diff options
author | Frederick Muriuki Muriithi | 2023-09-13 11:23:45 +0300 |
---|---|---|
committer | Frederick Muriuki Muriithi | 2023-09-26 03:44:30 +0300 |
commit | 37771b3be3142f705101beb4c5dc34c1000962f9 (patch) | |
tree | fce04cba9f99144d7893d30cd5a4d1ffb8823e8d /gn_auth/auth/authorisation/checks.py | |
parent | dd759423739dafebe1d2ce7adb9fc1230ae0ee9d (diff) | |
download | gn-auth-37771b3be3142f705101beb4c5dc34c1000962f9.tar.gz |
Remove group from resource objects
With the new schema, not all Resource objects are "owned" by a
group. Those that are, are linked together through a different db
table (`resource_ownership`).
This commit removes the `Group` object from `Resource` objects and
updates the `resource_ownership` where relevant.
Diffstat (limited to 'gn_auth/auth/authorisation/checks.py')
-rw-r--r-- | gn_auth/auth/authorisation/checks.py | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/gn_auth/auth/authorisation/checks.py b/gn_auth/auth/authorisation/checks.py index 55af0b1..ad71110 100644 --- a/gn_auth/auth/authorisation/checks.py +++ b/gn_auth/auth/authorisation/checks.py @@ -10,7 +10,7 @@ from .errors import InvalidData, AuthorisationError from ..db import sqlite3 as db from ..authentication.oauth2.resource_server import require_oauth -def __system_privileges_in_roles__(conn, user): +def __system_privileges_in_roles__(conn, user): # TODO: Remove this hack. """ This really is a hack since groups are not treated as resources at the moment of writing this. @@ -19,12 +19,11 @@ def __system_privileges_in_roles__(conn, user): """ query = ( "SELECT DISTINCT p.* FROM users AS u " - "INNER JOIN group_user_roles_on_resources AS guror " - "ON u.user_id=guror.user_id " - "INNER JOIN roles AS r ON guror.role_id=r.role_id " + "INNER JOIN user_roles AS ur ON u.user_id=ur.user_id " + "INNER JOIN roles AS r ON ur.role_id=r.role_id " "INNER JOIN role_privileges AS rp ON r.role_id=rp.role_id " "INNER JOIN privileges AS p ON rp.privilege_id=p.privilege_id " - "WHERE u.user_id=? AND p.privilege_id LIKE 'system:%'") + "WHERE u.user_id=? AND p.privilege_id LIKE 'system:%';") with db.cursor(conn) as cursor: cursor.execute(query, (str(user.user_id),)) return (row["privilege_id"] for row in cursor.fetchall()) |