diff options
Diffstat (limited to 'gn_auth/auth')
-rw-r--r-- | gn_auth/auth/authorisation/resources/checks.py | 4 | ||||
-rw-r--r-- | gn_auth/auth/authorisation/resources/groups/views.py | 8 | ||||
-rw-r--r-- | gn_auth/auth/authorisation/resources/models.py | 2 | ||||
-rw-r--r-- | gn_auth/auth/authorisation/roles/models.py | 5 |
4 files changed, 13 insertions, 6 deletions
diff --git a/gn_auth/auth/authorisation/resources/checks.py b/gn_auth/auth/authorisation/resources/checks.py index 717e5e4..d8e3a9f 100644 --- a/gn_auth/auth/authorisation/resources/checks.py +++ b/gn_auth/auth/authorisation/resources/checks.py @@ -16,7 +16,9 @@ def __organise_privileges_by_resource_id__(rows): } return reduce(__organise__, rows, {}) -def authorised_for(conn: db.DbConnection, user: User, privileges: tuple[str], +def authorised_for(conn: db.DbConnection, + user: User, + privileges: tuple[str, ...], resource_ids: Sequence[UUID]) -> dict[UUID, bool]: """ Check whether `user` is authorised to access `resources` according to given diff --git a/gn_auth/auth/authorisation/resources/groups/views.py b/gn_auth/auth/authorisation/resources/groups/views.py index ba34040..96cfb67 100644 --- a/gn_auth/auth/authorisation/resources/groups/views.py +++ b/gn_auth/auth/authorisation/resources/groups/views.py @@ -324,8 +324,12 @@ def group_privileges(): group_level_roles = tuple( Privilege(row["privilege_id"], row["privilege_description"]) for row in cursor.fetchall()) - return tuple(privilege for arole in this_user_roles - for privilege in arole.privileges) + group_level_roles + + ## the `user_roles(...)` function changed thus this entire function + ## needs to change or be obsoleted -- also remove the ignore below + return tuple( + privilege for arole in this_user_roles + for privilege in arole.privileges) + group_level_roles #type: ignore[attr-defined] return jsonify(tuple( dictify(priv) for priv in with_db_connection(__list_privileges__))) diff --git a/gn_auth/auth/authorisation/resources/models.py b/gn_auth/auth/authorisation/resources/models.py index bca2ff9..f4be978 100644 --- a/gn_auth/auth/authorisation/resources/models.py +++ b/gn_auth/auth/authorisation/resources/models.py @@ -188,7 +188,7 @@ def resource_data(conn, resource, offset: int = 0, limit: Optional[int] = None) with db.cursor(conn) as cursor: return tuple( dict(data_row) for data_row in - resource_data_function[ + resource_data_function[# type: ignore[operator] resource.resource_category.resource_category_key]( cursor, resource.resource_id, offset, limit)) diff --git a/gn_auth/auth/authorisation/roles/models.py b/gn_auth/auth/authorisation/roles/models.py index 7d78eac..f6d6c41 100644 --- a/gn_auth/auth/authorisation/roles/models.py +++ b/gn_auth/auth/authorisation/roles/models.py @@ -105,7 +105,7 @@ def user_roles(conn: db.DbConnection, user: User) -> Sequence[dict]: "WHERE ur.user_id=?", (str(user.user_id),)) - return tuple({ + return tuple({# type: ignore[var-annotated] **row, "roles": tuple(row["roles"].values()) } for row in reduce( __organise_privileges__, cursor.fetchall(), {}).values()) @@ -126,7 +126,8 @@ def user_role(conn: db.DbConnection, user: User, role_id: UUID) -> Either: results = cursor.fetchall() if results: - res_role_obj = tuple(reduce(__organise_privileges__, results, {}).values())[0] + res_role_obj = tuple(# type: ignore[var-annotated] + reduce(__organise_privileges__, results, {}).values())[0] resource_id = res_role_obj["resource_id"] role = tuple(res_role_obj["roles"].values())[0] return Right((role, resource_id)) |