aboutsummaryrefslogtreecommitdiff
path: root/gn3/auth
diff options
context:
space:
mode:
Diffstat (limited to 'gn3/auth')
-rw-r--r--gn3/auth/authorisation/__init__.py35
-rw-r--r--gn3/auth/authorisation/checks.py37
-rw-r--r--gn3/auth/authorisation/groups.py2
3 files changed, 39 insertions, 35 deletions
diff --git a/gn3/auth/authorisation/__init__.py b/gn3/auth/authorisation/__init__.py
index 048f67d..abd2747 100644
--- a/gn3/auth/authorisation/__init__.py
+++ b/gn3/auth/authorisation/__init__.py
@@ -1,35 +1,2 @@
"""The authorisation module."""
-from functools import wraps
-from typing import Union, Callable
-
-from flask import g, current_app as app
-
-from gn3.auth import db
-from . import privileges as auth_privs
-
-def authorised_p(
- privileges: tuple[str] = tuple(),
- success_message: Union[str, bool] = False,
- error_message: Union[str, bool] = False):
- """Authorisation decorator."""
- assert len(privileges) > 0, "You must provide at least one privilege"
- def __build_authoriser__(func: Callable):
- @wraps(func)
- def __authoriser__(*args, **kwargs):
- if hasattr(g, "user_id") and g.user_id:
- with db.connection(app.config["AUTH_DB"]) as conn:
- user_privileges = auth_privs.user_privileges(conn, g.user_id)
-
- not_assigned = [
- priv for priv in privileges if priv not in user_privileges]
- if len(not_assigned) == 0:
- return {
- "status": "success",
- "message": success_message or "successfully authorised",
- "results": func(*args, **kwargs)}
- return {
- "status": "error",
- "message": f"Unauthorised: {error_message or ''}"
- }
- return __authoriser__
- return __build_authoriser__
+from .checks import authorised_p
diff --git a/gn3/auth/authorisation/checks.py b/gn3/auth/authorisation/checks.py
new file mode 100644
index 0000000..f14c5c7
--- /dev/null
+++ b/gn3/auth/authorisation/checks.py
@@ -0,0 +1,37 @@
+"""Functions to check for authorisation."""
+from functools import wraps
+from typing import Union, Callable
+
+from flask import g, current_app as app
+
+from gn3.auth import db
+from . import privileges as auth_privs
+
+def authorised_p(
+ privileges: tuple[str],
+ success_message: Union[str, bool] = (
+ "Successfully authorised requested action"),
+ error_message: str = (
+ "You lack authorisation to perform requested action")):
+ """Authorisation decorator."""
+ assert len(privileges) > 0, "You must provide at least one privilege"
+ def __build_authoriser__(func: Callable):
+ @wraps(func)
+ def __authoriser__(*args, **kwargs):
+ if hasattr(g, "user_id") and g.user_id:
+ with db.connection(app.config["AUTH_DB"]) as conn:
+ user_privileges = auth_privs.user_privileges(conn, g.user_id)
+
+ not_assigned = [
+ priv for priv in privileges if priv not in user_privileges]
+ if len(not_assigned) == 0:
+ return {
+ "status": "success",
+ "message": success_message,
+ "results": func(*args, **kwargs)}
+ return {
+ "status": "error",
+ "message": f"Unauthorised: {error_message}"
+ }
+ return __authoriser__
+ return __build_authoriser__
diff --git a/gn3/auth/authorisation/groups.py b/gn3/auth/authorisation/groups.py
index 5290196..1be9f61 100644
--- a/gn3/auth/authorisation/groups.py
+++ b/gn3/auth/authorisation/groups.py
@@ -2,7 +2,7 @@
import uuid
from gn3.auth import db
-from . import authorised_p
+from .checks import authorised_p
@authorised_p(
("create-group",), success_message="Successfully created group.",