diff options
author | Frederick Muriuki Muriithi | 2024-06-10 12:39:22 -0500 |
---|---|---|
committer | Frederick Muriuki Muriithi | 2024-06-10 12:39:22 -0500 |
commit | 342933a0221aa0bbe0243e30d21cdfe5539bc269 (patch) | |
tree | 5d0ed81c863b0b06ce794fd24be23716ce64b3b5 /gn_auth | |
parent | 52bc7f5037acb4a0c7d55022a7f818a742706790 (diff) | |
download | gn-auth-342933a0221aa0bbe0243e30d21cdfe5539bc269.tar.gz |
Provide resource roles endpoint
Provide an endpoint that returns all the roles that a particular user
has on a specific resource.
Diffstat (limited to 'gn_auth')
-rw-r--r-- | gn_auth/auth/authorisation/resources/views.py | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/gn_auth/auth/authorisation/resources/views.py b/gn_auth/auth/authorisation/resources/views.py index 24b2416..22f72e7 100644 --- a/gn_auth/auth/authorisation/resources/views.py +++ b/gn_auth/auth/authorisation/resources/views.py @@ -474,3 +474,41 @@ def get_user_roles_on_resource(name) -> Response: token = jwt.encode(jose_header, payload, app.config["SSL_PRIVATE_KEY"]) response.headers["Authorization"] = f"Bearer {token.decode('utf-8')}" return response + + +@resources.route("/<uuid:resource_id>/role/<uuid:role_id>", methods=["GET"]) +@require_oauth("profile group resource") +def resource_role(resource_id: uuid.UUID, role_id: uuid.UUID): + """Fetch details for resource.""" + with (require_oauth.acquire("profile group resource") as _token, + db.connection(app.config["AUTH_DB"]) as conn, + db.cursor(conn) as cursor): + cursor.execute( + "SELECT rr.role_created_by, r.*, p.* FROM resource_roles AS rr " + "INNER JOIN roles AS r ON rr.role_id=r.role_id " + "INNER JOIN role_privileges AS rp ON r.role_id=rp.role_id " + "INNER JOIN privileges AS p ON rp.privilege_id=p.privilege_id " + "WHERE rr.resource_id=? AND rr.role_created_by=? AND rr.role_id=?", + (str(resource_id), str(_token.user.user_id), str(role_id))) + results = cursor.fetchall() + + if not bool(results): + msg = f"Could not find role with ID '{role_id}'." + return jsonify({ + "error": "RoleNotFound", + "error_description": msg, + "error_message": msg, + "message": msg + }), 404 + + _roles = tuple(reduce(__resultset_to_roles__, results, {}).values()) + if len(_roles) > 1: + msg = f"There is data corruption in the database." + return jsonify({ + "error": "RoleNotFound", + "error_description": msg, + "error_message": msg, + "message": msg + }), 500 + + return asdict(_roles[0]) |