diff options
Diffstat (limited to 'gn_auth/auth/authorisation/resources/models.py')
-rw-r--r-- | gn_auth/auth/authorisation/resources/models.py | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/gn_auth/auth/authorisation/resources/models.py b/gn_auth/auth/authorisation/resources/models.py index b5a6cd5..93a1aff 100644 --- a/gn_auth/auth/authorisation/resources/models.py +++ b/gn_auth/auth/authorisation/resources/models.py @@ -4,13 +4,13 @@ from uuid import UUID, uuid4 from functools import reduce, partial from typing import Dict, Sequence, Optional +from pymonad.maybe import Just, Maybe, Nothing + from ...db import sqlite3 as db from ...dictify import dictify from ...authentication.users import User from ...db.sqlite3 import with_db_connection -from .checks import authorised_for - from ..checks import authorised_p from ..errors import NotFoundError, AuthorisationError from ..groups.models import ( @@ -383,3 +383,20 @@ def save_resource( raise AuthorisationError( "You do not have the appropriate privileges to edit this resource.") + +def resource_group(conn: db.DbConnection, resource: Resource) -> Maybe[Group]: + """Return the group that owns the resource.""" + with db.cursor(conn) as cursor: + cursor.execute( + "SELECT g.* FROM resource_ownership AS ro " + "INNER JOIN groups AS g ON ro.group_id=g.group_id " + "WHERE ro.resource_id=?", + (str(resource.resource_id),)) + row = cursor.fetchone() + if row: + return Just(Group( + UUID(row["group_id"]), + row["group_name"], + json.loads(row["group_metadata"]))) + + return Nothing |