diff options
Diffstat (limited to 'gn3/auth')
-rw-r--r-- | gn3/auth/authorisation/__init__.py | 35 | ||||
-rw-r--r-- | gn3/auth/authorisation/checks.py | 37 | ||||
-rw-r--r-- | gn3/auth/authorisation/groups.py | 2 |
3 files changed, 39 insertions, 35 deletions
diff --git a/gn3/auth/authorisation/__init__.py b/gn3/auth/authorisation/__init__.py index 048f67d..abd2747 100644 --- a/gn3/auth/authorisation/__init__.py +++ b/gn3/auth/authorisation/__init__.py @@ -1,35 +1,2 @@ """The authorisation module.""" -from functools import wraps -from typing import Union, Callable - -from flask import g, current_app as app - -from gn3.auth import db -from . import privileges as auth_privs - -def authorised_p( - privileges: tuple[str] = tuple(), - success_message: Union[str, bool] = False, - error_message: Union[str, bool] = False): - """Authorisation decorator.""" - assert len(privileges) > 0, "You must provide at least one privilege" - def __build_authoriser__(func: Callable): - @wraps(func) - def __authoriser__(*args, **kwargs): - if hasattr(g, "user_id") and g.user_id: - with db.connection(app.config["AUTH_DB"]) as conn: - user_privileges = auth_privs.user_privileges(conn, g.user_id) - - not_assigned = [ - priv for priv in privileges if priv not in user_privileges] - if len(not_assigned) == 0: - return { - "status": "success", - "message": success_message or "successfully authorised", - "results": func(*args, **kwargs)} - return { - "status": "error", - "message": f"Unauthorised: {error_message or ''}" - } - return __authoriser__ - return __build_authoriser__ +from .checks import authorised_p diff --git a/gn3/auth/authorisation/checks.py b/gn3/auth/authorisation/checks.py new file mode 100644 index 0000000..f14c5c7 --- /dev/null +++ b/gn3/auth/authorisation/checks.py @@ -0,0 +1,37 @@ +"""Functions to check for authorisation.""" +from functools import wraps +from typing import Union, Callable + +from flask import g, current_app as app + +from gn3.auth import db +from . import privileges as auth_privs + +def authorised_p( + privileges: tuple[str], + success_message: Union[str, bool] = ( + "Successfully authorised requested action"), + error_message: str = ( + "You lack authorisation to perform requested action")): + """Authorisation decorator.""" + assert len(privileges) > 0, "You must provide at least one privilege" + def __build_authoriser__(func: Callable): + @wraps(func) + def __authoriser__(*args, **kwargs): + if hasattr(g, "user_id") and g.user_id: + with db.connection(app.config["AUTH_DB"]) as conn: + user_privileges = auth_privs.user_privileges(conn, g.user_id) + + not_assigned = [ + priv for priv in privileges if priv not in user_privileges] + if len(not_assigned) == 0: + return { + "status": "success", + "message": success_message, + "results": func(*args, **kwargs)} + return { + "status": "error", + "message": f"Unauthorised: {error_message}" + } + return __authoriser__ + return __build_authoriser__ diff --git a/gn3/auth/authorisation/groups.py b/gn3/auth/authorisation/groups.py index 5290196..1be9f61 100644 --- a/gn3/auth/authorisation/groups.py +++ b/gn3/auth/authorisation/groups.py @@ -2,7 +2,7 @@ import uuid from gn3.auth import db -from . import authorised_p +from .checks import authorised_p @authorised_p( ("create-group",), success_message="Successfully created group.", |