aboutsummaryrefslogtreecommitdiff
path: root/gn3/auth/authorisation
diff options
context:
space:
mode:
Diffstat (limited to 'gn3/auth/authorisation')
-rw-r--r--gn3/auth/authorisation/data/views.py62
-rw-r--r--gn3/auth/authorisation/resources/models.py4
2 files changed, 42 insertions, 24 deletions
diff --git a/gn3/auth/authorisation/data/views.py b/gn3/auth/authorisation/data/views.py
index 76f4158..08032db 100644
--- a/gn3/auth/authorisation/data/views.py
+++ b/gn3/auth/authorisation/data/views.py
@@ -1,16 +1,15 @@
"""Handle data endpoints."""
+import uuid
import json
-from functools import reduce
-from flask import request, Response, Blueprint, current_app as app
from authlib.integrations.flask_oauth2.errors import _HTTPException
-
-from gn3 import db_utils as gn3db
+from flask import request, jsonify, Response, Blueprint, current_app as app
from gn3.db.traits import build_trait_name
from gn3.auth import db
from gn3.auth.authentication.oauth2.resource_server import require_oauth
+from gn3.auth.authorisation.resources.checks import authorised_for
from gn3.auth.authorisation.resources.models import (
user_resources, public_resources, attach_resources_data)
@@ -20,12 +19,22 @@ data = Blueprint("data", __name__)
def authorisation() -> Response:
"""Retrive the authorisation level for datasets/traits for the user."""
db_uri = app.config["AUTH_DB"]
- the_user = "ANONYMOUS"
- with db.connection(db_uri) as auth_conn, gn3db.database_connection() as gn3conn:
+ privileges = {}
+ with db.connection(db_uri) as auth_conn:
try:
with require_oauth.acquire("profile group resource") as the_token:
resources = attach_resources_data(
auth_conn, user_resources(auth_conn, the_token.user))
+ privileges = {
+ resource_id: ("group:resource:view-resource",)
+ for resource_id, is_authorised
+ in authorised_for(
+ auth_conn, the_token.user,
+ ("group:resource:view-resource",), tuple(
+ resource.resource_id for resource in resources
+ if not resource.public)).items()
+ if is_authorised
+ }
except _HTTPException as exc:
err_msg = json.loads(exc.body)
if err_msg["error"] == "missing_authorization":
@@ -37,31 +46,40 @@ def authorisation() -> Response:
# Access endpoint with somethin like:
# curl -X GET http://127.0.0.1:8080/api/oauth2/data/authorisation \
# -H "Content-Type: application/json" \
- # -d '{"traits": ["HC_M2_0606_P::1442370_at", "BXDGeno::01.001.695", "BXDPublish::10001"]}'
+ # -d '{"traits": ["HC_M2_0606_P::1442370_at", "BXDGeno::01.001.695",
+ # "BXDPublish::10001"]}'
+ data_to_resource_map = {
+ (f"{data_item['dataset_type'].lower()}::"
+ f"{data_item['dataset_name']}"): resource.resource_id
+ for resource in resources
+ for data_item in resource.resource_data
+ }
+ privileges = {
+ **privileges,
+ **{
+ resource.resource_id: ("system:resource:public-read",)
+ for resource in resources if resource.public
+ }}
+
args = request.get_json()
- traits_names = args["traits"]
+ traits_names = args["traits"] # type: ignore[index]
def __translate__(val):
return {
"ProbeSet": "mRNA",
"Geno": "Genotype",
"Publish": "Phenotype"
}[val]
- traits = (
+ return jsonify(tuple(
{
**{key:trait[key] for key in ("trait_fullname", "trait_name")},
"dataset_name": trait["db"]["dataset_name"],
- "dataset_type": __translate__(trait["db"]["dataset_type"])
+ "dataset_type": __translate__(trait["db"]["dataset_type"]),
+ "privileges": privileges.get(
+ data_to_resource_map.get(
+ f"{__translate__(trait['db']['dataset_type']).lower()}"
+ f"::{trait['db']['dataset_name']}",
+ uuid.UUID("4afa415e-94cb-4189-b2c6-f9ce2b6a878d")),
+ tuple())
} for trait in
(build_trait_name(trait_fullname)
- for trait_fullname in traits_names))
- # Retrieve the dataset/trait IDs from traits above
-
- # Compare the traits/dataset names/ids from request with resources' data
- # - Any trait not in resources' data is marked inaccessible
- # - Any trait in resources' data:
- # - IF public is marked readable
- # - IF private and user has read privilege: mark readable
- # - ELSE mark inaccessible
-
-
- return "NOT COMPLETED! ..."
+ for trait_fullname in traits_names)))
diff --git a/gn3/auth/authorisation/resources/models.py b/gn3/auth/authorisation/resources/models.py
index 13f234f..be1bc17 100644
--- a/gn3/auth/authorisation/resources/models.py
+++ b/gn3/auth/authorisation/resources/models.py
@@ -414,12 +414,12 @@ def __attach_data__(
**acc,
resource_id: acc.get(resource_id, tuple()) + (dict(row),)
}
- organised = reduce(__organise__, data_rows, {})
+ organised: dict[UUID, tuple[dict, ...]] = reduce(__organise__, data_rows, {})
return tuple(
Resource(
resource.group, resource.resource_id, resource.resource_name,
resource.resource_category, resource.public,
- organised[resource.resource_id])
+ organised.get(resource.resource_id, tuple()))
for resource in resources)
def attach_mrna_resources_data(