aboutsummaryrefslogtreecommitdiff
path: root/gn_auth/auth/authorisation/resources
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2023-09-13 11:23:45 +0300
committerFrederick Muriuki Muriithi2023-09-26 03:44:30 +0300
commit37771b3be3142f705101beb4c5dc34c1000962f9 (patch)
treefce04cba9f99144d7893d30cd5a4d1ffb8823e8d /gn_auth/auth/authorisation/resources
parentdd759423739dafebe1d2ce7adb9fc1230ae0ee9d (diff)
downloadgn-auth-37771b3be3142f705101beb4c5dc34c1000962f9.tar.gz
Remove group from resource objects
With the new schema, not all Resource objects are "owned" by a group. Those that are, are linked together through a different db table (`resource_ownership`). This commit removes the `Group` object from `Resource` objects and updates the `resource_ownership` where relevant.
Diffstat (limited to 'gn_auth/auth/authorisation/resources')
-rw-r--r--gn_auth/auth/authorisation/resources/data.py7
-rw-r--r--gn_auth/auth/authorisation/resources/genotype_resource.py3
-rw-r--r--gn_auth/auth/authorisation/resources/models.py90
-rw-r--r--gn_auth/auth/authorisation/resources/mrna_resource.py3
-rw-r--r--gn_auth/auth/authorisation/resources/phenotype_resource.py4
5 files changed, 45 insertions, 62 deletions
diff --git a/gn_auth/auth/authorisation/resources/data.py b/gn_auth/auth/authorisation/resources/data.py
index 8f5e625..54c500a 100644
--- a/gn_auth/auth/authorisation/resources/data.py
+++ b/gn_auth/auth/authorisation/resources/data.py
@@ -22,8 +22,7 @@ def __attach_data__(
}
organised: dict[UUID, tuple[dict, ...]] = reduce(__organise__, data_rows, {})
return tuple(
- Resource(
- resource.group, resource.resource_id, resource.resource_name,
- resource.resource_category, resource.public,
- organised.get(resource.resource_id, tuple()))
+ Resource(resource.resource_id, resource.resource_name,
+ resource.resource_category, resource.public,
+ organised.get(resource.resource_id, tuple()))
for resource in resources)
diff --git a/gn_auth/auth/authorisation/resources/genotype_resource.py b/gn_auth/auth/authorisation/resources/genotype_resource.py
index 03e2e68..206ab61 100644
--- a/gn_auth/auth/authorisation/resources/genotype_resource.py
+++ b/gn_auth/auth/authorisation/resources/genotype_resource.py
@@ -32,13 +32,12 @@ def link_data_to_resource(
"""Link Genotype data with a resource."""
with db.cursor(conn) as cursor:
params = {
- "group_id": str(resource.group.group_id),
"resource_id": str(resource.resource_id),
"data_link_id": str(data_link_id)
}
cursor.execute(
"INSERT INTO genotype_resources VALUES"
- "(:group_id, :resource_id, :data_link_id)",
+ "(:resource_id, :data_link_id)",
params)
return params
diff --git a/gn_auth/auth/authorisation/resources/models.py b/gn_auth/auth/authorisation/resources/models.py
index 783bf8a..f307fdc 100644
--- a/gn_auth/auth/authorisation/resources/models.py
+++ b/gn_auth/auth/authorisation/resources/models.py
@@ -4,8 +4,6 @@ from uuid import UUID, uuid4
from functools import reduce, partial
from typing import Dict, Sequence, Optional
-from pymonad.maybe import Just, Maybe, Nothing
-
from ...db import sqlite3 as db
from ...dictify import dictify
from ...authentication.users import User
@@ -13,8 +11,7 @@ from ...db.sqlite3 import with_db_connection
from ..checks import authorised_p
from ..errors import NotFoundError, AuthorisationError
-from ..groups.models import (
- Group, GroupRole, user_group, group_by_id, is_group_leader)
+from ..groups.models import Group, GroupRole, user_group, is_group_leader
from .checks import authorised_for
from .base import Resource, ResourceCategory
@@ -56,14 +53,13 @@ def __assign_resource_owner_role__(cursor, resource, user, group):
"role_id": role["role_id"]})
cursor.execute(
- "INSERT INTO group_user_roles_on_resources "
- "VALUES ("
- ":group_id, :user_id, :role_id, :resource_id"
- ")",
- {"group_id": str(resource.group_id),
- "user_id": str(user.user_id),
- "role_id": role["role_id"],
- "resource_id": str(resource.resource_id)})
