about summary refs log tree commit diff
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2025-07-31 16:13:33 -0500
committerFrederick Muriuki Muriithi2025-07-31 16:13:33 -0500
commit56378b428b6bc50927fe226539c4d6ad8814b7d2 (patch)
treef5ecafbaa6601e4fcdef5a04da6e6cdef1b8b16b
parent13fc23d55ff5e28a8d98f404144d337f7b2111d7 (diff)
downloadgn-auth-56378b428b6bc50927fe226539c4d6ad8814b7d2.tar.gz
Grant sysadmins access to user group when its created.
Diffstat
-rw-r--r--gn_auth/auth/authorisation/resources/groups/models.py18


1 files changed, 12 insertions, 6 deletions
diff --git a/gn_auth/auth/authorisation/resources/groups/models.py b/gn_auth/auth/authorisation/resources/groups/models.py
index 34f9b93..d0aaef8 100644
--- a/gn_auth/auth/authorisation/resources/groups/models.py
+++ b/gn_auth/auth/authorisation/resources/groups/models.py
@@ -17,6 +17,9 @@ from gn_auth.auth.authentication.users import User, user_by_id
 from gn_auth.auth.authorisation.checks import authorised_p
 from gn_auth.auth.authorisation.privileges import Privilege
 from gn_auth.auth.authorisation.resources.errors import MissingGroupError
+from gn_auth.auth.authorisation.resources.system.models import system_resource
+from gn_auth.auth.authorisation.resources.common import (
+    grant_access_to_sysadmins)
 from gn_auth.auth.authorisation.resources.base import (
     Resource,
     resource_from_dbrow)
@@ -122,9 +125,10 @@ def create_group(
             cursor, group_name, (
                 {"group_description": group_description}
                 if group_description else {}))
+        _group_resource_id = uuid4()
         _group_resource = {
             "group_id": str(new_group.group_id),
-            "resource_id": str(uuid4()),
+            "resource_id": str(_group_resource_id),
             "resource_name": group_name,
             "resource_category_id": str(
                 resource_category_by_key(
@@ -140,13 +144,15 @@ def create_group(
             "INSERT INTO group_resources(resource_id, group_id) "
             "VALUES(:resource_id, :group_id)",
             _group_resource)
+        grant_access_to_sysadmins(cursor,
+                                  _group_resource_id,
+                                  system_resource(conn).resource_id)
         add_user_to_group(cursor, new_group, group_leader)
         revoke_user_role_by_name(cursor, group_leader, "group-creator")
-        assign_user_role_by_name(
-            cursor,
-            group_leader,
-            UUID(str(_group_resource["resource_id"])),
-            "group-leader")
+        assign_user_role_by_name(cursor,
+                                 group_leader,
+                                 _group_resource_id,
+                                 "group-leader")
         return new_group
 
 

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-10-05 09:16:21 +0000