diff options
| -rw-r--r-- | gn3/auth/authorisation/checks.py | 14 | ||||
| -rw-r--r-- | gn3/auth/authorisation/groups.py | 5 | ||||
| -rw-r--r-- | tests/unit/auth/test_groups.py | 11 |
3 files changed, 11 insertions, 19 deletions
diff --git a/gn3/auth/authorisation/checks.py b/gn3/auth/authorisation/checks.py index f14c5c7..3181655 100644 --- a/gn3/auth/authorisation/checks.py +++ b/gn3/auth/authorisation/checks.py @@ -1,6 +1,6 @@ """Functions to check for authorisation.""" from functools import wraps -from typing import Union, Callable +from typing import Callable from flask import g, current_app as app @@ -9,8 +9,6 @@ from . import privileges as auth_privs def authorised_p( privileges: tuple[str], - success_message: Union[str, bool] = ( - "Successfully authorised requested action"), error_message: str = ( "You lack authorisation to perform requested action")): """Authorisation decorator.""" @@ -20,15 +18,15 @@ def authorised_p( def __authoriser__(*args, **kwargs): if hasattr(g, "user_id") and g.user_id: with db.connection(app.config["AUTH_DB"]) as conn: - user_privileges = auth_privs.user_privileges(conn, g.user_id) + user_privileges = tuple( + priv.privilege_name for priv in + auth_privs.user_privileges(conn, g.user_id)) not_assigned = [ priv for priv in privileges if priv not in user_privileges] if len(not_assigned) == 0: - return { - "status": "success", - "message": success_message, - "results": func(*args, **kwargs)} + return func(*args, **kwargs) + return { "status": "error", "message": f"Unauthorised: {error_message}" diff --git a/gn3/auth/authorisation/groups.py b/gn3/auth/authorisation/groups.py index b996d21..f3345c3 100644 --- a/gn3/auth/authorisation/groups.py +++ b/gn3/auth/authorisation/groups.py @@ -7,15 +7,12 @@ from .privileges import Privilege from .roles import Role, create_role from .checks import authorised_p -@authorised_p( - ("create-group",), success_message="Successfully created group.", - error_message="Failed to create group.") -def create_group(conn, group_name): class Group(NamedTuple): """Class representing a group.""" group_id: UUID group_name: str +@authorised_p(("create-group",), error_message="Failed to create group.") def create_group(conn: db.DbConnection, group_name: str) -> Group: """Create a group""" group = Group(uuid4(), group_name) diff --git a/tests/unit/auth/test_groups.py b/tests/unit/auth/test_groups.py index d83431e..1db7a7c 100644 --- a/tests/unit/auth/test_groups.py +++ b/tests/unit/auth/test_groups.py @@ -4,7 +4,7 @@ from uuid import UUID import pytest from gn3.auth import db -from gn3.auth.authorisation.groups import create_group +from gn3.auth.authorisation.groups import Group, create_group create_group_failure = { "status": "error", @@ -16,11 +16,8 @@ group_leader_id = lambda : UUID("d32611e3-07fc-4564-b56c-786c6db6de2b") @pytest.mark.unit_test @pytest.mark.parametrize( "user_id,expected", ( - ("ecb52977-3004-469e-9428-2a1856725c7f", { - "status": "success", - "message": "Successfully created group.", - "results": UUID("d32611e3-07fc-4564-b56c-786c6db6de2b") - }), + ("ecb52977-3004-469e-9428-2a1856725c7f", Group( + UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), "a_test_group")), ("21351b66-8aad-475b-84ac-53ce528451e3", create_group_failure), ("ae9c6245-0966-41a5-9a5e-20885a96bea7", create_group_failure), ("9a0c7ce5-2f40-4e78-979e-bf3527a59579", create_group_failure), @@ -33,7 +30,7 @@ def test_create_group(# pylint: disable=[too-many-arguments] THEN: verify they are only able to create the group if they have the appropriate privileges """ - mocker.patch("gn3.auth.authorisation.groups.uuid.uuid4", group_leader_id) + mocker.patch("gn3.auth.authorisation.groups.uuid4", group_leader_id) with test_app.app_context() as flask_context: flask_context.g.user_id = UUID(user_id) with db.connection(auth_testdb_path) as conn: |