aboutsummaryrefslogtreecommitdiff
path: root/gn_auth/auth/authorisation
diff options
context:
space:
mode:
Diffstat (limited to 'gn_auth/auth/authorisation')
-rw-r--r--gn_auth/auth/authorisation/data/views.py50
-rw-r--r--gn_auth/auth/authorisation/resources/models.py19
2 files changed, 69 insertions, 0 deletions
diff --git a/gn_auth/auth/authorisation/data/views.py b/gn_auth/auth/authorisation/data/views.py
index 05257a7..e5c8fd6 100644
--- a/gn_auth/auth/authorisation/data/views.py
+++ b/gn_auth/auth/authorisation/data/views.py
@@ -334,3 +334,53 @@ def link_phenotype() -> Response:
return jsonify(with_db_connection(
partial(__link__, **__values__(request.json))))
+
+
+@data.route("/metadata/authorisation", methods=["POST"])
+@require_json
+def metadata_resources() -> Response:
+ """Retrieve the authorisation level for given metadata resources"""
+ db_uri, privileges = app.config["AUTH_DB"], {}
+ user = User(uuid.uuid4(), "anon@ymous.user", "Anonymous User")
+ with db.connection(db_uri) as auth_conn:
+ with require_oauth.acquire("profile group resource") as token:
+ resources = attach_resources_data(
+ auth_conn, user_resources(auth_conn, token.user)
+ )
+ roles = user_resource_roles(
+ auth_conn, token.user
+ )
+ privileges = {
+ resource_id: tuple(
+ privilege.privilege_id
+ for role in roles[resource_id]
+ for privilege in role.privileges)
+ for resource_id, is_authorised
+ in authorised_for(
+ auth_conn, token.user,
+ ("group:resource:view-resource",),
+ tuple(
+ resource.resource_id for resource
+ in resources
+ )
+ ).items()
+ if is_authorised
+ } | {
+ resource.resource_id: ("system:resource:public-read",)
+ for resource in resources if resource.public
+ }
+ resource_map = {
+ resource.resource_category.resource_category_key.lower():
+ resource.resource_id
+ for resource in resources
+ for item in resource.resource_data
+ }
+ return jsonify(
+ {
+ "user": user._asdict(),
+ "resource_id": resource_map.get(
+ request.json.get("name") #type: ignore[union-attr]
+ ),
+ "privileges": privileges,
+ }
+ )
diff --git a/gn_auth/auth/authorisation/resources/models.py b/gn_auth/auth/authorisation/resources/models.py
index d6e3a1d..3693ad1 100644
--- a/gn_auth/auth/authorisation/resources/models.py
+++ b/gn_auth/auth/authorisation/resources/models.py
@@ -1,6 +1,7 @@
"""Handle the management of resources."""
from uuid import UUID, uuid4
from functools import reduce, partial
+from sqlite3 import Row
from typing import Dict, Sequence, Optional
from gn_auth.auth.db import sqlite3 as db
@@ -35,6 +36,22 @@ from .phenotype import (
from .errors import MissingGroupError
+
+def __metadata_resource_data__(
+ cursor: db.DbCursor,
+ resource_id: UUID,
+ offset: int = 0,
+ limit: Optional[int] = None
+) -> Sequence[Row]:
+ """Fetch metadata resources"""
+ cursor.execute(
+ (
+ ("SELECT * FROM metadata_resources as mt \
+WHERE mt.resource_id=?")
+ + (f" LIMIT {limit} OFFSET {offset}" if bool(limit) else "")),
+ (str(resource_id),))
+ return cursor.fetchall()
+
def __assign_resource_owner_role__(cursor, resource, user, group):
"""Assign `user` the 'Resource Owner' role for `resource`."""
cursor.execute(
@@ -185,6 +202,7 @@ def resource_data(conn, resource, offset: int = 0, limit: Optional[int] = None)
"mrna": mrna_resource_data,
"genotype": genotype_resource_data,
"phenotype": phenotype_resource_data,
+ "metadata": __metadata_resource_data__,
"system": lambda *args: tuple(),
"group": lambda *args: tuple()
}
@@ -291,6 +309,7 @@ def attach_resources_data(
"mrna": mrna_attach_resources_data,
"genotype": genotype_attach_resources_data,
"phenotype": phenotype_attach_resources_data,
+ "metadata": lambda *args: [],
"system": lambda *args: [],
"group": lambda *args: [],
"inbredset-group": lambda *args: []