions import AuthorisationError class Group(NamedTuple): """Class representing a group.""" @@ -23,7 +24,7 @@ class GroupRole(NamedTuple): group_role_id: UUID role: Role -class MembershipError(Exception): +class MembershipError(AuthorisationError): """Raised when there is an error with a user's membership to a group.""" def __init__(self, user: User, groups: Sequence[Group]): @@ -46,6 +47,7 @@ def user_membership(conn: db.DbConnection, user: User) -> Sequence[Group]: return groups +@authenticated_p @authorised_p(("create-group",), error_message="Failed to create group.") def create_group(conn: db.DbConnection, group_name: str, group_leader: User) -> Group: @@ -65,6 +67,7 @@ def create_group(conn: db.DbConnection, group_name: str, return group +@authenticated_p @authorised_p(("create-role",), error_message="Could not create the group role") def create_group_role( conn: db.DbConnection, group: Group, role_name: str, diff --git a/gn3/auth/authorisation/privileges.py b/gn3/auth/authorisation/privileges.py index 09439ad..9e66bda 100644 --- a/gn3/auth/authorisation/privileges.py +++ b/gn3/auth/authorisation/privileges.py @@ -3,13 +3,14 @@ from uuid import UUID from typing import Iterable, NamedTuple from gn3.auth import db +from gn3.auth.authentication.users import User class Privilege(NamedTuple): """Class representing a privilege: creates immutable objects.""" privilege_id: UUID privilege_name: str -def user_privileges(conn: db.DbConnection, user_id: UUID) -> Iterable[Privilege]: +def user_privileges(conn: db.DbConnection, user: User) -> Iterable[Privilege]: """Fetch the user's privileges from the database.""" with db.cursor(conn) as cursor: cursor.execute( @@ -18,7 +19,7 @@ def user_privileges(conn: db.DbConnection, user_id: UUID) -> Iterable[Privilege] "INNER JOIN role_privileges AS rp ON ur.role_id=rp.role_id " "INNER JOIN privileges AS p ON rp.privilege_id=p.privilege_id " "WHERE ur.user_id=?"), - (str(user_id),)) + (str(user.user_id),)) results = cursor.fetchall() return (Privilege(UUID(row[0]), row[1]) for row in results) diff --git a/gn3/auth/authorisation/roles.py b/gn3/auth/authorisation/roles.py index 8435c40..397ad80 100644 --- a/gn3/auth/authorisation/roles.py +++ b/gn3/auth/authorisation/roles.py @@ -3,6 +3,7 @@ from uuid import UUID, uuid4 from typing import Iterable, NamedTuple from gn3.auth import db +from gn3.auth.authentication.checks import authenticated_p from .checks import authorised_p from .privileges import Privilege @@ -13,6 +14,7 @@ class Role(NamedTuple): role_name: str privileges: Iterable[Privilege] +@authenticated_p @authorised_p(("create-role",), error_message="Could not create role") def create_role( cursor: db.DbCursor, role_name: str, |