diff options
author | Frederick Muriuki Muriithi | 2024-06-11 12:53:23 -0500 |
---|---|---|
committer | Frederick Muriuki Muriithi | 2024-06-11 12:53:23 -0500 |
commit | afa8a57015a070fbb37a22bca673f77abd6df50b (patch) | |
tree | 0f4e333fa048c2a11015ad44dea9c4038cf07325 /gn_auth/auth/authorisation/resources | |
parent | a060c0d277300d5fda06772bf95e1456159111e2 (diff) | |
download | gn-auth-afa8a57015a070fbb37a22bca673f77abd6df50b.tar.gz |
Temporary fix to retrieve users with read access to resource.
Diffstat (limited to 'gn_auth/auth/authorisation/resources')
-rw-r--r-- | gn_auth/auth/authorisation/resources/views.py | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/gn_auth/auth/authorisation/resources/views.py b/gn_auth/auth/authorisation/resources/views.py index 4c8411f..50f0d8e 100644 --- a/gn_auth/auth/authorisation/resources/views.py +++ b/gn_auth/auth/authorisation/resources/views.py @@ -169,10 +169,27 @@ def resource_users(resource_id: UUID): """Retrieve all users with access to the given resource.""" with require_oauth.acquire("profile group resource") as the_token: def __the_users__(conn: db.DbConnection): - authorised = authorised_for( - conn, the_token.user, - ("group:resource:edit-resource","group:resource:view-resource"), + ########## BEGIN: HACK ########## + # This hack gets the UI to work, but needs replacing. + # It resolves (albeit, temporarily) the bug introduced after a + # refactor that made the system itself, and the groups into + # resources. + grouplevelauth = authorised_for( + conn, + the_token.user, + ("group:resource:view-resource",), + (resource_id,)) + systemlevelauth = __pk__authorised_for( + conn, + the_token.user, + ("system:user:list",), (resource_id,)) + authorised = { + key: (grouplevelauth.get(key, False) + or systemlevelauth.get(key, False)) + for key in grouplevelauth.keys() | systemlevelauth.keys() + } + ########## END: HACK ########## if authorised.get(resource_id, False): with db.cursor(conn) as cursor: def __organise_users_n_roles__(users_n_roles, row): |