diff options
author | Frederick Muriuki Muriithi | 2024-06-17 11:00:55 -0500 |
---|---|---|
committer | Frederick Muriuki Muriithi | 2024-06-17 11:00:55 -0500 |
commit | 7148cca0f169ffbace5c1d19d9831e66c1fd7647 (patch) | |
tree | c5a2f5c83ef66616129577047615260fa3c5f43f | |
parent | 03bbb4df4e7a6a6b0bbccfabe8a28b380d12bd80 (diff) | |
download | gn-auth-7148cca0f169ffbace5c1d19d9831e66c1fd7647.tar.gz |
Don't save the resource-owner role as a resource role
The 'resource-owner' role is a system-default role that applies to
most resources, but should not be editable by users. This commit
removes the code that was linking the role with each resource, leading
it to being presented to the user as a editable role.
-rw-r--r-- | gn_auth/auth/authorisation/resources/models.py | 16 |
1 files changed, 1 insertions, 15 deletions
diff --git a/gn_auth/auth/authorisation/resources/models.py b/gn_auth/auth/authorisation/resources/models.py index 95a7f1c..c6c2e9e 100644 --- a/gn_auth/auth/authorisation/resources/models.py +++ b/gn_auth/auth/authorisation/resources/models.py @@ -36,22 +36,8 @@ from .errors import MissingGroupError def __assign_resource_owner_role__(cursor, resource, user): """Assign `user` the 'Resource Owner' role for `resource`.""" - cursor.execute( - "SELECT rr.* FROM resource_roles AS rr INNER JOIN roles AS r " - "ON rr.role_id=r.role_id WHERE r.role_name='resource-owner' " - "AND rr.resource_id=?", - (str(resource.resource_id),)) + cursor.execute("SELECT * FROM roles WHERE role_name='resource-owner'") role = cursor.fetchone() - if not role: - cursor.execute("SELECT * FROM roles WHERE role_name='resource-owner'") - role = cursor.fetchone() - cursor.execute( - "INSERT INTO resource_roles(resource_id, role_created_by, role_id) " - "VALUES (:resource_id, :user_id, :role_id)", - {"resource_id": str(resource.resource_id), - "user_id": str(user.user_id), - "role_id": role["role_id"]}) - cursor.execute( "INSERT INTO user_roles " "VALUES (:user_id, :role_id, :resource_id) " |