aboutsummaryrefslogtreecommitdiff
path: root/gn_auth/auth
diff options
context:
space:
mode:
Diffstat (limited to 'gn_auth/auth')
-rw-r--r--gn_auth/auth/authorisation/resources/common.py24
-rw-r--r--gn_auth/auth/authorisation/resources/models.py18
2 files changed, 26 insertions, 16 deletions
diff --git a/gn_auth/auth/authorisation/resources/common.py b/gn_auth/auth/authorisation/resources/common.py
new file mode 100644
index 0000000..5d2b72b
--- /dev/null
+++ b/gn_auth/auth/authorisation/resources/common.py
@@ -0,0 +1,24 @@
+"""Utilities common to more than one resource."""
+import uuid
+
+from sqlite3 import Cursor
+
+def assign_resource_owner_role(
+ cursor: Cursor,
+ resource_id: uuid.UUID,
+ user_id: uuid.UUID
+) -> dict:
+ """Assign `user` the 'Resource Owner' role for `resource`."""
+ cursor.execute("SELECT * FROM roles WHERE role_name='resource-owner'")
+ role = cursor.fetchone()
+ params = {
+ "user_id": str(user_id),
+ "role_id": role["role_id"],
+ "resource_id": str(resource_id)
+ }
+ cursor.execute(
+ "INSERT INTO user_roles "
+ "VALUES (:user_id, :role_id, :resource_id) "
+ "ON CONFLICT (user_id, role_id, resource_id) DO NOTHING",
+ params)
+ return params
diff --git a/gn_auth/auth/authorisation/resources/models.py b/gn_auth/auth/authorisation/resources/models.py
index fa7797b..e86bc24 100644
--- a/gn_auth/auth/authorisation/resources/models.py
+++ b/gn_auth/auth/authorisation/resources/models.py
@@ -17,6 +17,7 @@ from gn_auth.auth.errors import NotFoundError, AuthorisationError
from .checks import authorised_for
from .base import Resource, ResourceCategory
+from .common import assign_resource_owner_role
from .groups.models import Group, is_group_leader
from .mrna import (
resource_data as mrna_resource_data,
@@ -34,21 +35,6 @@ from .phenotype import (
link_data_to_resource as phenotype_link_data_to_resource,
unlink_data_from_resource as phenotype_unlink_data_from_resource)
-def __assign_resource_owner_role__(cursor, resource, user):
- """Assign `user` the 'Resource Owner' role for `resource`."""
- cursor.execute("SELECT * FROM roles WHERE role_name='resource-owner'")
- role = cursor.fetchone()
- cursor.execute(
- "INSERT INTO user_roles "
- "VALUES (:user_id, :role_id, :resource_id) "
- "ON CONFLICT (user_id, role_id, resource_id) DO NOTHING",
- {
- "user_id": str(user.user_id),
- "role_id": role["role_id"],
- "resource_id": str(resource.resource_id)
- })
-
-
def resource_from_dbrow(row: sqlite3.Row):
"""Convert an SQLite3 resultset row into a resource."""
return Resource(
@@ -93,7 +79,7 @@ def create_resource(# pylint: disable=[too-many-arguments]
cursor.execute("INSERT INTO resource_ownership (group_id, resource_id) "
"VALUES (?, ?)",
(str(group.group_id), str(resource.resource_id)))
- __assign_resource_owner_role__(cursor, resource, user)
+ assign_resource_owner_role(cursor, resource.resource_id, user.user_id)
return resource