aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--gn3/auth/authorisation/checks.py14
-rw-r--r--gn3/auth/authorisation/groups.py5
-rw-r--r--tests/unit/auth/test_groups.py11
3 files changed, 11 insertions, 19 deletions
diff --git a/gn3/auth/authorisation/checks.py b/gn3/auth/authorisation/checks.py
index f14c5c7..3181655 100644
--- a/gn3/auth/authorisation/checks.py
+++ b/gn3/auth/authorisation/checks.py
@@ -1,6 +1,6 @@
"""Functions to check for authorisation."""
from functools import wraps
-from typing import Union, Callable
+from typing import Callable
from flask import g, current_app as app
@@ -9,8 +9,6 @@ from . import privileges as auth_privs
def authorised_p(
privileges: tuple[str],
- success_message: Union[str, bool] = (
- "Successfully authorised requested action"),
error_message: str = (
"You lack authorisation to perform requested action")):
"""Authorisation decorator."""
@@ -20,15 +18,15 @@ def authorised_p(
def __authoriser__(*args, **kwargs):
if hasattr(g, "user_id") and g.user_id:
with db.connection(app.config["AUTH_DB"]) as conn:
- user_privileges = auth_privs.user_privileges(conn, g.user_id)
+ user_privileges = tuple(
+ priv.privilege_name for priv in
+ auth_privs.user_privileges(conn, g.user_id))
not_assigned = [
priv for priv in privileges if priv not in user_privileges]
if len(not_assigned) == 0:
- return {
- "status": "success",
- "message": success_message,
- "results": func(*args, **kwargs)}
+ return func(*args, **kwargs)
+
return {
"status": "error",
"message": f"Unauthorised: {error_message}"
diff --git a/gn3/auth/authorisation/groups.py b/gn3/auth/authorisation/groups.py
index b996d21..f3345c3 100644
--- a/gn3/auth/authorisation/groups.py
+++ b/gn3/auth/authorisation/groups.py
@@ -7,15 +7,12 @@ from .privileges import Privilege
from .roles import Role, create_role
from .checks import authorised_p
-@authorised_p(
- ("create-group",), success_message="Successfully created group.",
- error_message="Failed to create group.")
-def create_group(conn, group_name):
class Group(NamedTuple):
"""Class representing a group."""
group_id: UUID
group_name: str
+@authorised_p(("create-group",), error_message="Failed to create group.")
def create_group(conn: db.DbConnection, group_name: str) -> Group:
"""Create a group"""
group = Group(uuid4(), group_name)
diff --git a/tests/unit/auth/test_groups.py b/tests/unit/auth/test_groups.py
index d83431e..1db7a7c 100644
--- a/tests/unit/auth/test_groups.py
+++ b/tests/unit/auth/test_groups.py
@@ -4,7 +4,7 @@ from uuid import UUID
import pytest
from gn3.auth import db
-from gn3.auth.authorisation.groups import create_group
+from gn3.auth.authorisation.groups import Group, create_group
create_group_failure = {
"status": "error",
@@ -16,11 +16,8 @@ group_leader_id = lambda : UUID("d32611e3-07fc-4564-b56c-786c6db6de2b")
@pytest.mark.unit_test
@pytest.mark.parametrize(
"user_id,expected", (
- ("ecb52977-3004-469e-9428-2a1856725c7f", {
- "status": "success",
- "message": "Successfully created group.",
- "results": UUID("d32611e3-07fc-4564-b56c-786c6db6de2b")
- }),
+ ("ecb52977-3004-469e-9428-2a1856725c7f", Group(
+ UUID("d32611e3-07fc-4564-b56c-786c6db6de2b"), "a_test_group")),
("21351b66-8aad-475b-84ac-53ce528451e3", create_group_failure),
("ae9c6245-0966-41a5-9a5e-20885a96bea7", create_group_failure),
("9a0c7ce5-2f40-4e78-979e-bf3527a59579", create_group_failure),
@@ -33,7 +30,7 @@ def test_create_group(# pylint: disable=[too-many-arguments]
THEN: verify they are only able to create the group if they have the
appropriate privileges
"""
- mocker.patch("gn3.auth.authorisation.groups.uuid.uuid4", group_leader_id)
+ mocker.patch("gn3.auth.authorisation.groups.uuid4", group_leader_id)
with test_app.app_context() as flask_context:
flask_context.g.user_id = UUID(user_id)
with db.connection(auth_testdb_path) as conn: