diff options
| author | Frederick Muriuki Muriithi | 2024-09-30 15:44:21 -0500 |
|---|---|---|
| committer | Frederick Muriuki Muriithi | 2024-09-30 15:44:21 -0500 |
| commit | 5b7cbb34cf0f9a3d6be2fa4122cfaf58f23f3fa6 (patch) | |
| tree | 9659ac4671b67f13bb0359927ee1c66dbb12c3ae | |
| parent | 1c3bcf2716ab56ed128c093b17a4adfb857dac11 (diff) | |
| download | gn-auth-5b7cbb34cf0f9a3d6be2fa4122cfaf58f23f3fa6.tar.gz | |
Create a better named function, with less data in the args.
The new name serves better to reflect what the function does.
We then pass only the data that the function needs to perform its
operation rather than full objects with extra data — this has
implications for security.
| -rw-r--r-- | gn_auth/auth/authorisation/roles/models.py | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/gn_auth/auth/authorisation/roles/models.py b/gn_auth/auth/authorisation/roles/models.py index dc1dfdc..2729b3b 100644 --- a/gn_auth/auth/authorisation/roles/models.py +++ b/gn_auth/auth/authorisation/roles/models.py @@ -133,10 +133,10 @@ def user_roles(conn: db.DbConnection, user: User) -> Sequence[dict]: return tuple() -def user_resource_roles( +def user_roles_on_resource( conn: db.DbConnection, - user: User, - resource: Resource + user_id: UUID, + resource_id: UUID ) -> tuple[Role, ...]: """Retrieve all roles assigned to a user for a particular resource.""" with db.cursor(conn) as cursor: @@ -147,12 +147,22 @@ def user_resource_roles( "INNER JOIN role_privileges AS rp ON r.role_id=rp.role_id " "INNER JOIN privileges AS p ON rp.privilege_id=p.privilege_id " "WHERE ur.user_id=? AND ur.resource_id=?", - (str(user.user_id), str(resource.resource_id))) + (str(user_id), str(resource_id))) return db_rows_to_roles(cursor.fetchall()) return tuple() +def user_resource_roles( + conn: db.DbConnection, + user: User, + resource: Resource +) -> tuple[Role, ...]: + "Retrieve roles a user has on a particular resource." + # TODO: Temporary placeholder to prevent system from breaking. + return user_roles_on_resource(conn, user.user_id, resource.resource_id) + + def user_role(conn: db.DbConnection, user: User, role_id: UUID) -> Either: """Retrieve a specific non-resource role assigned to the user.""" with db.cursor(conn) as cursor: |