aboutsummaryrefslogtreecommitdiff
path: root/gn3
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2022-11-24 13:53:59 +0300
committerFrederick Muriuki Muriithi2022-11-24 13:53:59 +0300
commit9810731b8432624c3817633ea0877dd80d0eea39 (patch)
treee30a620e9d549c6df19c80e3e27f0ac59cd7cb6e /gn3
parent021b8dfcb99928b363e4546f626e3deb5793e392 (diff)
downloadgenenetwork3-9810731b8432624c3817633ea0877dd80d0eea39.tar.gz
auth: Check for authentication and fix errors
* gn3/auth/authorisation/groups.py: base `MembershipError` on new `AuthorisationError` base exception. Use new authentication checking decorator. * gn3/auth/authorisation/privileges.py: Change argument to User object rather than UUID object * gn3/auth/authorisation/roles.py: Use new authentication checking decorator. * tests/unit/auth/test_groups.py: use `conftest.TEST_USER` * tests/unit/auth/test_privileges.py: use `conftest.TEST_USER` * tests/unit/auth/test_roles.py: use `conftest.TEST_USER`
Diffstat (limited to 'gn3')
-rw-r--r--gn3/auth/authorisation/groups.py5
-rw-r--r--gn3/auth/authorisation/privileges.py5
-rw-r--r--gn3/auth/authorisation/roles.py2
3 files changed, 9 insertions, 3 deletions
diff --git a/gn3/auth/authorisation/groups.py b/gn3/auth/authorisation/groups.py
index ac80089..6496e87 100644
--- a/gn3/auth/authorisation/groups.py
+++ b/gn3/auth/authorisation/groups.py
@@ -12,6 +12,7 @@ from gn3.auth.authentication.checks import authenticated_p
from .checks import authorised_p
from .privileges import Privilege
from .roles import Role, create_role
+from .exceptions import AuthorisationError
class Group(NamedTuple):
"""Class representing a group."""
@@ -23,7 +24,7 @@ class GroupRole(NamedTuple):
group_role_id: UUID
role: Role
-class MembershipError(Exception):
+class MembershipError(AuthorisationError):
"""Raised when there is an error with a user's membership to a group."""
def __init__(self, user: User, groups: Sequence[Group]):
@@ -46,6 +47,7 @@ def user_membership(conn: db.DbConnection, user: User) -> Sequence[Group]:
return groups
+@authenticated_p
@authorised_p(("create-group",), error_message="Failed to create group.")
def create_group(conn: db.DbConnection, group_name: str,
group_leader: User) -> Group:
@@ -65,6 +67,7 @@ def create_group(conn: db.DbConnection, group_name: str,
return group
+@authenticated_p
@authorised_p(("create-role",), error_message="Could not create the group role")
def create_group_role(
conn: db.DbConnection, group: Group, role_name: str,
diff --git a/gn3/auth/authorisation/privileges.py b/gn3/auth/authorisation/privileges.py
index 09439ad..9e66bda 100644
--- a/gn3/auth/authorisation/privileges.py
+++ b/gn3/auth/authorisation/privileges.py
@@ -3,13 +3,14 @@ from uuid import UUID
from typing import Iterable, NamedTuple
from gn3.auth import db
+from gn3.auth.authentication.users import User
class Privilege(NamedTuple):
"""Class representing a privilege: creates immutable objects."""
privilege_id: UUID
privilege_name: str
-def user_privileges(conn: db.DbConnection, user_id: UUID) -> Iterable[Privilege]:
+def user_privileges(conn: db.DbConnection, user: User) -> Iterable[Privilege]:
"""Fetch the user's privileges from the database."""
with db.cursor(conn) as cursor:
cursor.execute(
@@ -18,7 +19,7 @@ def user_privileges(conn: db.DbConnection, user_id: UUID) -> Iterable[Privilege]
"INNER JOIN role_privileges AS rp ON ur.role_id=rp.role_id "
"INNER JOIN privileges AS p ON rp.privilege_id=p.privilege_id "
"WHERE ur.user_id=?"),
- (str(user_id),))
+ (str(user.user_id),))
results = cursor.fetchall()
return (Privilege(UUID(row[0]), row[1]) for row in results)
diff --git a/gn3/auth/authorisation/roles.py b/gn3/auth/authorisation/roles.py
index 8435c40..397ad80 100644
--- a/gn3/auth/authorisation/roles.py
+++ b/gn3/auth/authorisation/roles.py
@@ -3,6 +3,7 @@ from uuid import UUID, uuid4
from typing import Iterable, NamedTuple
from gn3.auth import db
+from gn3.auth.authentication.checks import authenticated_p
from .checks import authorised_p
from .privileges import Privilege
@@ -13,6 +14,7 @@ class Role(NamedTuple):
role_name: str
privileges: Iterable[Privilege]
+@authenticated_p
@authorised_p(("create-role",), error_message="Could not create role")
def create_role(
cursor: db.DbCursor, role_name: str,