aboutsummaryrefslogtreecommitdiff
path: root/gn3/auth/authorisation
diff options
context:
space:
mode:
Diffstat (limited to 'gn3/auth/authorisation')
-rw-r--r--gn3/auth/authorisation/groups.py17
-rw-r--r--gn3/auth/authorisation/resources.py8
-rw-r--r--gn3/auth/authorisation/roles.py2
-rw-r--r--gn3/auth/authorisation/views.py37
4 files changed, 26 insertions, 38 deletions
diff --git a/gn3/auth/authorisation/groups.py b/gn3/auth/authorisation/groups.py
index 201ed4d..c301ea4 100644
--- a/gn3/auth/authorisation/groups.py
+++ b/gn3/auth/authorisation/groups.py
@@ -4,7 +4,6 @@ from uuid import UUID, uuid4
from typing import Any, Sequence, Iterable, Optional, NamedTuple
from flask import g
-from pymonad.either import Left, Right, Either
from pymonad.maybe import Just, Maybe, Nothing
from gn3.auth import db
@@ -14,7 +13,7 @@ from gn3.auth.authentication.checks import authenticated_p
from .checks import authorised_p
from .privileges import Privilege
-from .errors import NotFoundError, AuthorisationError
+from .errors import AuthorisationError
from .roles import (
Role, create_role, revoke_user_role_by_name, assign_user_role_by_name)
@@ -141,7 +140,7 @@ def authenticated_user_group(conn) -> Maybe:
return Nothing
-def user_group(cursor: db.DbCursor, user: User) -> Either:
+def user_group(cursor: db.DbCursor, user: User) -> Maybe[Group]:
"""Returns the given user's group"""
cursor.execute(
("SELECT groups.group_id, groups.group_name, groups.group_metadata "
@@ -157,19 +156,15 @@ def user_group(cursor: db.DbCursor, user: User) -> Either:
raise MembershipError(user, groups)
if len(groups) == 1:
- return Right(groups[0])
+ return Just(groups[0])
- return Left(NotFoundError("User is not in any group."))
+ return Nothing
def is_group_leader(cursor: db.DbCursor, user: User, group: Group):
"""Check whether the given `user` is the leader of `group`."""
- def __raise__(exc):
- if type(exc) == NotFoundError:
- return False
- raise exc
- ugroup = user_group(cursor, user).either(
- __raise__, lambda val: val) # type: ignore[arg-type, misc]
+ ugroup = user_group(cursor, user).maybe(
+ False, lambda val: val) # type: ignore[arg-type, misc]
if not group:
# User cannot be a group leader if not a member of ANY group
return False
diff --git a/gn3/auth/authorisation/resources.py b/gn3/auth/authorisation/resources.py
index c9cd392..1e37d7a 100644
--- a/gn3/auth/authorisation/resources.py
+++ b/gn3/auth/authorisation/resources.py
@@ -136,10 +136,6 @@ def user_resources(conn: db.DbConnection, user: User) -> Sequence[Resource]:
(private_res + gl_resources + public_resources(conn))# type: ignore[operator]
}.values())
- def __handle_error__(exc):
- if type(exc) == NotFoundError:
- return public_resources(conn)
- raise exc
# Fix the typing here
- return user_group(cursor, user).map(__all_resources__).either(# type: ignore[arg-type,misc]
- __handle_error__, lambda res: res)# type: ignore[arg-type,return-value]
+ return user_group(cursor, user).map(__all_resources__).maybe(# type: ignore[arg-type,misc]
+ public_resources(conn), lambda res: res)# type: ignore[arg-type,return-value]
diff --git a/gn3/auth/authorisation/roles.py b/gn3/auth/authorisation/roles.py
index 23b74cc..f3b2f90 100644
--- a/gn3/auth/authorisation/roles.py
+++ b/gn3/auth/authorisation/roles.py
@@ -13,7 +13,7 @@ from gn3.auth.authentication.checks import authenticated_p
from .checks import authorised_p
from .privileges import Privilege
-from .errors import NotFoundError, AuthorisationError
+from .errors import NotFoundError
class Role(NamedTuple):
"""Class representing a role: creates immutable objects."""
diff --git a/gn3/auth/authorisation/views.py b/gn3/auth/authorisation/views.py
index 65b1dc4..6cab0df 100644
--- a/gn3/auth/authorisation/views.py
+++ b/gn3/auth/authorisation/views.py
@@ -10,7 +10,7 @@ from gn3.auth import db
from gn3.auth.dictify import dictify
from gn3.auth.blueprint import oauth2
-from .errors import UserRegistrationError
+from .errors import NotFoundError, UserRegistrationError
from .resources import user_resources as _user_resources
from .roles import user_role, assign_default_roles, user_roles as _user_roles
from .groups import (
@@ -21,29 +21,20 @@ from ..authentication.oauth2.resource_server import require_oauth
from ..authentication.users import save_user, set_user_password
from ..authentication.oauth2.models.oauth2token import token_by_access_token
-def __raise_error__(exc):
- current_app.logger.error(exc)
- raise exc
-
@oauth2.route("/user", methods=["GET"])
@require_oauth("profile")
def user_details():
"""Return user's details."""
- def __raise__(exc):
- if type(exc) == NotFoundError:
- return False
- raise exc
-
with require_oauth.acquire("profile") as the_token:
user = the_token.user
+ user_dets = {
+ "user_id": user.user_id, "email": user.email, "name": user.name,
+ "group": False
+ }
with db.connection(current_app.config["AUTH_DB"]) as conn, db.cursor(conn) as cursor:
- return _user_group(cursor, user).either(
- __raise__, lambda group: jsonify({
- "user_id": user.user_id,
- "email": user.email,
- "name": user.name,
- "group": dictify(group)
- }))
+ return jsonify(_user_group(cursor, user).maybe(
+ user_dets,
+ lambda group: {**user_dets, "group": dictify(group)}))
@oauth2.route("/user-roles", methods=["GET"])
@require_oauth("role")
@@ -173,18 +164,24 @@ def role(role_id: uuid.UUID) -> Response:
@oauth2.route("/user-group", methods=["GET"])
@require_oauth("group")
def user_group():
+ """Retrieve the group in which the user is a member."""
with require_oauth.acquire("profile group") as the_token:
db_uri = current_app.config["AUTH_DB"]
with db.connection(db_uri) as conn, db.cursor(conn) as cursor:
- return _user_group(cursor, the_token.user).either(
- __raise_error__, lambda grp: jsonify(dictify(grp)))
+ group = _user_group(cursor, the_token.user).maybe(
+ False, lambda grp: grp)
+
+ if group:
+ return jsonify(dictify(group))
+ raise NotFoundError("User is not a member of any group.")
@oauth2.route("/user-resources")
@require_oauth("profile resource")
def user_resources():
+ """Retrieve the resources a user has access to."""
with require_oauth.acquire("profile resource") as the_token:
db_uri = current_app.config["AUTH_DB"]
- with db.connection(db_uri) as conn, db.cursor(conn) as cursor:
+ with db.connection(db_uri) as conn:
return jsonify([
dictify(resource) for resource in
_user_resources(conn, the_token.user)])