diff options
Diffstat (limited to 'gn3/auth/authorisation/groups')
-rw-r--r-- | gn3/auth/authorisation/groups/models.py | 11 | ||||
-rw-r--r-- | gn3/auth/authorisation/groups/views.py | 4 |
2 files changed, 11 insertions, 4 deletions
diff --git a/gn3/auth/authorisation/groups/models.py b/gn3/auth/authorisation/groups/models.py index accf2f2..ea629e0 100644 --- a/gn3/auth/authorisation/groups/models.py +++ b/gn3/auth/authorisation/groups/models.py @@ -354,6 +354,9 @@ def group_role_by_id( raise NotFoundError( f"Group role with ID '{group_role_id}' does not exist.") +@authorised_p(("group:role:edit-role",), + "You do not have the privilege to edit a role.", + oauth2_scope="profile group role") def add_privilege_to_group_role(conn: db.DbConnection, group_role: GroupRole, privilege: Privilege) -> GroupRole: """Add `privilege` to `group_role`.""" @@ -373,8 +376,12 @@ def add_privilege_to_group_role(conn: db.DbConnection, group_role: GroupRole, group_role.role.user_editable, group_role.role.privileges + (privilege,))) -def delete_privilege_to_group_role(conn: db.DbConnection, group_role: GroupRole, - privilege: Privilege) -> GroupRole: +@authorised_p(("group:role:edit-role",), + "You do not have the privilege to edit a role.", + oauth2_scope="profile group role") +def delete_privilege_from_group_role( + conn: db.DbConnection, group_role: GroupRole, + privilege: Privilege) -> GroupRole: """Delete `privilege` to `group_role`.""" ## TODO: do privileges check. check_user_editable(group_role.role) diff --git a/gn3/auth/authorisation/groups/views.py b/gn3/auth/authorisation/groups/views.py index 3f4ced0..3aa54eb 100644 --- a/gn3/auth/authorisation/groups/views.py +++ b/gn3/auth/authorisation/groups/views.py @@ -19,7 +19,7 @@ from .models import ( join_requests, group_role_by_id, GroupCreationError, accept_reject_join_request, group_users as _group_users, create_group as _create_group, add_privilege_to_group_role, - delete_privilege_to_group_role, create_group_role as _create_group_role) + delete_privilege_from_group_role, create_group_role as _create_group_role) from ..roles.models import Role from ..checks import authorised_p @@ -392,7 +392,7 @@ def __add_remove_priv_to_from_role__(conn: db.DbConnection, raise NotFoundError("Privilege not found.") dir_fns = { "ADD": add_privilege_to_group_role, - "DELETE": delete_privilege_to_group_role + "DELETE": delete_privilege_from_group_role } return dir_fns[direction]( conn, |