about summary refs log tree commit diff
path: root/gn3
diff options
context:
space:
mode:
Diffstat (limited to 'gn3')
-rw-r--r--gn3/auth/authorisation/roles.py12
-rw-r--r--gn3/auth/authorisation/views.py5
2 files changed, 10 insertions, 7 deletions
diff --git a/gn3/auth/authorisation/roles.py b/gn3/auth/authorisation/roles.py
index 9e2e83e..e84eb71 100644
--- a/gn3/auth/authorisation/roles.py
+++ b/gn3/auth/authorisation/roles.py
@@ -1,7 +1,9 @@
 """Handle management of roles"""
 from uuid import UUID, uuid4
 from functools import reduce
-from typing import Iterable, NamedTuple
+from typing import Sequence, Iterable, NamedTuple
+
+from pymonad.maybe import Just, Maybe, Nothing
 
 from gn3.auth import db
 from gn3.auth.authentication.users import User
@@ -68,7 +70,7 @@ def __organise_privileges__(roles_dict, privilege_row):
                        privilege_row["privilege_description"]),))
     }
 
-def user_roles(conn: db.DbConnection, user: User):
+def user_roles(conn: db.DbConnection, user: User) -> Maybe[Sequence[Role]]:
     """Retrieve non-resource roles assigned to the user."""
     with db.cursor(conn) as cursor:
         cursor.execute(
@@ -80,9 +82,9 @@ def user_roles(conn: db.DbConnection, user: User):
 
         results = cursor.fetchall()
         if results:
-            return tuple(
-                reduce(__organise_privileges__, results, {}).values())
-        return tuple()
+            return Just(tuple(
+                reduce(__organise_privileges__, results, {}).values()))
+        return Nothing
 
 def assign_default_roles(cursor: db.DbCursor, user: User):
     """Assign `user` some default roles."""
diff --git a/gn3/auth/authorisation/views.py b/gn3/auth/authorisation/views.py
index 1c59ed1..9f0b68b 100644
--- a/gn3/auth/authorisation/views.py
+++ b/gn3/auth/authorisation/views.py
@@ -33,12 +33,13 @@ def user_details():
         })
 
 @oauth2.route("/user-roles", methods=["GET"])
-@require_oauth
+@require_oauth("role")
 def user_roles():
     """Return the non-resource roles assigned to the user."""
     with require_oauth.acquire("role") as token:
         with db.connection(current_app.config["AUTH_DB"]) as conn:
-            return jsonify(_user_roles(conn, token.user))
+            return jsonify(_user_roles(conn, token.user).maybe(
+                tuple(), lambda rls: rls))
 
 def __email_valid__(email: str) -> Tuple[bool, Optional[str]]:
     """Validate the email address."""
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-10-06 05:48:40 +0000