aboutsummaryrefslogtreecommitdiff
path: root/gn_auth/auth/authorisation
diff options
context:
space:
mode:
Diffstat (limited to 'gn_auth/auth/authorisation')
-rw-r--r--gn_auth/auth/authorisation/resources/models.py11
-rw-r--r--gn_auth/auth/authorisation/resources/views.py24
2 files changed, 34 insertions, 1 deletions
diff --git a/gn_auth/auth/authorisation/resources/models.py b/gn_auth/auth/authorisation/resources/models.py
index 8bd8c73..60d24ff 100644
--- a/gn_auth/auth/authorisation/resources/models.py
+++ b/gn_auth/auth/authorisation/resources/models.py
@@ -420,3 +420,14 @@ def user_roles_on_resources(conn: db.DbConnection,
with db.cursor(conn) as cursor:
cursor.execute(query, params)
return reduce(__organise__, cursor.fetchall(), {})
+
+
+def get_resource_id(conn: db.DbConnection, name: str) -> Optional[str]:
+ """Given a resource_name, return it's resource_id."""
+ with db.cursor(conn) as cursor:
+ cursor.execute(
+ "SELECT resource_id \
+FROM resources as r WHERE r.resource_name=?", (name, ))
+ if res := cursor.fetchone():
+ return res["resource_id"]
+ return None
diff --git a/gn_auth/auth/authorisation/resources/views.py b/gn_auth/auth/authorisation/resources/views.py
index 13d9bdf..8034110 100644
--- a/gn_auth/auth/authorisation/resources/views.py
+++ b/gn_auth/auth/authorisation/resources/views.py
@@ -23,7 +23,8 @@ from .models import (
Resource, resource_data, resource_by_id, public_resources,
resource_categories, assign_resource_user, link_data_to_resource,
unassign_resource_user, resource_category_by_id, user_roles_on_resources,
- unlink_data_from_resource, create_resource as _create_resource)
+ unlink_data_from_resource, create_resource as _create_resource,
+ get_resource_id)
from .groups.models import Group, resource_owner, group_role_by_id
resources = Blueprint("resources", __name__)
@@ -372,3 +373,24 @@ def resources_authorisation():
resp.status_code = 400
return resp
+
+
+@resources.route("/authorisation/<name>", methods=["GET"])
+def get_user_roles_on_resource(name) -> Response:
+ """Get user authorisation for a given resource given it's name"""
+ resid = with_db_connection(
+ lambda conn: get_resource_id(conn, name)
+ )
+ with require_oauth.acquire("profile resource") as _token:
+ _resources = with_db_connection(
+ lambda conn: user_roles_on_resources(
+ conn, _token.user, (resid,)
+ )
+ )
+ return jsonify({
+ name: {
+ "roles": tuple(
+ asdict(rol) for rol in
+ _resources.get(resid, {}).get("roles", tuple()))
+ }
+ })