aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--gn_auth/auth/authorisation/privileges.py8
-rw-r--r--gn_auth/auth/authorisation/roles/models.py23
2 files changed, 31 insertions, 0 deletions
diff --git a/gn_auth/auth/authorisation/privileges.py b/gn_auth/auth/authorisation/privileges.py
index fabab65..a977db5 100644
--- a/gn_auth/auth/authorisation/privileges.py
+++ b/gn_auth/auth/authorisation/privileges.py
@@ -2,6 +2,8 @@
from dataclasses import dataclass
from typing import Iterable
+import sqlite3
+
from ..db import sqlite3 as db
from ..authentication.users import User
@@ -13,6 +15,12 @@ class Privilege:
privilege_description: str
+def db_row_to_privilege(row: sqlite3.Row) -> Privilege:
+ "Convert single db row into a privilege object."
+ return Privilege(privilege_id=row["privilege_id"],
+ privilege_description=row["privilege_description"])
+
+
def user_privileges(conn: db.DbConnection, user: User) -> Iterable[Privilege]:
"""Fetch the user's privileges from the database."""
with db.cursor(conn) as cursor:
diff --git a/gn_auth/auth/authorisation/roles/models.py b/gn_auth/auth/authorisation/roles/models.py
index 3ec3316..53c0378 100644
--- a/gn_auth/auth/authorisation/roles/models.py
+++ b/gn_auth/auth/authorisation/roles/models.py
@@ -31,6 +31,29 @@ def check_user_editable(role: Role):
raise AuthorisationError(
f"The role `{role.role_name}` is not user editable.")
+
+def db_rows_to_roles(rows) -> tuple[Role, ...]:
+ """Convert a bunch of db rows into a bunch of `Role` objects."""
+ def __resultset_to_roles__(roles, row):
+ """Convert SQLite3 resultset into `Role` objects"""
+ _role = roles.get(row["role_id"])
+ return {
+ **roles,
+ row["role_id"]: Role(
+ role_id=UUID(row["role_id"]),
+ role_name=row["role_name"],
+ user_editable=bool(row["user_editable"]),
+ privileges=(
+ (_role.privileges if bool(_role) else tuple()) +
+ (Privilege(
+ privilege_id=row["privilege_id"],
+ privilege_description=row[
+ "privilege_description"]),)))
+ }
+
+ return tuple(reduce(__resultset_to_roles__, rows, {}).values()
+ if bool(rows) else [])
+
@authorised_p(
privileges = ("group:role:create-role",),
error_description="Could not create role")