From ecce454ca9d0f374e22da8401206e3b1695dbded Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Thu, 2 Feb 2023 14:15:29 +0300
Subject: auth: Improve authorisation

Retrieve the token, and user in the authorisation decorator to enable checking
of privileges.
---
 gn3/auth/authorisation/roles/models.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'gn3/auth/authorisation/roles')

diff --git a/gn3/auth/authorisation/roles/models.py b/gn3/auth/authorisation/roles/models.py
index b1aac75..26b8f0a 100644
--- a/gn3/auth/authorisation/roles/models.py
+++ b/gn3/auth/authorisation/roles/models.py
@@ -27,7 +27,9 @@ class Role(NamedTuple):
             "privileges": tuple(dictify(priv) for priv in self.privileges)
         }
 
-@authorised_p(("group:role:create-role",), error_message="Could not create role")
+@authorised_p(
+    privileges = ("group:role:create-role",),
+    error_description="Could not create role")
 def create_role(
         cursor: db.DbCursor, role_name: str,
         privileges: Iterable[Privilege]) -> Role:
-- 
cgit 1.4.1