diff --git a/gn_auth/auth/authorisation/resources/models.py b/gn_auth/auth/authorisation/resources/models.py
index a4df363..b8eaacb 100644
--- a/gn_auth/auth/authorisation/resources/models.py
+++ b/gn_auth/auth/authorisation/resources/models.py
@@ -15,7 +15,7 @@ from gn_auth.auth.authorisation.checks import authorised_p
from gn_auth.auth.errors import NotFoundError, AuthorisationError
from .system.models import system_resource
-from .checks import authorised_for, authorised_for_spec
+from .checks import can_edit, authorised_for_spec
from .base import Resource, ResourceCategory, resource_from_dbrow
from .common import assign_resource_owner_role, grant_access_to_sysadmins
from .groups.models import Group, is_group_leader
@@ -243,9 +243,7 @@ def link_data_to_resource(
data_link_ids: tuple[UUID, ...]
) -> tuple[dict, ...]:
"""Link data to resource."""
- if not authorised_for(
- conn, user, ("group:resource:edit-resource",),
- (resource_id,))[resource_id]:
+ if not can_edit(conn, user.user_id, resource_id):
raise AuthorisationError(
"You are not authorised to link data to resource with id "
f"{resource_id}")
@@ -261,9 +259,7 @@ def link_data_to_resource(
def unlink_data_from_resource(
conn: db.DbConnection, user: User, resource_id: UUID, data_link_id: UUID):
"""Unlink data from resource."""
- if not authorised_for(
- conn, user, ("group:resource:edit-resource",),
- (resource_id,))[resource_id]:
+ if not can_edit(conn, user.user_id, resource_id):
raise AuthorisationError(
"You are not authorised to link data to resource with id "
f"{resource_id}")
@@ -359,9 +355,7 @@ def save_resource(
conn: db.DbConnection, user: User, resource: Resource) -> Resource:
"""Update an existing resource."""
resource_id = resource.resource_id
- authorised = authorised_for(
- conn, user, ("group:resource:edit-resource",), (resource_id,))
- if authorised[resource_id]:
+ if can_edit(conn, user.user_id, resource_id):
with db.cursor(conn) as cursor:
cursor.execute(
"UPDATE resources SET "
|
