diff options
Diffstat (limited to 'gn_auth/auth/authorisation/resources')
-rw-r--r-- | gn_auth/auth/authorisation/resources/views.py | 48 |
1 files changed, 24 insertions, 24 deletions
diff --git a/gn_auth/auth/authorisation/resources/views.py b/gn_auth/auth/authorisation/resources/views.py index 38571f2..f0413e8 100644 --- a/gn_auth/auth/authorisation/resources/views.py +++ b/gn_auth/auth/authorisation/resources/views.py @@ -1,5 +1,5 @@ """The views/routes for the resources package""" -import uuid +from uuid import UUID, uuid4 import json import operator import sqlite3 @@ -55,7 +55,7 @@ def create_resource() -> Response: with require_oauth.acquire("profile group resource") as the_token: form = request.form resource_name = form.get("resource_name") - resource_category_id = uuid.UUID(form.get("resource_category")) + resource_category_id = UUID(form.get("resource_category")) db_uri = app.config["AUTH_DB"] with db.connection(db_uri) as conn: try: @@ -77,7 +77,7 @@ def create_resource() -> Response: @resources.route("/view/<uuid:resource_id>") @require_oauth("profile group resource") -def view_resource(resource_id: uuid.UUID) -> Response: +def view_resource(resource_id: UUID) -> Response: """View a particular resource's details.""" with require_oauth.acquire("profile group resource") as the_token: db_uri = app.config["AUTH_DB"] @@ -107,7 +107,7 @@ def __safe_get_requests_count__(key: str = "count_per_page") -> int: @resources.route("/view/<uuid:resource_id>/data") @require_oauth("profile group resource") -def view_resource_data(resource_id: uuid.UUID) -> Response: +def view_resource_data(resource_id: UUID) -> Response: """Retrieve a particular resource's data.""" with require_oauth.acquire("profile group resource") as the_token: db_uri = app.config["AUTH_DB"] @@ -136,8 +136,8 @@ def link_data(): with require_oauth.acquire("profile group resource") as the_token: def __link__(conn: db.DbConnection): return link_data_to_resource( - conn, the_token.user, uuid.UUID(form["resource_id"]), - form["dataset_type"], uuid.UUID(form["data_link_id"])) + conn, the_token.user, UUID(form["resource_id"]), + form["dataset_type"], UUID(form["data_link_id"])) return jsonify(with_db_connection(__link__)) except AssertionError as aserr: @@ -157,15 +157,15 @@ def unlink_data(): with require_oauth.acquire("profile group resource") as the_token: def __unlink__(conn: db.DbConnection): return unlink_data_from_resource( - conn, the_token.user, uuid.UUID(form["resource_id"]), - uuid.UUID(form["data_link_id"])) + conn, the_token.user, UUID(form["resource_id"]), + UUID(form["data_link_id"])) return jsonify(with_db_connection(__unlink__)) except AssertionError as aserr: raise InvalidData(aserr.args[0]) from aserr @resources.route("<uuid:resource_id>/user/list", methods=["GET"]) @require_oauth("profile group resource") -def resource_users(resource_id: uuid.UUID): +def resource_users(resource_id: UUID): """Retrieve all users with access to the given resource.""" with require_oauth.acquire("profile group resource") as the_token: def __the_users__(conn: db.DbConnection): @@ -176,18 +176,18 @@ def resource_users(resource_id: uuid.UUID): if authorised.get(resource_id, False): with db.cursor(conn) as cursor: def __organise_users_n_roles__(users_n_roles, row): - user_id = uuid.UUID(row["user_id"]) + user_id = UUID(row["user_id"]) user = users_n_roles.get(user_id, {}).get( "user", User.from_sqlite3_row(row)) role = Role( - uuid.UUID(row["role_id"]), row["role_name"], + UUID(row["role_id"]), row["role_name"], bool(int(row["user_editable"])), tuple()) return { **users_n_roles, user_id: { "user": user, "user_group": Group( - uuid.UUID(row["group_id"]), row["group_name"], + UUID(row["group_id"]), row["group_name"], json.loads(row["group_metadata"])), "roles": users_n_roles.get( user_id, {}).get("roles", tuple()) + (role,) @@ -218,7 +218,7 @@ def resource_users(resource_id: uuid.UUID): @resources.route("<uuid:resource_id>/user/assign", methods=["POST"]) @require_oauth("profile group resource role") -def assign_role_to_user(resource_id: uuid.UUID) -> Response: +def assign_role_to_user(resource_id: UUID) -> Response: """Assign a role on the specified resource to a user.""" with require_oauth.acquire("profile group