aboutsummaryrefslogtreecommitdiff
path: root/gn3
diff options
context:
space:
mode:
Diffstat (limited to 'gn3')
-rw-r--r--gn3/auth/authorisation/roles.py12
-rw-r--r--gn3/auth/authorisation/views.py5
2 files changed, 10 insertions, 7 deletions
diff --git a/gn3/auth/authorisation/roles.py b/gn3/auth/authorisation/roles.py
index 9e2e83e..e84eb71 100644
--- a/gn3/auth/authorisation/roles.py
+++ b/gn3/auth/authorisation/roles.py
@@ -1,7 +1,9 @@
"""Handle management of roles"""
from uuid import UUID, uuid4
from functools import reduce
-from typing import Iterable, NamedTuple
+from typing import Sequence, Iterable, NamedTuple
+
+from pymonad.maybe import Just, Maybe, Nothing
from gn3.auth import db
from gn3.auth.authentication.users import User
@@ -68,7 +70,7 @@ def __organise_privileges__(roles_dict, privilege_row):
privilege_row["privilege_description"]),))
}
-def user_roles(conn: db.DbConnection, user: User):
+def user_roles(conn: db.DbConnection, user: User) -> Maybe[Sequence[Role]]:
"""Retrieve non-resource roles assigned to the user."""
with db.cursor(conn) as cursor:
cursor.execute(
@@ -80,9 +82,9 @@ def user_roles(conn: db.DbConnection, user: User):
results = cursor.fetchall()
if results:
- return tuple(
- reduce(__organise_privileges__, results, {}).values())
- return tuple()
+ return Just(tuple(
+ reduce(__organise_privileges__, results, {}).values()))
+ return Nothing
def assign_default_roles(cursor: db.DbCursor, user: User):
"""Assign `user` some default roles."""
diff --git a/gn3/auth/authorisation/views.py b/gn3/auth/authorisation/views.py
index 1c59ed1..9f0b68b 100644
--- a/gn3/auth/authorisation/views.py
+++ b/gn3/auth/authorisation/views.py
@@ -33,12 +33,13 @@ def user_details():
})
@oauth2.route("/user-roles", methods=["GET"])
-@require_oauth
+@require_oauth("role")
def user_roles():
"""Return the non-resource roles assigned to the user."""
with require_oauth.acquire("role") as token:
with db.connection(current_app.config["AUTH_DB"]) as conn:
- return jsonify(_user_roles(conn, token.user))
+ return jsonify(_user_roles(conn, token.user).maybe(
+ tuple(), lambda rls: rls))
def __email_valid__(email: str) -> Tuple[bool, Optional[str]]:
"""Validate the email address."""