about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--gn_auth/auth/authorisation/resources/models.py14
1 files changed, 4 insertions, 10 deletions
diff --git a/gn_auth/auth/authorisation/resources/models.py b/gn_auth/auth/authorisation/resources/models.py
index a4df363..b8eaacb 100644
--- a/gn_auth/auth/authorisation/resources/models.py
+++ b/gn_auth/auth/authorisation/resources/models.py
@@ -15,7 +15,7 @@ from gn_auth.auth.authorisation.checks import authorised_p
 from gn_auth.auth.errors import NotFoundError, AuthorisationError
 
 from .system.models import system_resource
-from .checks import authorised_for, authorised_for_spec
+from .checks import can_edit, authorised_for_spec
 from .base import Resource, ResourceCategory, resource_from_dbrow
 from .common import assign_resource_owner_role, grant_access_to_sysadmins
 from .groups.models import Group, is_group_leader
@@ -243,9 +243,7 @@ def link_data_to_resource(
         data_link_ids: tuple[UUID, ...]
 ) -> tuple[dict, ...]:
     """Link data to resource."""
-    if not authorised_for(
-            conn, user, ("group:resource:edit-resource",),
-            (resource_id,))[resource_id]:
+    if not can_edit(conn, user.user_id, resource_id):
         raise AuthorisationError(
             "You are not authorised to link data to resource with id "
             f"{resource_id}")
@@ -261,9 +259,7 @@ def link_data_to_resource(
 def unlink_data_from_resource(
         conn: db.DbConnection, user: User, resource_id: UUID, data_link_id: UUID):
     """Unlink data from resource."""
-    if not authorised_for(
-            conn, user, ("group:resource:edit-resource",),
-            (resource_id,))[resource_id]:
+    if not can_edit(conn, user.user_id, resource_id):
         raise AuthorisationError(
             "You are not authorised to link data to resource with id "
             f"{resource_id}")
@@ -359,9 +355,7 @@ def save_resource(
         conn: db.DbConnection, user: User, resource: Resource) -> Resource:
     """Update an existing resource."""
     resource_id = resource.resource_id
-    authorised = authorised_for(
-        conn, user, ("group:resource:edit-resource",), (resource_id,))
-    if authorised[resource_id]:
+    if can_edit(conn, user.user_id, resource_id):
         with db.cursor(conn) as cursor:
             cursor.execute(
                 "UPDATE resources SET "
generated by cgit-pink 1.4.1 (git 2.36.1) at 2026-03-27 06:08:57 +0000