From 4fc72af7e851f12a9f4edc98b0a55c66c9bf1b13 Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Mon, 6 Mar 2023 10:14:20 +0300 Subject: auth: resources: Link role's group to the resource's group --- gn3/auth/authorisation/resources/views.py | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) (limited to 'gn3/auth/authorisation/resources') diff --git a/gn3/auth/authorisation/resources/views.py b/gn3/auth/authorisation/resources/views.py index 1da93d0..e1386ab 100644 --- a/gn3/auth/authorisation/resources/views.py +++ b/gn3/auth/authorisation/resources/views.py @@ -14,8 +14,8 @@ from .models import ( create_resource as _create_resource) from ..roles import Role +from ..groups.models import Group, GroupRole from ..errors import InvalidData, AuthorisationError -from ..groups.models import Group, GroupRole, user_group, DUMMY_GROUP from ... import db from ...dictify import dictify @@ -107,24 +107,19 @@ def resource_users(resource_id: uuid.UUID): """Retrieve all users with access to the given resource.""" with require_oauth.acquire("profile group resource") as the_token: def __the_users__(conn: db.DbConnection): + resource = resource_by_id(conn, the_token.user, resource_id) authorised = authorised_for( conn, the_token.user, ("group:resource:edit-resource",), (resource_id,)) if authorised.get(resource_id, False): with db.cursor(conn) as cursor: - group = user_group(cursor, the_token.user).maybe( - DUMMY_GROUP, lambda grp: grp) - if group == DUMMY_GROUP: - raise AuthorisationError( - "Users who are not members of groups cannot access " - "resource details.") def __organise_users_n_roles__(users_n_roles, row): user_id = uuid.UUID(row["user_id"]) user = users_n_roles.get( user_id, User(user_id, row["email"], row["name"])) role = GroupRole( uuid.UUID(row["group_role_id"]), - group, + resource.group, Role(uuid.UUID(row["role_id"]), row["role_name"], tuple())) return { -- cgit v1.2.3