Remove group from resource objects

With the new schema, not all Resource objects are "owned" by a group. Those that are, are linked together through a different db table (`resource_ownership`). This commit removes the `Group` object from `Resource` objects and updates the `resource_ownership` where relevant.
author: Frederick Muriuki Muriithi 2023-09-13 11:23:45 +0300
committer: Frederick Muriuki Muriithi 2023-09-26 03:44:30 +0300
commit: 37771b3be3142f705101beb4c5dc34c1000962f9 (patch)
tree: fce04cba9f99144d7893d30cd5a4d1ffb8823e8d /gn_auth/auth/authorisation/roles
parent: dd759423739dafebe1d2ce7adb9fc1230ae0ee9d (diff)
download: gn-auth-37771b3be3142f705101beb4c5dc34c1000962f9.tar.gz
1 files changed, 11 insertions, 3 deletions
diff --git a/gn_auth/auth/authorisation/roles/models.py b/gn_auth/auth/authorisation/roles/models.py
index e1b0d6b..579c9dc 100644
--- a/gn_auth/auth/authorisation/roles/models.py
+++ b/gn_auth/auth/authorisation/roles/models.py
@@ -136,6 +136,9 @@ def assign_default_roles(cursor: db.DbCursor, user: User):
 
 def revoke_user_role_by_name(cursor: db.DbCursor, user: User, role_name: str):
     """Revoke a role from `user` by the role's name"""
+    # TODO: Pass in the resource_id - this works somewhat correctly, but it's
+    #       only because it is used in for revoking the "group-creator" role so
+    #       far
     cursor.execute(
         "SELECT role_id FROM roles WHERE role_name=:role_name",
         {"role_name": role_name})
@@ -146,7 +149,8 @@ def revoke_user_role_by_name(cursor: db.DbCursor, user: User, role_name: str):
              "WHERE user_id=:user_id AND role_id=:role_id"),
             {"user_id": str(user.user_id), "role_id": role["role_id"]})
 
-def assign_user_role_by_name(cursor: db.DbCursor, user: User, role_name: str):
+def assign_user_role_by_name(
+        cursor: db.DbCursor, user: User, resource_id: UUID, role_name: str):
     """Revoke a role from `user` by the role's name"""
     cursor.execute(
         "SELECT role_id FROM roles WHERE role_name=:role_name",
@@ -155,6 +159,10 @@ def assign_user_role_by_name(cursor: db.DbCursor, user: User, role_name: str):
 
     if role:
         cursor.execute(
-            ("INSERT INTO user_roles VALUES(:user_id, :role_id) "
+            ("INSERT INTO user_roles VALUES(:user_id, :role_id, :resource_id) "
              "ON CONFLICT DO NOTHING"),
-            {"user_id": str(user.user_id), "role_id": role["role_id"]})
+            {
+                "user_id": str(user.user_id),
+                "role_id": role["role_id"],
+                "resource_id": str(resource_id)
+            })
author	Frederick Muriuki Muriithi	2023-09-13 11:23:45 +0300
committer	Frederick Muriuki Muriithi	2023-09-26 03:44:30 +0300
commit	37771b3be3142f705101beb4c5dc34c1000962f9 (patch)
tree	fce04cba9f99144d7893d30cd5a4d1ffb8823e8d /gn_auth/auth/authorisation/roles
parent	dd759423739dafebe1d2ce7adb9fc1230ae0ee9d (diff)
download	gn-auth-37771b3be3142f705101beb4c5dc34c1000962f9.tar.gz