aboutsummaryrefslogtreecommitdiff
path: root/gn_auth
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2024-09-30 15:44:21 -0500
committerFrederick Muriuki Muriithi2024-09-30 15:44:21 -0500
commit5b7cbb34cf0f9a3d6be2fa4122cfaf58f23f3fa6 (patch)
tree9659ac4671b67f13bb0359927ee1c66dbb12c3ae /gn_auth
parent1c3bcf2716ab56ed128c093b17a4adfb857dac11 (diff)
downloadgn-auth-5b7cbb34cf0f9a3d6be2fa4122cfaf58f23f3fa6.tar.gz
Create a better named function, with less data in the args.
The new name serves better to reflect what the function does. We then pass only the data that the function needs to perform its operation rather than full objects with extra data — this has implications for security.
Diffstat (limited to 'gn_auth')
-rw-r--r--gn_auth/auth/authorisation/roles/models.py18
1 files changed, 14 insertions, 4 deletions
diff --git a/gn_auth/auth/authorisation/roles/models.py b/gn_auth/auth/authorisation/roles/models.py
index dc1dfdc..2729b3b 100644
--- a/gn_auth/auth/authorisation/roles/models.py
+++ b/gn_auth/auth/authorisation/roles/models.py
@@ -133,10 +133,10 @@ def user_roles(conn: db.DbConnection, user: User) -> Sequence[dict]:
return tuple()
-def user_resource_roles(
+def user_roles_on_resource(
conn: db.DbConnection,
- user: User,
- resource: Resource
+ user_id: UUID,
+ resource_id: UUID
) -> tuple[Role, ...]:
"""Retrieve all roles assigned to a user for a particular resource."""
with db.cursor(conn) as cursor:
@@ -147,12 +147,22 @@ def user_resource_roles(
"INNER JOIN role_privileges AS rp ON r.role_id=rp.role_id "
"INNER JOIN privileges AS p ON rp.privilege_id=p.privilege_id "
"WHERE ur.user_id=? AND ur.resource_id=?",
- (str(user.user_id), str(resource.resource_id)))
+ (str(user_id), str(resource_id)))
return db_rows_to_roles(cursor.fetchall())
return tuple()
+def user_resource_roles(
+ conn: db.DbConnection,
+ user: User,
+ resource: Resource
+) -> tuple[Role, ...]:
+ "Retrieve roles a user has on a particular resource."
+ # TODO: Temporary placeholder to prevent system from breaking.
+ return user_roles_on_resource(conn, user.user_id, resource.resource_id)
+
+
def user_role(conn: db.DbConnection, user: User, role_id: UUID) -> Either:
"""Retrieve a specific non-resource role assigned to the user."""
with db.cursor(conn) as cursor: