diff options
| author | Frederick Muriuki Muriithi | 2025-07-30 10:04:10 -0500 |
|---|---|---|
| committer | Frederick Muriuki Muriithi | 2025-07-30 10:04:10 -0500 |
| commit | 12d7e7c50f0dbd56e102790d9b412efb6e013edb (patch) | |
| tree | 0da36b09f55800fa73b6ad44901dca0d4b09d33d | |
| parent | 7382e55abd2b55df53cfd47ac2efe4d7a43b1275 (diff) | |
| download | gn-auth-12d7e7c50f0dbd56e102790d9b412efb6e013edb.tar.gz | |
Grant user `system-administrator` role on all resources
During promotion of a user to system admin, grant the user `system-administrator` role on all resources in the system.
| -rw-r--r-- | gn_auth/auth/authorisation/resources/views.py | 2 | ||||
| -rw-r--r-- | gn_auth/auth/authorisation/users/admin/models.py | 15 |
2 files changed, 5 insertions, 12 deletions
diff --git a/gn_auth/auth/authorisation/resources/views.py b/gn_auth/auth/authorisation/resources/views.py index f39cc59..a960ca3 100644 --- a/gn_auth/auth/authorisation/resources/views.py +++ b/gn_auth/auth/authorisation/resources/views.py @@ -685,8 +685,6 @@ def delete_resource(): form = request_json() try: resource_id = UUID(form.get("resource_id")) - # TODO Update user-levels promotion/demotion to grant/revoke - # (system:resource:*) to/from admin users if not authorised_for_spec( conn, the_token.user.user_id, diff --git a/gn_auth/auth/authorisation/users/admin/models.py b/gn_auth/auth/authorisation/users/admin/models.py index 21e4a58..03a027e 100644 --- a/gn_auth/auth/authorisation/users/admin/models.py +++ b/gn_auth/auth/authorisation/users/admin/models.py @@ -28,19 +28,14 @@ def grant_sysadmin_role(cursor: db.DbCursor, user: User) -> User: cursor.execute( "SELECT * FROM roles WHERE role_name='system-administrator'") admin_role = cursor.fetchone() - cursor.execute( - "SELECT * FROM resources AS r " - "INNER JOIN resource_categories AS rc " - "ON r.resource_category_id=rc.resource_category_id " - "WHERE resource_category_key='system'") - the_system = cursor.fetchone() - cursor.execute( + cursor.execute("SELECT resources.resource_id FROM resources") + cursor.executemany( "INSERT INTO user_roles VALUES (:user_id, :role_id, :resource_id)", - { + tuple({ "user_id": str(user.user_id), "role_id": admin_role["role_id"], - "resource_id": the_system["resource_id"] - }) + "resource_id": resource_id + } for resource_id in cursor.fetchall())) return user |