aboutsummaryrefslogtreecommitdiff
path: root/gn_auth/auth/authorisation/resources
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2024-06-17 11:00:55 -0500
committerFrederick Muriuki Muriithi2024-06-17 11:00:55 -0500
commit7148cca0f169ffbace5c1d19d9831e66c1fd7647 (patch)
treec5a2f5c83ef66616129577047615260fa3c5f43f /gn_auth/auth/authorisation/resources
parent03bbb4df4e7a6a6b0bbccfabe8a28b380d12bd80 (diff)
downloadgn-auth-7148cca0f169ffbace5c1d19d9831e66c1fd7647.tar.gz
Don't save the resource-owner role as a resource role
The 'resource-owner' role is a system-default role that applies to most resources, but should not be editable by users. This commit removes the code that was linking the role with each resource, leading it to being presented to the user as a editable role.
Diffstat (limited to 'gn_auth/auth/authorisation/resources')
-rw-r--r--gn_auth/auth/authorisation/resources/models.py16
1 files changed, 1 insertions, 15 deletions
diff --git a/gn_auth/auth/authorisation/resources/models.py b/gn_auth/auth/authorisation/resources/models.py
index 95a7f1c..c6c2e9e 100644
--- a/gn_auth/auth/authorisation/resources/models.py
+++ b/gn_auth/auth/authorisation/resources/models.py
@@ -36,22 +36,8 @@ from .errors import MissingGroupError
def __assign_resource_owner_role__(cursor, resource, user):
"""Assign `user` the 'Resource Owner' role for `resource`."""
- cursor.execute(
- "SELECT rr.* FROM resource_roles AS rr INNER JOIN roles AS r "
- "ON rr.role_id=r.role_id WHERE r.role_name='resource-owner' "
- "AND rr.resource_id=?",
- (str(resource.resource_id),))
+ cursor.execute("SELECT * FROM roles WHERE role_name='resource-owner'")
role = cursor.fetchone()
- if not role:
- cursor.execute("SELECT * FROM roles WHERE role_name='resource-owner'")
- role = cursor.fetchone()
- cursor.execute(
- "INSERT INTO resource_roles(resource_id, role_created_by, role_id) "
- "VALUES (:resource_id, :user_id, :role_id)",
- {"resource_id": str(resource.resource_id),
- "user_id": str(user.user_id),
- "role_id": role["role_id"]})
-
cursor.execute(
"INSERT INTO user_roles "
"VALUES (:user_id, :role_id, :resource_id) "