diff options
| author | Frederick Muriuki Muriithi | 2026-04-23 12:25:24 -0500 |
|---|---|---|
| committer | Frederick Muriuki Muriithi | 2026-04-23 12:25:24 -0500 |
| commit | 2252a58bcd22d1241eae47444efc8a3f2393b02a (patch) | |
| tree | 3bb9eea67bb400ca2e1ca479fcbbfbe3ef98b833 /gn_auth | |
| parent | 20454143d8ba92cfbe70a0f59f1158a934054cab (diff) | |
| download | gn-auth-2252a58bcd22d1241eae47444efc8a3f2393b02a.tar.gz | |
Allow anonymous users "public-view" privileges.
The default system-level privilege is the "public-view", i.e. the users can view basic details about the Genenetwork system. If no authorisation is provided when accessing the /auth/system/roles endpoint, return the default role/privilege.
Diffstat (limited to 'gn_auth')
| -rw-r--r-- | gn_auth/auth/authorisation/resources/system/views.py | 27 |
1 files changed, 21 insertions, 6 deletions
diff --git a/gn_auth/auth/authorisation/resources/system/views.py b/gn_auth/auth/authorisation/resources/system/views.py index b0d40c2..d7a57a9 100644 --- a/gn_auth/auth/authorisation/resources/system/views.py +++ b/gn_auth/auth/authorisation/resources/system/views.py @@ -1,19 +1,34 @@ """Views relating to `System` resource(s).""" +import logging from dataclasses import asdict -from flask import jsonify, Blueprint +from flask import request, jsonify, Blueprint, current_app as app -from gn_auth.auth.db.sqlite3 import with_db_connection +from gn_libs import sqlite3 as authdb +from gn_auth.auth.authorisation.roles.models import db_rows_to_roles from gn_auth.auth.authentication.oauth2.resource_server import require_oauth from .models import user_roles_on_system +logger = logging.getLogger(__name__) system = Blueprint("system", __name__) + @system.route("/roles") def system_roles(): """Get the roles that a user has that act on the system.""" - with require_oauth.acquire("profile group") as the_token: - roles = with_db_connection( - lambda conn: user_roles_on_system(conn, the_token.user)) - return jsonify(tuple(asdict(role) for role in roles)) + with (authdb.connection(app.config["AUTH_DB"]) as conn, + authdb.cursor(conn) as cursor): + if not bool(request.headers.get("Authorization", False)): + cursor.execute( + "SELECT r.*, p.* FROM roles AS r " + "INNER JOIN role_privileges AS rp ON r.role_id=rp.role_id " + "INNER JOIN privileges AS p ON rp.privilege_id=p.privilege_id " + "WHERE r.role_name='public-view'") + return jsonify(tuple( + asdict(role) for role in db_rows_to_roles(cursor.fetchall()))) + + with require_oauth.acquire("profile group") as the_token: + return jsonify(tuple( + asdict(role) for role in + user_roles_on_system(conn, the_token.user))) |