+ "INSERT INTO user_roles "
+ "VALUES (:user_id, :role_id, :resource_id)",
+ {
+ "user_id": str(user.user_id),
+ "role_id": role["role_id"],
+ "resource_id": str(resource.resource_id)
+ })
@authorised_p(("group:resource:create-resource",),
error_description="Insufficient privileges to create a resource",
@@ -128,18 +124,8 @@ def public_resources(conn: db.DbConnection) -> Sequence[Resource]:
with db.cursor(conn) as cursor:
cursor.execute("SELECT * FROM resources WHERE public=1")
results = cursor.fetchall()
- group_uuids = tuple(row[0] for row in results)
- query = ("SELECT * FROM groups WHERE group_id IN "
- f"({', '.join(['?'] * len(group_uuids))})")
- cursor.execute(query, group_uuids)
- groups = {
- row[0]: Group(
- UUID(row[0]), row[1], json.loads(row[2] or "{}"))
- for row in cursor.fetchall()
- }
return tuple(
- Resource(groups[row[0]], UUID(row[1]), row[2], categories[row[3]],
- bool(row[4]))
+ Resource(UUID(row[0]), row[1], categories[row[2]], bool(row[3]))
for row in results)
def group_leader_resources(
@@ -148,11 +134,14 @@ def group_leader_resources(
"""Return all the resources available to the group leader"""
if is_group_leader(conn, user, group):
with db.cursor(conn) as cursor:
- cursor.execute("SELECT * FROM resources WHERE group_id=?",
- (str(group.group_id),))
+ cursor.execute(
+ "SELECT r.* FROM resource_ownership AS ro "
+ "INNER JOIN resources AS r "
+ "WHERE ro.group_id=?",
+ (str(group.group_id),))
return tuple(
- Resource(group, UUID(row[1]), row[2],
- res_categories[UUID(row[3])], bool(row[4]))
+ Resource(UUID(row[0]), row[1],
+ res_categories[UUID(row[2])], bool(row[3]))
for row in cursor.fetchall())
return tuple()
@@ -166,16 +155,14 @@ def user_resources(conn: db.DbConnection, user: User) -> Sequence[Resource]:
gl_resources = group_leader_resources(conn, user, group, categories)
cursor.execute(
- ("SELECT resources.* FROM group_user_roles_on_resources "
- "LEFT JOIN resources "
- "ON group_user_roles_on_resources.resource_id=resources.resource_id "
- "WHERE group_user_roles_on_resources.group_id = ? "
- "AND group_user_roles_on_resources.user_id = ?"),
- (str(group.group_id), str(user.user_id)))
+ ("SELECT resources.* FROM user_roles LEFT JOIN resources "
+ "ON user_roles.resource_id=resources.resource_id "
+ "WHERE user_roles.user_id=?"),
+ (str(user.user_id),))
rows = cursor.fetchall()
private_res = tuple(
- Resource(group, UUID(row[1]), row[2], categories[UUID(row[3])],
- bool(row[4]))
+ Resource(UUID(row[0]), row[1], categories[UUID(row[2])],
+ bool(row[3]))
for row in rows)
return tuple({
res.resource_id: res
@@ -216,7 +203,7 @@ def attach_resource_data(cursor: db.DbCursor, resource: Resource) -> Resource:
resource_data_function[category.resource_category_key](
cursor, resource.resource_id))
return Resource(
- resource.group, resource.resource_id, resource.resource_name,
+ resource.resource_id, resource.resource_name,
resource.resource_category, resource.public, data_rows)
def resource_by_id(
@@ -235,7 +222,6 @@ def resource_by_id(
row = cursor.fetchone()
if row:
return Resource(
- group_by_id(conn, UUID(row["group_id"])),
UUID(row["resource_id"]), row["resource_name"],
resource_category_by_id(conn, row["resource_category_id"]),
bool(int(row["public"])))
@@ -255,11 +241,12 @@ def link_data_to_resource(
resource = with_db_connection(partial(
resource_by_id, user=user, resource_id=resource_id))
- return {
+ return {# type: ignore[operator]
"mrna": mrna_link_data_to_resource,
"genotype": genotype_link_data_to_resource,
"phenotype": phenotype_link_data_to_resource,
- }[dataset_type.lower()](conn, resource, data_link_id)
+ }[dataset_type.lower()](
+ conn, resource, resource_group(conn, resource), data_link_id)
def unlink_data_from_resource(
conn: db.DbConnection, user: User, resource_id: UUID, data_link_id: UUID):
@@ -319,14 +306,12 @@ def assign_resource_user(
"""Assign `role` to `user` for the specific `resource`."""
