diff options
Diffstat (limited to 'gn_auth/auth')
| -rw-r--r-- | gn_auth/auth/authorisation/resources/groups/models.py | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/gn_auth/auth/authorisation/resources/groups/models.py b/gn_auth/auth/authorisation/resources/groups/models.py index a681e25..9daadf4 100644 --- a/gn_auth/auth/authorisation/resources/groups/models.py +++ b/gn_auth/auth/authorisation/resources/groups/models.py @@ -316,6 +316,25 @@ def add_user_to_group(cursor: db.DbCursor, the_group: Group, user: User): revoke_user_role_by_name(cursor, user, "group-creator") +def resource_from_group(conn: db.DbConnection, the_group: Group) -> Resource: + """Get the resource object that wraps the group for auth purposes.""" + with db.cursor(conn) as cursor: + cursor.execute( + "SELECT " + "resources.resource_id, resources.resource_name, " + "resources.public, resource_categories.* " + "FROM group_resources " + "INNER JOIN resources " + "ON group_resources.resource_id=resources.resource_id " + "INNER JOIN resource_categories " + "ON resources.resource_category_id=resource_categories.resource_category_id " + "WHERE group_resources.group_id=?", + (str(the_group.group_id),)) + results = db_rows_to_roles(cursor.fetchall()) + assert len(results) == 1, "Expected a single group resource." + return results[0] + + @authorised_p( privileges=("system:group:view-group",), error_description=( |