diff options
| author | Frederick Muriuki Muriithi | 2025-07-29 11:27:06 -0500 |
|---|---|---|
| committer | Frederick Muriuki Muriithi | 2025-07-29 11:27:06 -0500 |
| commit | 924414822fed4c4a9efc8f91506a359c1072a03e (patch) | |
| tree | 54a9e5331edbe79552521a3a6dfe3dc41225e668 | |
| parent | 341f19d2079732f0dc37e507f5dc2ad9dce35c4e (diff) | |
| download | gn-auth-924414822fed4c4a9efc8f91506a359c1072a03e.tar.gz | |
Refactor: Replace old auth-checking function with spec-based one.
| -rw-r--r-- | gn_auth/auth/authorisation/resources/models.py | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/gn_auth/auth/authorisation/resources/models.py b/gn_auth/auth/authorisation/resources/models.py index e538a87..b4adfc0 100644 --- a/gn_auth/auth/authorisation/resources/models.py +++ b/gn_auth/auth/authorisation/resources/models.py @@ -15,7 +15,7 @@ from gn_auth.auth.authorisation.privileges import Privilege from gn_auth.auth.authorisation.checks import authorised_p from gn_auth.auth.errors import NotFoundError, AuthorisationError -from .checks import authorised_for +from .checks import authorised_for, authorised_for_spec from .base import Resource, ResourceCategory, resource_from_dbrow from .common import assign_resource_owner_role from .groups.models import Group, is_group_leader @@ -187,9 +187,11 @@ def attach_resource_data(cursor: db.DbCursor, resource: Resource) -> Resource: def resource_by_id( conn: db.DbConnection, user: User, resource_id: UUID) -> Resource: """Retrieve a resource by its ID.""" - if not authorised_for( - conn, user, ("group:resource:view-resource",), - (resource_id,))[resource_id]: + if not authorised_for_spec( + conn, + user.user_id, + resource_id, + "(OR group:resource:view-resource system:resource:view)"): raise AuthorisationError( "You are not authorised to access resource with id " f"'{resource_id}'.") |