gn3/auth/authorisation/checks.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

"""Functions to check for authorisation."""
from functools import wraps
from typing import Callable

from flask import g, current_app as app

from gn3.auth import db
from . import privileges as auth_privs

def authorised_p(
        privileges: tuple[str],
        error_message: str = (
            "You lack authorisation to perform requested action")):
    """Authorisation decorator."""
    assert len(privileges) > 0, "You must provide at least one privilege"
    def __build_authoriser__(func: Callable):
        @wraps(func)
        def __authoriser__(*args, **kwargs):
            if hasattr(g, "user_id") and g.user_id:
                with db.connection(app.config["AUTH_DB"]) as conn:
                    user_privileges = tuple(
                        priv.privilege_name for priv in
                        auth_privs.user_privileges(conn, g.user_id))

                not_assigned = [
                    priv for priv in privileges if priv not in user_privileges]
                if len(not_assigned) == 0:
                    return func(*args, **kwargs)

            return {
                "status": "error",
                "message": f"Unauthorised: {error_message}"
            }
        return __authoriser__
    return __build_authoriser__