From 8593d882ed1eea226eeefabaa66135df2374746f Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Thu, 25 May 2023 06:02:38 +0300
Subject: Set whether resource is publicly viewable on creation

---
 gn3/auth/authorisation/resources/models.py | 6 ++++--
 gn3/auth/authorisation/resources/views.py  | 8 +++++---
 tests/unit/auth/test_resources.py          | 5 +++--
 3 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/gn3/auth/authorisation/resources/models.py b/gn3/auth/authorisation/resources/models.py
index e54ec48..2016960 100644
--- a/gn3/auth/authorisation/resources/models.py
+++ b/gn3/auth/authorisation/resources/models.py
@@ -84,7 +84,8 @@ def __assign_resource_owner_role__(cursor, resource, user):
               oauth2_scope="profile resource")
 def create_resource(
         conn: db.DbConnection, resource_name: str,
-        resource_category: ResourceCategory, user: User) -> Resource:
+        resource_category: ResourceCategory, user: User,
+        public: bool) -> Resource:
     """Create a resource item."""
     with db.cursor(conn) as cursor:
         group = user_group(conn, user).maybe(
@@ -92,7 +93,8 @@ def create_resource(
         if not group:
             raise MissingGroupError(
                 "User with no group cannot create a resource.")
-        resource = Resource(group, uuid4(), resource_name, resource_category, False)
+        resource = Resource(
+            group, uuid4(), resource_name, resource_category, public)
         cursor.execute(
             "INSERT INTO resources VALUES (?, ?, ?, ?, ?)",
             (str(resource.group.group_id), str(resource.resource_id),
diff --git a/gn3/auth/authorisation/resources/views.py b/gn3/auth/authorisation/resources/views.py
index c8bff6a..396a57e 100644
--- a/gn3/auth/authorisation/resources/views.py
+++ b/gn3/auth/authorisation/resources/views.py
@@ -47,9 +47,11 @@ def create_resource() -> Response:
         with db.connection(db_uri) as conn:
             try:
                 resource = _create_resource(
-                    conn, resource_name, resource_category_by_id(
-                        conn, resource_category_id),
-                    the_token.user)
+                    conn,
+                    resource_name,
+                    resource_category_by_id(conn, resource_category_id),
+                    the_token.user,
+                    (form.get("public") == "on"))
                 return jsonify(dictify(resource))
             except sqlite3.IntegrityError as sql3ie:
                 if sql3ie.args[0] == ("UNIQUE constraint failed: "
diff --git a/tests/unit/auth/test_resources.py b/tests/unit/auth/test_resources.py
index 840c008..2884add 100644
--- a/tests/unit/auth/test_resources.py
+++ b/tests/unit/auth/test_resources.py
@@ -37,7 +37,8 @@ def test_create_resource(mocker, fxtr_users_in_group, user, expected):
     mocker.patch("gn3.auth.authorisation.checks.require_oauth.acquire",
                  conftest.get_tokeniser(user))
     conn, _group, _users = fxtr_users_in_group
-    resource = create_resource(conn, "test_resource", resource_category, user)
+    resource = create_resource(
+        conn, "test_resource", resource_category, user, False)
     assert resource == expected
 
     with db.cursor(conn) as cursor:
@@ -68,7 +69,7 @@ def test_create_resource_raises_for_unauthorised_users(
     conn, _group, _users = fxtr_users_in_group
     with pytest.raises(AuthorisationError):
         assert create_resource(
-            conn, "test_resource", resource_category, user) == expected
+            conn, "test_resource", resource_category, user, False) == expected
 
 SORTKEY = lambda resource: resource.resource_id
 
-- 
cgit v1.2.3