diff options
author | Munyoki Kilyungi | 2024-03-21 10:10:46 +0300 |
---|---|---|
committer | Munyoki Kilyungi | 2024-03-21 10:19:19 +0300 |
commit | ccd4ee5405f6a302283bac80dee15919dd3c6ffe (patch) | |
tree | 586921c94b09267b04d1bef598157d634d37249f /gn_auth | |
parent | 7107b2b99058835bf0115955c3e79c23f9fb6bc9 (diff) | |
download | gn-auth-ccd4ee5405f6a302283bac80dee15919dd3c6ffe.tar.gz |
Add extra endpoint to get user authorisation given a resource name.
* gn_auth/auth/authorisation/resources/models.py
(user_roles_on_resources): New function.
* gn_auth/auth/authorisation/resources/views.py
(resources_authorisation): New endpoint.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
Diffstat (limited to 'gn_auth')
-rw-r--r-- | gn_auth/auth/authorisation/resources/models.py | 11 | ||||
-rw-r--r-- | gn_auth/auth/authorisation/resources/views.py | 24 |
2 files changed, 34 insertions, 1 deletions
diff --git a/gn_auth/auth/authorisation/resources/models.py b/gn_auth/auth/authorisation/resources/models.py index 8bd8c73..60d24ff 100644 --- a/gn_auth/auth/authorisation/resources/models.py +++ b/gn_auth/auth/authorisation/resources/models.py @@ -420,3 +420,14 @@ def user_roles_on_resources(conn: db.DbConnection, with db.cursor(conn) as cursor: cursor.execute(query, params) return reduce(__organise__, cursor.fetchall(), {}) + + +def get_resource_id(conn: db.DbConnection, name: str) -> Optional[str]: + """Given a resource_name, return it's resource_id.""" + with db.cursor(conn) as cursor: + cursor.execute( + "SELECT resource_id \ +FROM resources as r WHERE r.resource_name=?", (name, )) + if res := cursor.fetchone(): + return res["resource_id"] + return None diff --git a/gn_auth/auth/authorisation/resources/views.py b/gn_auth/auth/authorisation/resources/views.py index 13d9bdf..8034110 100644 --- a/gn_auth/auth/authorisation/resources/views.py +++ b/gn_auth/auth/authorisation/resources/views.py @@ -23,7 +23,8 @@ from .models import ( Resource, resource_data, resource_by_id, public_resources, resource_categories, assign_resource_user, link_data_to_resource, unassign_resource_user, resource_category_by_id, user_roles_on_resources, - unlink_data_from_resource, create_resource as _create_resource) + unlink_data_from_resource, create_resource as _create_resource, + get_resource_id) from .groups.models import Group, resource_owner, group_role_by_id resources = Blueprint("resources", __name__) @@ -372,3 +373,24 @@ def resources_authorisation(): resp.status_code = 400 return resp + + +@resources.route("/authorisation/<name>", methods=["GET"]) +def get_user_roles_on_resource(name) -> Response: + """Get user authorisation for a given resource given it's name""" + resid = with_db_connection( + lambda conn: get_resource_id(conn, name) + ) + with require_oauth.acquire("profile resource") as _token: + _resources = with_db_connection( + lambda conn: user_roles_on_resources( + conn, _token.user, (resid,) + ) + ) + return jsonify({ + name: { + "roles": tuple( + asdict(rol) for rol in + _resources.get(resid, {}).get("roles", tuple())) + } + }) |