aboutsummaryrefslogtreecommitdiff
path: root/gn_auth/auth/authorisation/resources
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2023-09-26 03:17:54 +0300
committerFrederick Muriuki Muriithi2023-09-26 03:44:34 +0300
commit5d3dffd703822b019f39e7b898758085b88b4809 (patch)
treef140ff95bd4c79678a227c628708ef54828c6e16 /gn_auth/auth/authorisation/resources
parentac11c943c50633ed39f31688e78f9bcb933f78a7 (diff)
downloadgn-auth-5d3dffd703822b019f39e7b898758085b88b4809.tar.gz
Update query
Replace `group_user_roles_on_resources` table with `user_roles` for the query that checks whether the user has appropriate permissions to act on a specific resource.
Diffstat (limited to 'gn_auth/auth/authorisation/resources')
-rw-r--r--gn_auth/auth/authorisation/resources/checks.py12
1 files changed, 5 insertions, 7 deletions
diff --git a/gn_auth/auth/authorisation/resources/checks.py b/gn_auth/auth/authorisation/resources/checks.py
index db975de..717e5e4 100644
--- a/gn_auth/auth/authorisation/resources/checks.py
+++ b/gn_auth/auth/authorisation/resources/checks.py
@@ -24,14 +24,12 @@ def authorised_for(conn: db.DbConnection, user: User, privileges: tuple[str],
"""
with db.cursor(conn) as cursor:
cursor.execute(
- ("SELECT guror.*, rp.privilege_id FROM "
- "group_user_roles_on_resources AS guror "
- "INNER JOIN group_roles AS gr ON "
- "(guror.group_id=gr.group_id AND guror.role_id=gr.role_id) "
- "INNER JOIN roles AS r ON gr.role_id=r.role_id "
+ ("SELECT ur.*, rp.privilege_id FROM "
+ "user_roles AS ur "
+ "INNER JOIN roles AS r ON ur.role_id=r.role_id "
"INNER JOIN role_privileges AS rp ON r.role_id=rp.role_id "
- "WHERE guror.user_id=? "
- f"AND guror.resource_id IN ({', '.join(['?']*len(resource_ids))})"
+ "WHERE ur.user_id=? "
+ f"AND ur.resource_id IN ({', '.join(['?']*len(resource_ids))})"
f"AND rp.privilege_id IN ({', '.join(['?']*len(privileges))})"),
((str(user.user_id),) + tuple(
str(r_id) for r_id in resource_ids) + tuple(privileges)))