aboutsummaryrefslogtreecommitdiff
path: root/gn3
diff options
context:
space:
mode:
Diffstat (limited to 'gn3')
-rw-r--r--gn3/auth/authentication/checks.py14
-rw-r--r--gn3/auth/authorisation/checks.py4
-rw-r--r--gn3/auth/authorisation/groups.py30
-rw-r--r--gn3/auth/authorisation/resources.py24
4 files changed, 65 insertions, 7 deletions
diff --git a/gn3/auth/authentication/checks.py b/gn3/auth/authentication/checks.py
new file mode 100644
index 0000000..63b0752
--- /dev/null
+++ b/gn3/auth/authentication/checks.py
@@ -0,0 +1,14 @@
+"""Functions to check for user authentication."""
+
+from flask import g
+
+from .exceptions import AuthenticationError
+
+def authenticated_p(func):
+ """Decorator for functions requiring authentication."""
+ def __authenticated__(*args, **kwargs):
+ user = g.user if hasattr(g, "user") else False
+ if user:
+ return func(*args, **kwargs)
+ raise AuthenticationError("You need to be authenticated")
+ return __authenticated__
diff --git a/gn3/auth/authorisation/checks.py b/gn3/auth/authorisation/checks.py
index 3181655..dd041fe 100644
--- a/gn3/auth/authorisation/checks.py
+++ b/gn3/auth/authorisation/checks.py
@@ -16,11 +16,11 @@ def authorised_p(
def __build_authoriser__(func: Callable):
@wraps(func)
def __authoriser__(*args, **kwargs):
- if hasattr(g, "user_id") and g.user_id:
+ if hasattr(g, "user") and g.user:
with db.connection(app.config["AUTH_DB"]) as conn:
user_privileges = tuple(
priv.privilege_name for priv in
- auth_privs.user_privileges(conn, g.user_id))
+ auth_privs.user_privileges(conn, g.user))
not_assigned = [
priv for priv in privileges if priv not in user_privileges]
diff --git a/gn3/auth/authorisation/groups.py b/gn3/auth/authorisation/groups.py
index 7597a04..ac80089 100644
--- a/gn3/auth/authorisation/groups.py
+++ b/gn3/auth/authorisation/groups.py
@@ -2,12 +2,16 @@
from uuid import UUID, uuid4
from typing import Sequence, Iterable, NamedTuple
+from flask import g
+from pymonad.maybe import Just, Maybe, Nothing
+
from gn3.auth import db
from gn3.auth.authentication.users import User
+from gn3.auth.authentication.checks import authenticated_p
+from .checks import authorised_p
from .privileges import Privilege
from .roles import Role, create_role
-from .checks import authorised_p
class Group(NamedTuple):
"""Class representing a group."""
@@ -75,3 +79,27 @@ def create_group_role(
(str(group_role_id), str(group.group_id), str(role.role_id)))
return GroupRole(group_role_id, role)
+
+@authenticated_p
+def authenticated_user_group(conn) -> Maybe:
+ """
+ Returns the currently authenticated user's group.
+
+ Look into returning a Maybe object.
+ """
+ user = g.user
+ with db.cursor(conn) as cursor:
+ cursor.execute(
+ ("SELECT groups.group_id, groups.group_name FROM group_users "
+ "INNER JOIN groups ON group_users.group_id=groups.group_id "
+ "WHERE group_users.user_id = ?"),
+ (str(user.user_id),))
+ groups = tuple(Group(UUID(row[0]), row[1]) for row in cursor.fetchall())
+
+ if len(groups) > 1:
+ raise MembershipError(user, groups)
+
+ if len(groups) == 1:
+ return Just(groups[0])
+
+ return Nothing
diff --git a/gn3/auth/authorisation/resources.py b/gn3/auth/authorisation/resources.py
index d01c435..f0a4b3a 100644
--- a/gn3/auth/authorisation/resources.py
+++ b/gn3/auth/authorisation/resources.py
@@ -1,10 +1,14 @@
"""Handle the management of resources."""
-from uuid import UUID
+from uuid import UUID, uuid4
from typing import NamedTuple
from gn3.auth import db
-from .groups import Group
from .checks import authorised_p
+from .exceptions import AuthorisationError
+from .groups import Group, authenticated_user_group
+
+class MissingGroupError(AuthorisationError):
+ """Raised for any resource operation without a group."""
class ResourceCategory(NamedTuple):
"""Class representing a resource category."""
@@ -22,6 +26,18 @@ class Resource(NamedTuple):
@authorised_p(("create-resource",), error_message="Could not create resource")
def create_resource(
conn: db.DbConnection, resource_name: str,
- resource_category: ResourceCategory):
+ resource_category: ResourceCategory) -> Resource:
"""Create a resource item."""
- return tuple()
+ with db.cursor(conn) as cursor:
+ group = authenticated_user_group(conn).maybe(False, lambda val: val)
+ if not group:
+ raise MissingGroupError(
+ "User with no group cannot create a resource.")
+ resource = Resource(group, uuid4(), resource_name, resource_category)
+ cursor.execute(
+ ("INSERT INTO resources VALUES (?, ?, ?, ?)"),
+ (str(resource.group.group_id), str(resource.resource_id),
+ resource_name,
+ str(resource.resource_category.resource_category_id)))
+
+ return resource