diff options
Diffstat (limited to 'gn_auth/auth/authorisation')
| -rw-r--r-- | gn_auth/auth/authorisation/resources/groups/models.py | 13 | ||||
| -rw-r--r-- | gn_auth/auth/authorisation/resources/models.py | 15 |
2 files changed, 21 insertions, 7 deletions
diff --git a/gn_auth/auth/authorisation/resources/groups/models.py b/gn_auth/auth/authorisation/resources/groups/models.py index 5ec26c5..959389c 100644 --- a/gn_auth/auth/authorisation/resources/groups/models.py +++ b/gn_auth/auth/authorisation/resources/groups/models.py @@ -451,3 +451,16 @@ def resource_owner(conn: db.DbConnection, resource: Resource) -> Group: json.loads(row["group_metadata"])) raise MissingGroupError("Resource has no 'owning' group.") + +def add_resources_to_group(conn: db.DbConnection, + resources: tuple[Resource, ...], + group: Group): + """Link the resources to the admin group.""" + with db.cursor(conn) as cursor: + cursor.executemany( + "INSERT INTO resource_ownership VALUES(:group_id, :resource_id) " + "ON CONFLICT (group_id, resource_id) DO NOTHING", + tuple({ + "group_id": str(group.group_id), + "resource_id": str(rsc.resource_id) + } for rsc in resources)) diff --git a/gn_auth/auth/authorisation/resources/models.py b/gn_auth/auth/authorisation/resources/models.py index 15bb72f..d6e3a1d 100644 --- a/gn_auth/auth/authorisation/resources/models.py +++ b/gn_auth/auth/authorisation/resources/models.py @@ -54,13 +54,14 @@ def __assign_resource_owner_role__(cursor, resource, user, group): "role_id": role["role_id"]}) cursor.execute( - "INSERT INTO user_roles " - "VALUES (:user_id, :role_id, :resource_id)", - { - "user_id": str(user.user_id), - "role_id": role["role_id"], - "resource_id": str(resource.resource_id) - }) + "INSERT INTO user_roles " + "VALUES (:user_id, :role_id, :resource_id) " + "ON CONFLICT (user_id, role_id, resource_id) DO NOTHING", + { + "user_id": str(user.user_id), + "role_id": role["role_id"], + "resource_id": str(resource.resource_id) + }) @authorised_p(("group:resource:create-resource",), error_description="Insufficient privileges to create a resource", |