1 files changed, 35 insertions, 1 deletions

diff --git a/gn3/auth/authorisation/resources/views.py b/gn3/auth/authorisation/resources/views.py
index 009cae6..77346bb 100644
--- a/gn3/auth/authorisation/resources/views.py
+++ b/gn3/auth/authorisation/resources/views.py
@@ -1,4 +1,38 @@
 """The views/routes for the resources package"""
-from flask import Blueprint
+import uuid
+from flask import request, jsonify, Blueprint, current_app as app
+
+from .models import (
+    resource_categories, resource_category_by_id,
+    create_resource as _create_resource)
+
+from ... import db
+from ...dictify import dictify
+from ...authentication.oauth2.resource_server import require_oauth
 
 resources = Blueprint("resources", __name__)
+
+@resources.route("/categories", methods=["GET"])
+@require_oauth("profile group resource")
+def list_resource_categories():
+    """Retrieve all resource categories"""
+    db_uri = app.config["AUTH_DB"]
+    with db.connection(db_uri) as conn:
+        return jsonify(tuple(
+            dictify(category) for category in resource_categories(conn)))
+
+@resources.route("/create", methods=["POST"])
+@require_oauth("profile group resource")
+def create_resource():
+    """Create a new resource"""
+    with require_oauth.acquire("profile group resource") as the_token:
+        form = request.form
+        resource_name = form.get("resource_name")
+        resource_category_id = uuid.UUID(form.get("resource_category"))
+        db_uri = app.config["AUTH_DB"]
+        with db.connection(db_uri) as conn:
+            resource = _create_resource(
+                conn, resource_name, resource_category_by_id(
+                    conn, resource_category_id).maybe(False, lambda rcat: rcat),
+                the_token.user)
+            return jsonify(dictify(resource))