5 files changed, 17 insertions, 9 deletions

diff --git a/gn_auth/auth/authorisation/resources/checks.py b/gn_auth/auth/authorisation/resources/checks.py
index ca45a20..5484dbf 100644
--- a/gn_auth/auth/authorisation/resources/checks.py
+++ b/gn_auth/auth/authorisation/resources/checks.py
@@ -71,7 +71,7 @@ def authorised_for2(
             "INNER JOIN role_privileges ON roles.role_id=role_privileges.role_id "
             "INNER JOIN privileges "
             "ON role_privileges.privilege_id=privileges.privilege_id "
-            f"WHERE resources.resource_id=? "
+            "WHERE resources.resource_id=? "
             "AND user_roles.user_id=?")
         cursor.execute(
             _query,
diff --git a/gn_auth/auth/authorisation/resources/groups/models.py b/gn_auth/auth/authorisation/resources/groups/models.py
index 29dcc89..2df5f04 100644
--- a/gn_auth/auth/authorisation/resources/groups/models.py
+++ b/gn_auth/auth/authorisation/resources/groups/models.py
@@ -122,7 +122,7 @@ def create_group(
             cursor, group_name, (
                 {"group_description": group_description}
                 if group_description else {}))
-        group_resource = {
+        _group_resource = {
             "group_id": str(new_group.group_id),
             "resource_id": str(uuid4()),
             "resource_name": group_name,
@@ -135,17 +135,17 @@ def create_group(
         cursor.execute(
             "INSERT INTO resources VALUES "
             "(:resource_id, :resource_name, :resource_category_id, :public)",
-            group_resource)
+            _group_resource)
         cursor.execute(
             "INSERT INTO group_resources(resource_id, group_id) "
             "VALUES(:resource_id, :group_id)",
-            group_resource)
+            _group_resource)
         add_user_to_group(cursor, new_group, group_leader)
         revoke_user_role_by_name(cursor, group_leader, "group-creator")
         assign_user_role_by_name(
             cursor,
             group_leader,
-            UUID(str(group_resource["resource_id"])),
+            UUID(str(_group_resource["resource_id"])),
             "group-leader")
         return new_group
 
@@ -523,7 +523,7 @@ def admin_group(conn: db.DbConnection) -> Either:
             cursor.fetchone())
 
 
-def group_resource(conn: db.DbConnection, group_id: UUID) -> Group:
+def group_resource(conn: db.DbConnection, group_id: UUID) -> Resource:
     """Retrieve the system resource."""
     with db.cursor(conn) as cursor:
         cursor.execute(
diff --git a/gn_auth/auth/authorisation/resources/groups/views.py b/gn_auth/auth/authorisation/resources/groups/views.py
index 368284f..746e23c 100644
--- a/gn_auth/auth/authorisation/resources/groups/views.py
+++ b/gn_auth/auth/authorisation/resources/groups/views.py
@@ -235,7 +235,7 @@ def unlinked_data(resource_type: str) -> Response:
     if resource_type in ("system", "group"):
         return jsonify(tuple())
 
-    if resource_type not in ("all", "mrna", "genotype", "phenotype"):
+    if resource_type not in ("all", "mrna", "genotype", "phenotype", "inbredset-group"):
         raise AuthorisationError(f"Invalid resource type {resource_type}")
 
     with require_oauth.acquire("profile group resource") as the_token:
@@ -253,7 +253,8 @@ def unlinked_data(resource_type: str) -> Response:
                 "genotype": unlinked_genotype_data,
                 "phenotype": lambda conn, grp: partial(
                     unlinked_phenotype_data, gn3conn=gn3conn)(
-                        authconn=conn, group=grp)
+                        authconn=conn, group=grp),
+                "inbredset-group": lambda authconn, ugroup: [] # Still need to implement this
             }
             return jsonify(tuple(
                 dict(row) for row in unlinked_fns[resource_type](
diff --git a/tests/unit/auth/test_privileges.py b/tests/unit/auth/test_privileges.py
index 619ccc1..9b2ea04 100644
--- a/tests/unit/auth/test_privileges.py
+++ b/tests/unit/auth/test_privileges.py
@@ -24,7 +24,10 @@ PRIVILEGES = sorted(
      Privilege("group:resource:view-resource",
                "view a resource and use it in computations"),
      Privilege("group:resource:edit-resource", "edit/update a resource"),
-     Privilege("group:resource:delete-resource", "Delete a resource")),
+     Privilege("group:resource:delete-resource", "Delete a resource"),
+
+     Privilege("group:data:link-to-group",
+               "Allow linking data to only one specific group.")),
     key=sort_key_privileges)
 
 @pytest.mark.unit_test
diff --git a/tests/unit/auth/test_roles.py b/tests/unit/auth/test_roles.py
index c364549..43d84e4 100644
--- a/tests/unit/auth/test_roles.py
+++ b/tests/unit/auth/test_roles.py
@@ -115,6 +115,10 @@ def test_create_role_raises_exception_for_unauthorised_users(# pylint: disable=[
                 user_editable=False,
                 privileges=(
                     Privilege(
+                        "group:data:link-to-group",
+                        "Allow linking data to only one specific group."),
+
+                    Privilege(
                         privilege_id="group:resource:create-resource",
                         privilege_description="Create a resource object"),
                     Privilege(