diff options
Diffstat (limited to 'gn_auth/auth/authorisation/resources/system')
| -rw-r--r-- | gn_auth/auth/authorisation/resources/system/models.py | 32 | ||||
| -rw-r--r-- | gn_auth/auth/authorisation/resources/system/views.py | 27 |
2 files changed, 51 insertions, 8 deletions
diff --git a/gn_auth/auth/authorisation/resources/system/models.py b/gn_auth/auth/authorisation/resources/system/models.py index 7c176aa..25089fa 100644 --- a/gn_auth/auth/authorisation/resources/system/models.py +++ b/gn_auth/auth/authorisation/resources/system/models.py @@ -1,14 +1,19 @@ """Base functions and utilities for system resources.""" from uuid import UUID from functools import reduce -from typing import Sequence +from typing import Union, Sequence -from gn_auth.auth.db import sqlite3 as db +from gn_libs import sqlite3 as db + +from gn_auth.auth.errors import NotFoundError from gn_auth.auth.authentication.users import User from gn_auth.auth.authorisation.roles import Role from gn_auth.auth.authorisation.privileges import Privilege +from gn_auth.auth.authorisation.resources.base import ( + Resource, + resource_from_dbrow) def __organise_privileges__(acc, row): role_id = UUID(row["role_id"]) @@ -24,6 +29,7 @@ def __organise_privileges__(acc, row): (Privilege(row["privilege_id"], row["privilege_description"]),))) } + def user_roles_on_system(conn: db.DbConnection, user: User) -> Sequence[Role]: """ Retrieve all roles assigned to the `user` that act on `system` resources. @@ -45,3 +51,25 @@ def user_roles_on_system(conn: db.DbConnection, user: User) -> Sequence[Role]: return tuple(reduce( __organise_privileges__, cursor.fetchall(), {}).values()) return tuple() + + +def system_resource(conn: Union[db.DbConnection, db.DbCursor]) -> Resource: + """Retrieve the system resource.""" + def __fetch_sys_resource__(cursor: db.DbCursor) -> Resource: + cursor.execute( + "SELECT resource_categories.*, resources.resource_id, " + "resources.resource_name, resources.public " + "FROM resource_categories INNER JOIN resources " + "ON resource_categories.resource_category_id=resources.resource_category_id " + "WHERE resource_categories.resource_category_key='system'") + row = cursor.fetchone() + if row: + return resource_from_dbrow(row) + + raise NotFoundError("Could not find a system resource!") + + if hasattr(conn, "cursor"): # is connection + with db.cursor(conn) as cursor: + return __fetch_sys_resource__(cursor) + else: + return __fetch_sys_resource__(conn) diff --git a/gn_auth/auth/authorisation/resources/system/views.py b/gn_auth/auth/authorisation/resources/system/views.py index b0d40c2..d7a57a9 100644 --- a/gn_auth/auth/authorisation/resources/system/views.py +++ b/gn_auth/auth/authorisation/resources/system/views.py @@ -1,19 +1,34 @@ """Views relating to `System` resource(s).""" +import logging from dataclasses import asdict -from flask import jsonify, Blueprint +from flask import request, jsonify, Blueprint, current_app as app -from gn_auth.auth.db.sqlite3 import with_db_connection +from gn_libs import sqlite3 as authdb +from gn_auth.auth.authorisation.roles.models import db_rows_to_roles from gn_auth.auth.authentication.oauth2.resource_server import require_oauth from .models import user_roles_on_system +logger = logging.getLogger(__name__) system = Blueprint("system", __name__) + @system.route("/roles") def system_roles(): """Get the roles that a user has that act on the system.""" - with require_oauth.acquire("profile group") as the_token: - roles = with_db_connection( - lambda conn: user_roles_on_system(conn, the_token.user)) - return jsonify(tuple(asdict(role) for role in roles)) + with (authdb.connection(app.config["AUTH_DB"]) as conn, + authdb.cursor(conn) as cursor): + if not bool(request.headers.get("Authorization", False)): + cursor.execute( + "SELECT r.*, p.* FROM roles AS r " + "INNER JOIN role_privileges AS rp ON r.role_id=rp.role_id " + "INNER JOIN privileges AS p ON rp.privilege_id=p.privilege_id " + "WHERE r.role_name='public-view'") + return jsonify(tuple( + asdict(role) for role in db_rows_to_roles(cursor.fetchall()))) + + with require_oauth.acquire("profile group") as the_token: + return jsonify(tuple( + asdict(role) for role in + user_roles_on_system(conn, the_token.user))) |