From a11bd7a2c7f5b9a82ce70b7baf9eae92561ed905 Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Tue, 15 Nov 2022 13:08:56 +0300 Subject: auth: Return results of calling function directly * gn3/auth/authorisation/checks.py: Return results of calling the function rather than a dict of values that include the results. * gn3/auth/authorisation/groups.py: Use the newer form of `authorised_p` decorator. * tests/unit/auth/test_groups.py: Update tests --- gn3/auth/authorisation/checks.py | 14 ++++++-------- gn3/auth/authorisation/groups.py | 5 +---- 2 files changed, 7 insertions(+), 12 deletions(-) (limited to 'gn3') diff --git a/gn3/auth/authorisation/checks.py b/gn3/auth/authorisation/checks.py index f14c5c7..3181655 100644 --- a/gn3/auth/authorisation/checks.py +++ b/gn3/auth/authorisation/checks.py @@ -1,6 +1,6 @@ """Functions to check for authorisation.""" from functools import wraps -from typing import Union, Callable +from typing import Callable from flask import g, current_app as app @@ -9,8 +9,6 @@ from . import privileges as auth_privs def authorised_p( privileges: tuple[str], - success_message: Union[str, bool] = ( - "Successfully authorised requested action"), error_message: str = ( "You lack authorisation to perform requested action")): """Authorisation decorator.""" @@ -20,15 +18,15 @@ def authorised_p( def __authoriser__(*args, **kwargs): if hasattr(g, "user_id") and g.user_id: with db.connection(app.config["AUTH_DB"]) as conn: - user_privileges = auth_privs.user_privileges(conn, g.user_id) + user_privileges = tuple( + priv.privilege_name for priv in + auth_privs.user_privileges(conn, g.user_id)) not_assigned = [ priv for priv in privileges if priv not in user_privileges] if len(not_assigned) == 0: - return { - "status": "success", - "message": success_message, - "results": func(*args, **kwargs)} + return func(*args, **kwargs) + return { "status": "error", "message": f"Unauthorised: {error_message}" diff --git a/gn3/auth/authorisation/groups.py b/gn3/auth/authorisation/groups.py index b996d21..f3345c3 100644 --- a/gn3/auth/authorisation/groups.py +++ b/gn3/auth/authorisation/groups.py @@ -7,15 +7,12 @@ from .privileges import Privilege from .roles import Role, create_role from .checks import authorised_p -@authorised_p( - ("create-group",), success_message="Successfully created group.", - error_message="Failed to create group.") -def create_group(conn, group_name): class Group(NamedTuple): """Class representing a group.""" group_id: UUID group_name: str +@authorised_p(("create-group",), error_message="Failed to create group.") def create_group(conn: db.DbConnection, group_name: str) -> Group: """Create a group""" group = Group(uuid4(), group_name) -- cgit v1.2.3