diff options
Diffstat (limited to 'gn_auth/auth/authorisation')
-rw-r--r-- | gn_auth/auth/authorisation/data/views.py | 50 | ||||
-rw-r--r-- | gn_auth/auth/authorisation/resources/models.py | 19 |
2 files changed, 69 insertions, 0 deletions
diff --git a/gn_auth/auth/authorisation/data/views.py b/gn_auth/auth/authorisation/data/views.py index 05257a7..e5c8fd6 100644 --- a/gn_auth/auth/authorisation/data/views.py +++ b/gn_auth/auth/authorisation/data/views.py @@ -334,3 +334,53 @@ def link_phenotype() -> Response: return jsonify(with_db_connection( partial(__link__, **__values__(request.json)))) + + +@data.route("/metadata/authorisation", methods=["POST"]) +@require_json +def metadata_resources() -> Response: + """Retrieve the authorisation level for given metadata resources""" + db_uri, privileges = app.config["AUTH_DB"], {} + user = User(uuid.uuid4(), "anon@ymous.user", "Anonymous User") + with db.connection(db_uri) as auth_conn: + with require_oauth.acquire("profile group resource") as token: + resources = attach_resources_data( + auth_conn, user_resources(auth_conn, token.user) + ) + roles = user_resource_roles( + auth_conn, token.user + ) + privileges = { + resource_id: tuple( + privilege.privilege_id + for role in roles[resource_id] + for privilege in role.privileges) + for resource_id, is_authorised + in authorised_for( + auth_conn, token.user, + ("group:resource:view-resource",), + tuple( + resource.resource_id for resource + in resources + ) + ).items() + if is_authorised + } | { + resource.resource_id: ("system:resource:public-read",) + for resource in resources if resource.public + } + resource_map = { + resource.resource_category.resource_category_key.lower(): + resource.resource_id + for resource in resources + for item in resource.resource_data + } + return jsonify( + { + "user": user._asdict(), + "resource_id": resource_map.get( + request.json.get("name") #type: ignore[union-attr] + ), + "privileges": privileges, + } + ) diff --git a/gn_auth/auth/authorisation/resources/models.py b/gn_auth/auth/authorisation/resources/models.py index d6e3a1d..3693ad1 100644 --- a/gn_auth/auth/authorisation/resources/models.py +++ b/gn_auth/auth/authorisation/resources/models.py @@ -1,6 +1,7 @@ """Handle the management of resources.""" from uuid import UUID, uuid4 from functools import reduce, partial +from sqlite3 import Row from typing import Dict, Sequence, Optional from gn_auth.auth.db import sqlite3 as db @@ -35,6 +36,22 @@ from .phenotype import ( from .errors import MissingGroupError + +def __metadata_resource_data__( + cursor: db.DbCursor, + resource_id: UUID, + offset: int = 0, + limit: Optional[int] = None +) -> Sequence[Row]: + """Fetch metadata resources""" + cursor.execute( + ( + ("SELECT * FROM metadata_resources as mt \ +WHERE mt.resource_id=?") + + (f" LIMIT {limit} OFFSET {offset}" if bool(limit) else "")), + (str(resource_id),)) + return cursor.fetchall() + def __assign_resource_owner_role__(cursor, resource, user, group): """Assign `user` the 'Resource Owner' role for `resource`.""" cursor.execute( @@ -185,6 +202,7 @@ def resource_data(conn, resource, offset: int = 0, limit: Optional[int] = None) "mrna": mrna_resource_data, "genotype": genotype_resource_data, "phenotype": phenotype_resource_data, + "metadata": __metadata_resource_data__, "system": lambda *args: tuple(), "group": lambda *args: tuple() } @@ -291,6 +309,7 @@ def attach_resources_data( "mrna": mrna_attach_resources_data, "genotype": genotype_attach_resources_data, "phenotype": phenotype_attach_resources_data, + "metadata": lambda *args: [], "system": lambda *args: [], "group": lambda *args: [], "inbredset-group": lambda *args: [] |