diff options
| author | Frederick Muriuki Muriithi | 2025-07-29 09:13:05 -0500 |
|---|---|---|
| committer | Frederick Muriuki Muriithi | 2025-07-29 09:13:05 -0500 |
| commit | 62eb337754cf2640c010ba51e0cd954c1b3ba1c8 (patch) | |
| tree | acbde966cf303e46e06c59d1816211b886106582 | |
| parent | eda1ac9e8cb98421e3d12e6a3e51dc8384f19837 (diff) | |
| download | gn-auth-62eb337754cf2640c010ba51e0cd954c1b3ba1c8.tar.gz | |
Create outline for deleting user groups from the auth server.
| -rw-r--r-- | gn_auth/auth/authorisation/resources/views.py | 47 |
1 files changed, 46 insertions, 1 deletions
diff --git a/gn_auth/auth/authorisation/resources/views.py b/gn_auth/auth/authorisation/resources/views.py index 0a68927..f497219 100644 --- a/gn_auth/auth/authorisation/resources/views.py +++ b/gn_auth/auth/authorisation/resources/views.py @@ -39,12 +39,12 @@ from gn_auth.auth.authorisation.roles.models import ( from gn_auth.auth.authentication.oauth2.resource_server import require_oauth from gn_auth.auth.authentication.users import User, user_by_id, user_by_email -from .checks import authorised_for from .inbredset.views import popbp from .genotypes.views import genobp from .phenotypes.views import phenobp from .errors import MissingGroupError from .groups.models import Group, user_group +from .checks import authorised_for, authorised_for_spec from .models import ( Resource, resource_data, resource_by_id, public_resources, resource_categories, assign_resource_user, link_data_to_resource, @@ -673,3 +673,48 @@ def user_resource_roles(resource_id: UUID, user_id: UUID): return jsonify([asdict(role) for role in _user_resource_roles(conn, _token.user, _resource)]) + + +@resources.route("/delete", methods=["POST"]) +@require_oauth("profile group resource") +def delete_resource() -> Response: + """Delete the specified resource, if possible.""" + with (require_oauth.acquire("profile group resource") as the_token, + db.connection(app.config["AUTH_DB"]) as conn): + form = request_json() + try: + resource_id = UUID(form.get("resource_id")) + # TODO Add migrations to set up new privileges (system:resource:*) + # TODO Add migrations to grant privileges (system:resource:*) to admin users + # TODO Update resource creation to grant privileges (system:resource:*) to admin users + # TODO Update user-levels promotion/demotion to grant/revoke (system:resource:*) to/from admin users + if not authorised_for_spec( + conn, + the_token.user.user_id, + resource_id, + "(OR group:resource:delete-resource system:resource:delete-all)"): + raise AuthorisationError("You do not have the appropriate " + "privileges to delete this resource.") + + data = resource_data( + conn, + resource_by_id(conn, the_token.user, resource_id), + 0, + 10) + if bool(data): + return jsonify({ + "error": "NonEmptyResouce", + "error-description": "Cannot delete a resource with linked data" + }), 400 + except ValueError as _verr: + logger.debug("Error!", exc_info=True) + return jsonify({ + "error": "ValueError", + "error-description": "An invalid identifier was provided" + }), 400 + except TypeError as _terr: + logger.debug("Error!", exc_info=True) + return jsonify({ + "error": "TypeError", + "error-description": "An invalid identifier was provided" + }), 400 |