aboutsummaryrefslogtreecommitdiff
path: root/gn_auth/auth
diff options
context:
space:
mode:
authorMunyoki Kilyungi2024-03-21 10:10:46 +0300
committerMunyoki Kilyungi2024-03-21 10:19:19 +0300
commitccd4ee5405f6a302283bac80dee15919dd3c6ffe (patch)
tree586921c94b09267b04d1bef598157d634d37249f /gn_auth/auth
parent7107b2b99058835bf0115955c3e79c23f9fb6bc9 (diff)
downloadgn-auth-ccd4ee5405f6a302283bac80dee15919dd3c6ffe.tar.gz
Add extra endpoint to get user authorisation given a resource name.
* gn_auth/auth/authorisation/resources/models.py (user_roles_on_resources): New function. * gn_auth/auth/authorisation/resources/views.py (resources_authorisation): New endpoint. Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
Diffstat (limited to 'gn_auth/auth')
-rw-r--r--gn_auth/auth/authorisation/resources/models.py11
-rw-r--r--gn_auth/auth/authorisation/resources/views.py24
2 files changed, 34 insertions, 1 deletions
diff --git a/gn_auth/auth/authorisation/resources/models.py b/gn_auth/auth/authorisation/resources/models.py
index 8bd8c73..60d24ff 100644
--- a/gn_auth/auth/authorisation/resources/models.py
+++ b/gn_auth/auth/authorisation/resources/models.py
@@ -420,3 +420,14 @@ def user_roles_on_resources(conn: db.DbConnection,
with db.cursor(conn) as cursor:
cursor.execute(query, params)
return reduce(__organise__, cursor.fetchall(), {})
+
+
+def get_resource_id(conn: db.DbConnection, name: str) -> Optional[str]:
+ """Given a resource_name, return it's resource_id."""
+ with db.cursor(conn) as cursor:
+ cursor.execute(
+ "SELECT resource_id \
+FROM resources as r WHERE r.resource_name=?", (name, ))
+ if res := cursor.fetchone():
+ return res["resource_id"]
+ return None
diff --git a/gn_auth/auth/authorisation/resources/views.py b/gn_auth/auth/authorisation/resources/views.py
index 13d9bdf..8034110 100644
--- a/gn_auth/auth/authorisation/resources/views.py
+++ b/gn_auth/auth/authorisation/resources/views.py
@@ -23,7 +23,8 @@ from .models import (
Resource, resource_data, resource_by_id, public_resources,
resource_categories, assign_resource_user, link_data_to_resource,
unassign_resource_user, resource_category_by_id, user_roles_on_resources,
- unlink_data_from_resource, create_resource as _create_resource)
+ unlink_data_from_resource, create_resource as _create_resource,
+ get_resource_id)
from .groups.models import Group, resource_owner, group_role_by_id
resources = Blueprint("resources", __name__)
@@ -372,3 +373,24 @@ def resources_authorisation():
resp.status_code = 400
return resp
+
+
+@resources.route("/authorisation/<name>", methods=["GET"])
+def get_user_roles_on_resource(name) -> Response:
+ """Get user authorisation for a given resource given it's name"""
+ resid = with_db_connection(
+ lambda conn: get_resource_id(conn, name)
+ )
+ with require_oauth.acquire("profile resource") as _token:
+ _resources = with_db_connection(
+ lambda conn: user_roles_on_resources(
+ conn, _token.user, (resid,)
+ )
+ )
+ return jsonify({
+ name: {
+ "roles": tuple(
+ asdict(rol) for rol in
+ _resources.get(resid, {}).get("roles", tuple()))
+ }
+ })