resource role") as the_token: try: @@ -235,7 +235,7 @@ def assign_role_to_user(resource_id: uuid.UUID) -> Response: conn, resource, user, group_role_by_id(conn, resource_owner(conn, resource), - uuid.UUID(group_role_id))) + UUID(group_role_id))) except AssertionError as aserr: raise AuthorisationError(aserr.args[0]) from aserr @@ -243,7 +243,7 @@ def assign_role_to_user(resource_id: uuid.UUID) -> Response: @resources.route("<uuid:resource_id>/user/unassign", methods=["POST"]) @require_oauth("profile group resource role") -def unassign_role_to_user(resource_id: uuid.UUID) -> Response: +def unassign_role_to_user(resource_id: UUID) -> Response: """Unassign a role on the specified resource from a user.""" with require_oauth.acquire("profile group resource role") as the_token: try: @@ -256,10 +256,10 @@ def unassign_role_to_user(resource_id: uuid.UUID) -> Response: def __assign__(conn: db.DbConnection) -> dict: resource = resource_by_id(conn, the_token.user, resource_id) return unassign_resource_user( - conn, resource, user_by_id(conn, uuid.UUID(user_id)), + conn, resource, user_by_id(conn, UUID(user_id)), group_role_by_id(conn, resource_owner(conn, resource), - uuid.UUID(group_role_id))) + UUID(group_role_id))) except AssertionError as aserr: raise AuthorisationError(aserr.args[0]) from aserr @@ -315,7 +315,7 @@ def __assign_revoke_public_view__(cursor, user_id, resource_id, public): @resources.route("<uuid:resource_id>/toggle-public", methods=["POST"]) @require_oauth("profile group resource role") -def toggle_public(resource_id: uuid.UUID) -> Response: +def toggle_public(resource_id: UUID) -> Response: """Make a resource public if it is private, or private if public.""" with require_oauth.acquire("profile group resource") as the_token: def __toggle__(conn: db.DbConnection) -> Resource: @@ -348,7 +348,7 @@ def toggle_public(resource_id: uuid.UUID) -> Response: @resources.route("<uuid:resource_id>/roles", methods=["GET"]) @require_oauth("profile group resource role") -def resource_roles(resource_id: uuid.UUID) -> Response: +def resource_roles(resource_id: UUID) -> Response: """Return the roles the user has to act on a given resource.""" with require_oauth.acquire("profile group resource role") as _token: @@ -376,7 +376,7 @@ def resources_authorisation(): try: data = request.json assert (data and "resource-ids" in data) - resource_ids = tuple(uuid.UUID(resid) for resid in data["resource-ids"]) + resource_ids = tuple(UUID(resid) for resid in data["resource-ids"]) pubres = tuple( res.resource_id for res in with_db_connection(public_resources) if res.resource_id in resource_ids) @@ -432,7 +432,7 @@ def get_user_roles_on_resource(name) -> Response: _extract_privilege_id(role.privileges) for role in resources_.get( - uuid.UUID(resid), {} + UUID(resid), {} ).get("roles", tuple())), []) response = make_response({ # Flatten this list @@ -452,7 +452,7 @@ def get_user_roles_on_resource(name) -> Response: "sub": name, # Subject Claim "aud": f"Edit {name}", # Audience Claim "exp": iat + 300, # Expiration Time Claim - "jti": str(uuid.uuid4()), # Unique Identifier for this token + "jti": str(uuid4()), # Unique Identifier for this token # Private Claims "account-name": _token.user.name, "email": _token.user.email, @@ -465,7 +465,7 @@ def get_user_roles_on_resource(name) -> Response: @resources.route("/<uuid:resource_id>/role/<uuid:role_id>", methods=["GET"]) @require_oauth("profile group resource") -def resource_role(resource_id: uuid.UUID, role_id: uuid.UUID): +def resource_role(resource_id: UUID, role_id: UUID): """Fetch details for resource.""" with (require_oauth.acquire("profile group resource") as _token, db.connection(app.config["AUTH_DB"]) as conn, @@ -504,7 +504,7 @@ def resource_role(resource_id: uuid.UUID, role_id: uuid.UUID): @resources.route("/<uuid:resource_id>/role/<uuid:role_id>/unassign-privilege", methods=["POST"]) @require_oauth("profile group resource") -def unassign_resource_role_privilege(resource_id: uuid.UUID, role_id: uuid.UUID): +def unassign_resource_role_privilege(resource_id: UUID, role_id: UUID): """Unassign a privilege from a resource role.""" with (require_oauth.acquire("profile group resource") as _token, db.connection(app.config["AUTH_DB"]) as conn, |