diff options
| -rw-r--r-- | gn_auth/auth/authorisation/resources/checks.py | 30 |
1 files changed, 0 insertions, 30 deletions
diff --git a/gn_auth/auth/authorisation/resources/checks.py b/gn_auth/auth/authorisation/resources/checks.py index 004c780..ca311ef 100644 --- a/gn_auth/auth/authorisation/resources/checks.py +++ b/gn_auth/auth/authorisation/resources/checks.py @@ -149,36 +149,6 @@ def can_delete( "(AND system:system-wide:data:delete)")) -def can_view( - conn: authdb.DbConnection, - user_id: uuid.UUID, - resource_id: uuid.UUID -) -> bool: - """Check whether user is allowed view a resource and/or its data.""" - with authdb.cursor(conn) as cursor: - cursor.execute("SELECT public FROM resources WHERE resource_id=?", - (str(resource_id),)) - row = cursor.fetchone() - is_public = bool(row) and bool(int(row["public"])) - - return ( - is_public# The resource is public, everyone can view! - or - authorised_for_spec( - # resource-level view access: user has view access to his resource. - conn, - user_id, - resource_id, - "(OR group:resource:view-resource system:resource:view)") - or - authorised_for_spec( - # system-wide view access: user can view any/all resource(s). - conn, - user_id, - system_resource(conn).resource_id, - "(OR system:system-wide:data:view system:resource:view)")) - - def can_edit( conn: authdb.DbConnection, user_id: uuid.UUID, |