3 files changed, 39 insertions, 35 deletions
diff --git a/gn3/auth/authorisation/__init__.py b/gn3/auth/authorisation/__init__.py
index 048f67d..abd2747 100644
--- a/gn3/auth/authorisation/__init__.py
+++ b/gn3/auth/authorisation/__init__.py
@@ -1,35 +1,2 @@
 """The authorisation module."""
-from functools import wraps
-from typing import Union, Callable
-
-from flask import g, current_app as app
-
-from gn3.auth import db
-from . import privileges as auth_privs
-
-def authorised_p(
-        privileges: tuple[str] = tuple(),
-        success_message: Union[str, bool] = False,
-        error_message: Union[str, bool] = False):
-    """Authorisation decorator."""
-    assert len(privileges) > 0, "You must provide at least one privilege"
-    def __build_authoriser__(func: Callable):
-        @wraps(func)
-        def __authoriser__(*args, **kwargs):
-            if hasattr(g, "user_id") and g.user_id:
-                with db.connection(app.config["AUTH_DB"]) as conn:
-                    user_privileges = auth_privs.user_privileges(conn, g.user_id)
-
-                not_assigned = [
-                    priv for priv in privileges if priv not in user_privileges]
-                if len(not_assigned) == 0:
-                    return {
-                        "status": "success",
-                        "message": success_message or "successfully authorised",
-                        "results": func(*args, **kwargs)}
-            return {
-                "status": "error",
-                "message": f"Unauthorised: {error_message or ''}"
-            }
-        return __authoriser__
-    return __build_authoriser__
+from .checks import authorised_p
diff --git a/gn3/auth/authorisation/checks.py b/gn3/auth/authorisation/checks.py
new file mode 100644
index 0000000..f14c5c7
--- /dev/null
+++ b/gn3/auth/authorisation/checks.py
@@ -0,0 +1,37 @@
+"""Functions to check for authorisation."""
+from functools import wraps
+from typing import Union, Callable
+
+from flask import g, current_app as app
+
+from gn3.auth import db
+from . import privileges as auth_privs
+
+def authorised_p(
+        privileges: tuple[str],
+        success_message: Union[str, bool] = (
+            "Successfully authorised requested action"),
+        error_message: str = (
+            "You lack authorisation to perform requested action")):
+    """Authorisation decorator."""
+    assert len(privileges) > 0, "You must provide at least one privilege"
+    def __build_authoriser__(func: Callable):
+        @wraps(func)
+        def __authoriser__(*args, **kwargs):
+            if hasattr(g, "user_id") and g.user_id:
+                with db.connection(app.config["AUTH_DB"]) as conn:
+                    user_privileges = auth_privs.user_privileges(conn, g.user_id)
+
+                not_assigned = [
+                    priv for priv in privileges if priv not in user_privileges]
+                if len(not_assigned) == 0:
+                    return {
+                        "status": "success",
+                        "message": success_message,
+                        "results": func(*args, **kwargs)}
+            return {
+                "status": "error",
+                "message": f"Unauthorised: {error_message}"
+            }
+        return __authoriser__
+    return __build_authoriser__
diff --git a/gn3/auth/authorisation/groups.py b/gn3/auth/authorisation/groups.py
index 5290196..1be9f61 100644
--- a/gn3/auth/authorisation/groups.py
+++ b/gn3/auth/authorisation/groups.py
@@ -2,7 +2,7 @@
 import uuid
 
 from gn3.auth import db
-from . import authorised_p
+from .checks import authorised_p
 
 @authorised_p(
     ("create-group",), success_message="Successfully created group.",