aboutsummaryrefslogtreecommitdiff
path: root/gn_auth/auth
diff options
context:
space:
mode:
Diffstat (limited to 'gn_auth/auth')
-rw-r--r--gn_auth/auth/authorisation/resources/checks.py4
-rw-r--r--gn_auth/auth/authorisation/resources/groups/views.py8
-rw-r--r--gn_auth/auth/authorisation/resources/models.py2
-rw-r--r--gn_auth/auth/authorisation/roles/models.py5
4 files changed, 13 insertions, 6 deletions
diff --git a/gn_auth/auth/authorisation/resources/checks.py b/gn_auth/auth/authorisation/resources/checks.py
index 717e5e4..d8e3a9f 100644
--- a/gn_auth/auth/authorisation/resources/checks.py
+++ b/gn_auth/auth/authorisation/resources/checks.py
@@ -16,7 +16,9 @@ def __organise_privileges_by_resource_id__(rows):
}
return reduce(__organise__, rows, {})
-def authorised_for(conn: db.DbConnection, user: User, privileges: tuple[str],
+def authorised_for(conn: db.DbConnection,
+ user: User,
+ privileges: tuple[str, ...],
resource_ids: Sequence[UUID]) -> dict[UUID, bool]:
"""
Check whether `user` is authorised to access `resources` according to given
diff --git a/gn_auth/auth/authorisation/resources/groups/views.py b/gn_auth/auth/authorisation/resources/groups/views.py
index ba34040..96cfb67 100644
--- a/gn_auth/auth/authorisation/resources/groups/views.py
+++ b/gn_auth/auth/authorisation/resources/groups/views.py
@@ -324,8 +324,12 @@ def group_privileges():
group_level_roles = tuple(
Privilege(row["privilege_id"], row["privilege_description"])
for row in cursor.fetchall())
- return tuple(privilege for arole in this_user_roles
- for privilege in arole.privileges) + group_level_roles
+
+ ## the `user_roles(...)` function changed thus this entire function
+ ## needs to change or be obsoleted -- also remove the ignore below
+ return tuple(
+ privilege for arole in this_user_roles
+ for privilege in arole.privileges) + group_level_roles #type: ignore[attr-defined]
return jsonify(tuple(
dictify(priv) for priv in with_db_connection(__list_privileges__)))
diff --git a/gn_auth/auth/authorisation/resources/models.py b/gn_auth/auth/authorisation/resources/models.py
index bca2ff9..f4be978 100644
--- a/gn_auth/auth/authorisation/resources/models.py
+++ b/gn_auth/auth/authorisation/resources/models.py
@@ -188,7 +188,7 @@ def resource_data(conn, resource, offset: int = 0, limit: Optional[int] = None)
with db.cursor(conn) as cursor:
return tuple(
dict(data_row) for data_row in
- resource_data_function[
+ resource_data_function[# type: ignore[operator]
resource.resource_category.resource_category_key](
cursor, resource.resource_id, offset, limit))
diff --git a/gn_auth/auth/authorisation/roles/models.py b/gn_auth/auth/authorisation/roles/models.py
index 7d78eac..f6d6c41 100644
--- a/gn_auth/auth/authorisation/roles/models.py
+++ b/gn_auth/auth/authorisation/roles/models.py
@@ -105,7 +105,7 @@ def user_roles(conn: db.DbConnection, user: User) -> Sequence[dict]:
"WHERE ur.user_id=?",
(str(user.user_id),))
- return tuple({
+ return tuple({# type: ignore[var-annotated]
**row, "roles": tuple(row["roles"].values())
} for row in reduce(
__organise_privileges__, cursor.fetchall(), {}).values())
@@ -126,7 +126,8 @@ def user_role(conn: db.DbConnection, user: User, role_id: UUID) -> Either:
results = cursor.fetchall()
if results:
- res_role_obj = tuple(reduce(__organise_privileges__, results, {}).values())[0]
+ res_role_obj = tuple(# type: ignore[var-annotated]
+ reduce(__organise_privileges__, results, {}).values())[0]
resource_id = res_role_obj["resource_id"]
role = tuple(res_role_obj["roles"].values())[0]
return Right((role, resource_id))