aboutsummaryrefslogtreecommitdiff
path: root/gn_auth/auth/authorisation/roles
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2024-06-17 15:41:52 -0500
committerFrederick Muriuki Muriithi2024-06-17 15:41:52 -0500
commit529165c1fda8b7f88bcc4fff4f227d95c7bf6ba5 (patch)
tree10cb33d85570a19011c3f75f75be98a3934802b6 /gn_auth/auth/authorisation/roles
parentb472424eca8ae14e154c41cee2a4ecd9d0810334 (diff)
downloadgn-auth-529165c1fda8b7f88bcc4fff4f227d95c7bf6ba5.tar.gz
Retrieve complete list of a users roles on a particular resource.
Diffstat (limited to 'gn_auth/auth/authorisation/roles')
-rw-r--r--gn_auth/auth/authorisation/roles/models.py22
1 files changed, 22 insertions, 0 deletions
diff --git a/gn_auth/auth/authorisation/roles/models.py b/gn_auth/auth/authorisation/roles/models.py
index f0e9745..03f88d7 100644
--- a/gn_auth/auth/authorisation/roles/models.py
+++ b/gn_auth/auth/authorisation/roles/models.py
@@ -7,6 +7,7 @@ from typing import Sequence, Iterable, Optional
from pymonad.either import Left, Right, Either
from gn_auth.auth.errors import NotFoundError, AuthorisationError
+from gn_auth.auth.authorisation.resources.base import Resource
from ...db import sqlite3 as db
from ...authentication.users import User
@@ -131,6 +132,27 @@ def user_roles(conn: db.DbConnection, user: User) -> Sequence[dict]:
__organise_privileges__, cursor.fetchall(), {}).values())
return tuple()
+
+def user_resource_roles(
+ conn: db.DbConnection,
+ user: User,
+ resource: Resource
+) -> tuple[Role]:
+ """Retrieve all roles assigned to a user for a particular resource."""
+ with db.cursor(conn) as cursor:
+ cursor.execute(
+ "SELECT ur.resource_id, ur.user_id, r.*, p.* "
+ "FROM user_roles AS ur "
+ "INNER JOIN roles AS r ON ur.role_id=r.role_id "
+ "INNER JOIN role_privileges AS rp ON r.role_id=rp.role_id "
+ "INNER JOIN privileges AS p ON rp.privilege_id=p.privilege_id "
+ "WHERE ur.user_id=? AND ur.resource_id=?",
+ (str(user.user_id), str(resource.resource_id)))
+
+ return db_rows_to_roles(cursor.fetchall())
+ return tuple()
+
+
def user_role(conn: db.DbConnection, user: User, role_id: UUID) -> Either:
"""Retrieve a specific non-resource role assigned to the user."""
with db.cursor(conn) as cursor: