aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--gn_auth/auth/authorisation/users/admin/models.py23
-rw-r--r--scripts/register_sys_admin.py34
2 files changed, 28 insertions, 29 deletions
diff --git a/gn_auth/auth/authorisation/users/admin/models.py b/gn_auth/auth/authorisation/users/admin/models.py
new file mode 100644
index 0000000..36f3c09
--- /dev/null
+++ b/gn_auth/auth/authorisation/users/admin/models.py
@@ -0,0 +1,23 @@
+"""Major function for handling admin users."""
+from gn_auth.auth.db import sqlite3 as db
+from gn_auth.auth.authentication.users import User
+
+def make_sys_admin(cursor: db.DbCursor, user: User) -> User:
+ """Make a given user into an system admin."""
+ cursor.execute(
+ "SELECT * FROM roles WHERE role_name='system-administrator'")
+ admin_role = cursor.fetchone()
+ cursor.execute(
+ "SELECT * FROM resources AS r "
+ "INNER JOIN resource_categories AS rc "
+ "ON r.resource_category_id=rc.resource_category_id "
+ "WHERE resource_category_key='system'")
+ the_system = cursor.fetchone()
+ cursor.execute(
+ "INSERT INTO user_roles VALUES (:user_id, :role_id, :resource_id)",
+ {
+ "user_id": str(user.user_id),
+ "role_id": admin_role["role_id"],
+ "resource_id": the_system["resource_id"]
+ })
+ return user
diff --git a/scripts/register_sys_admin.py b/scripts/register_sys_admin.py
index 78a0b33..dfd4d59 100644
--- a/scripts/register_sys_admin.py
+++ b/scripts/register_sys_admin.py
@@ -1,6 +1,5 @@
"""Script to register and mark a user account as sysadmin."""
import sys
-import uuid
import getpass
from pathlib import Path
@@ -8,7 +7,8 @@ import click
from email_validator import validate_email, EmailNotValidError
from gn_auth.auth.db import sqlite3 as db
-from gn_auth.auth.authentication.users import hash_password
+from gn_auth.auth.authorisation.users.admin.models import make_sys_admin
+from gn_auth.auth.authentication.users import save_user, set_user_password
def fetch_email() -> str:
"""Prompt user for email."""
@@ -46,34 +46,10 @@ def fetch_name() -> str:
def save_admin(conn: db.DbConnection, name: str, email: str, passwd: str):
"""Save the details to the database and assign the new user as admin."""
- admin_id = uuid.uuid4()
- admin = {
- "user_id": str(admin_id),
- "email": email,
- "name": name,
- "hash": hash_password(passwd)
- }
with db.cursor(conn) as cursor:
- cursor.execute("INSERT INTO users VALUES (:user_id, :email, :name)",
- admin)
- cursor.execute("INSERT INTO user_credentials VALUES (:user_id, :hash)",
- admin)
- cursor.execute(
- "SELECT * FROM roles WHERE role_name='system-administrator'")
- admin_role = cursor.fetchone()
- cursor.execute(
- "SELECT * FROM resources AS r "
- "INNER JOIN resource_categories AS rc "
- "ON r.resource_category_id=rc.resource_category_id "
- "WHERE resource_category_key='system'")
- the_system = cursor.fetchall()
- cursor.execute(
- "INSERT INTO user_roles VALUES (:user_id, :role_id, :resource_id)",
- {
- **admin,
- "role_id": admin_role["role_id"],
- "resource_id": the_system["resource_id"]
- })
+ usr, _hpasswd = set_user_password(
+ cursor, save_user(cursor, email, name), passwd)
+ make_sys_admin(cursor, usr)
return 0
def register_admin(authdbpath: Path):