with db.cursor(conn) as cursor:
cursor.execute(
- "INSERT INTO "
- "group_user_roles_on_resources(group_id, user_id, role_id, "
- "resource_id) "
- "VALUES (?, ?, ?, ?) "
- "ON CONFLICT (group_id, user_id, role_id, resource_id) "
+ "INSERT INTO user_roles(user_id, role_id, resource_id)"
+ "VALUES (?, ?, ?) "
+ "ON CONFLICT (user_id, role_id, resource_id) "
"DO NOTHING",
- (str(resource.group.group_id), str(user.user_id),
- str(role.role.role_id), str(resource.resource_id)))
+ (str(user.user_id), str(role.role.role_id),
+ str(resource.resource_id)))
return {
"resource": dictify(resource),
"user": dictify(user),
@@ -346,10 +331,11 @@ def unassign_resource_user(
"""Assign `role` to `user` for the specific `resource`."""
with db.cursor(conn) as cursor:
cursor.execute(
- "DELETE FROM group_user_roles_on_resources "
- "WHERE group_id=? AND user_id=? AND role_id=? AND resource_id=?",
- (str(resource.group.group_id), str(user.user_id),
- str(role.role.role_id), str(resource.resource_id)))
+ "DELETE FROM user_roles "
+ "WHERE user_id=? AND role_id=? AND resource_id=?",
+ (str(user.user_id),
+ str(role.role.role_id),
+ str(resource.resource_id)))
return {
"resource": dictify(resource),
"user": dictify(user),
@@ -371,12 +357,10 @@ def save_resource(
"UPDATE resources SET "
"resource_name=:resource_name, "
"public=:public "
- "WHERE group_id=:group_id "
- "AND resource_id=:resource_id",
+ "WHERE resource_id=:resource_id",
{
"resource_name": resource.resource_name,
"public": 1 if resource.public else 0,
- "group_id": str(resource.group.group_id),
"resource_id": str(resource.resource_id)
})
return resource
diff --git a/gn_auth/auth/authorisation/resources/mrna_resource.py b/gn_auth/auth/authorisation/resources/mrna_resource.py
index 77295f3..7fce227 100644
--- a/gn_auth/auth/authorisation/resources/mrna_resource.py
+++ b/gn_auth/auth/authorisation/resources/mrna_resource.py
@@ -30,13 +30,12 @@ def link_data_to_resource(
"""Link mRNA Assay data with a resource."""
with db.cursor(conn) as cursor:
params = {
- "group_id": str(resource.group.group_id),
"resource_id": str(resource.resource_id),
"data_link_id": str(data_link_id)
}
cursor.execute(
"INSERT INTO mrna_resources VALUES"
- "(:group_id, :resource_id, :data_link_id)",
+ "(:resource_id, :data_link_id)",
params)
return params
diff --git a/gn_auth/auth/authorisation/resources/phenotype_resource.py b/gn_auth/auth/authorisation/resources/phenotype_resource.py
index cf33579..046357c 100644
--- a/gn_auth/auth/authorisation/resources/phenotype_resource.py
+++ b/gn_auth/auth/authorisation/resources/phenotype_resource.py
@@ -5,6 +5,7 @@ from typing import Optional, Sequence
import sqlite3
import gn_auth.auth.db.sqlite3 as db
+from gn_auth.auth.authorisation.groups import Group
from .base import Resource
from .data import __attach_data__
@@ -27,11 +28,12 @@ def resource_data(
def link_data_to_resource(
conn: db.DbConnection,
resource: Resource,
+ group: Group,
data_link_id: uuid.UUID) -> dict:
"""Link Phenotype data with a resource."""
with db.cursor(conn) as cursor:
params = {
- "group_id": str(resource.group.group_id),
+ "group_id": str(group.group_id),
"resource_id": str(resource.resource_id),
"data_link_id": str(data_link_id)
}