aboutsummaryrefslogtreecommitdiff
path: root/gn3/auth/authorisation/checks.py
diff options
context:
space:
mode:
Diffstat (limited to 'gn3/auth/authorisation/checks.py')
-rw-r--r--gn3/auth/authorisation/checks.py37
1 files changed, 37 insertions, 0 deletions
diff --git a/gn3/auth/authorisation/checks.py b/gn3/auth/authorisation/checks.py
new file mode 100644
index 0000000..f14c5c7
--- /dev/null
+++ b/gn3/auth/authorisation/checks.py
@@ -0,0 +1,37 @@
+"""Functions to check for authorisation."""
+from functools import wraps
+from typing import Union, Callable
+
+from flask import g, current_app as app
+
+from gn3.auth import db
+from . import privileges as auth_privs
+
+def authorised_p(
+ privileges: tuple[str],
+ success_message: Union[str, bool] = (
+ "Successfully authorised requested action"),
+ error_message: str = (
+ "You lack authorisation to perform requested action")):
+ """Authorisation decorator."""
+ assert len(privileges) > 0, "You must provide at least one privilege"
+ def __build_authoriser__(func: Callable):
+ @wraps(func)
+ def __authoriser__(*args, **kwargs):
+ if hasattr(g, "user_id") and g.user_id:
+ with db.connection(app.config["AUTH_DB"]) as conn:
+ user_privileges = auth_privs.user_privileges(conn, g.user_id)
+
+ not_assigned = [
+ priv for priv in privileges if priv not in user_privileges]
+ if len(not_assigned) == 0:
+ return {
+ "status": "success",
+ "message": success_message,
+ "results": func(*args, **kwargs)}
+ return {
+ "status": "error",
+ "message": f"Unauthorised: {error_message}"
+ }
+ return __authoriser__
+ return __build_authoriser__