aboutsummaryrefslogtreecommitdiff
path: root/gn3/auth
diff options
context:
space:
mode:
Diffstat (limited to 'gn3/auth')
-rw-r--r--gn3/auth/authorisation/users/views.py32
1 files changed, 29 insertions, 3 deletions
diff --git a/gn3/auth/authorisation/users/views.py b/gn3/auth/authorisation/users/views.py
index 460f81c..8a29fea 100644
--- a/gn3/auth/authorisation/users/views.py
+++ b/gn3/auth/authorisation/users/views.py
@@ -1,12 +1,14 @@
"""User authorisation endpoints."""
import traceback
-from typing import Tuple, Optional
+from functools import partial
+from typing import Any, Tuple, Optional
import sqlite3
from flask import request, jsonify, Response, Blueprint, current_app
from gn3.auth import db
from gn3.auth.dictify import dictify
+from gn3.auth.db_utils import with_db_connection
from ..groups.models import user_group as _user_group
from ..errors import NotFoundError, UserRegistrationError
@@ -14,7 +16,7 @@ from ..resources.models import user_resources as _user_resources
from ..roles.models import assign_default_roles, user_roles as _user_roles
from ...authentication.oauth2.resource_server import require_oauth
-from ...authentication.users import save_user, set_user_password
+from ...authentication.users import User, save_user, set_user_password
from ...authentication.oauth2.models.oauth2token import token_by_access_token
users = Blueprint("users", __name__)
@@ -137,7 +139,7 @@ def user_group() -> Response:
return jsonify(dictify(group))
raise NotFoundError("User is not a member of any group.")
-@users.route("/resources")
+@users.route("/resources", methods=["GET"])
@require_oauth("profile resource")
def user_resources() -> Response:
"""Retrieve the resources a user has access to."""
@@ -147,3 +149,27 @@ def user_resources() -> Response:
return jsonify([
dictify(resource) for resource in
_user_resources(conn, the_token.user)])
+
+@users.route("group/join-request", methods=["GET"])
+@require_oauth("profile group")
+def user_join_request_exists():
+ """Check whether a user has an active group join request."""
+ def __request_exists__(conn: db.DbConnection, user: User) -> dict[str, Any]:
+ with db.cursor(conn) as cursor:
+ cursor.execute(
+ "SELECT * FROM group_join_requests WHERE requester_id=? AND "
+ "status = 'PENDING'",
+ (str(user.user_id),))
+ res = cursor.fetchone()
+ if res:
+ return {
+ "request_id": res["request_id"],
+ "exists": True
+ }
+ return{
+ "status": "Not found",
+ "exists": False
+ }
+ with require_oauth.acquire("profile group") as the_token:
+ return jsonify(with_db_connection(partial(
+ __request_exists__, user=the_token.user)))