aboutsummaryrefslogtreecommitdiff
path: root/gn3/auth/authorisation/roles
diff options
context:
space:
mode:
Diffstat (limited to 'gn3/auth/authorisation/roles')
-rw-r--r--gn3/auth/authorisation/roles/models.py11
-rw-r--r--gn3/auth/authorisation/roles/views.py2
2 files changed, 5 insertions, 8 deletions
diff --git a/gn3/auth/authorisation/roles/models.py b/gn3/auth/authorisation/roles/models.py
index 26b8f0a..bb7ea73 100644
--- a/gn3/auth/authorisation/roles/models.py
+++ b/gn3/auth/authorisation/roles/models.py
@@ -3,7 +3,6 @@ from uuid import UUID, uuid4
from functools import reduce
from typing import Any, Sequence, Iterable, NamedTuple
-from pymonad.maybe import Just, Maybe, Nothing
from pymonad.either import Left, Right, Either
from gn3.auth import db
@@ -80,7 +79,7 @@ def __organise_privileges__(roles_dict, privilege_row):
privilege_row["privilege_description"]),))
}
-def user_roles(conn: db.DbConnection, user: User) -> Maybe[Sequence[Role]]:
+def user_roles(conn: db.DbConnection, user: User) -> Sequence[Role]:
"""Retrieve non-resource roles assigned to the user."""
with db.cursor(conn) as cursor:
cursor.execute(
@@ -90,11 +89,9 @@ def user_roles(conn: db.DbConnection, user: User) -> Maybe[Sequence[Role]]:
"ON rp.privilege_id=p.privilege_id WHERE ur.user_id=?",
(str(user.user_id),))
- results = cursor.fetchall()
- if results:
- return Just(tuple(
- reduce(__organise_privileges__, results, {}).values()))
- return Nothing
+ return tuple(
+ reduce(__organise_privileges__, cursor.fetchall(), {}).values())
+ return tuple()
def user_role(conn: db.DbConnection, user: User, role_id: UUID) -> Either:
"""Retrieve a specific non-resource role assigned to the user."""
diff --git a/gn3/auth/authorisation/roles/views.py b/gn3/auth/authorisation/roles/views.py
index 975fb19..3670aab 100644
--- a/gn3/auth/authorisation/roles/views.py
+++ b/gn3/auth/authorisation/roles/views.py
@@ -13,7 +13,7 @@ from ...authentication.oauth2.resource_server import require_oauth
roles = Blueprint("roles", __name__)
@roles.route("/view/<uuid:role_id>", methods=["GET"])
-@require_oauth("role")
+@require_oauth("profile role")
def view_role(role_id: uuid.UUID) -> Response:
"""Retrieve a user role with id `role_id`"""
def __error__(exc: Exception):