aboutsummaryrefslogtreecommitdiff
path: root/gn_auth/auth
diff options
context:
space:
mode:
Diffstat (limited to 'gn_auth/auth')
-rw-r--r--gn_auth/auth/authorisation/resources/views.py23
1 files changed, 20 insertions, 3 deletions
diff --git a/gn_auth/auth/authorisation/resources/views.py b/gn_auth/auth/authorisation/resources/views.py
index 4c8411f..50f0d8e 100644
--- a/gn_auth/auth/authorisation/resources/views.py
+++ b/gn_auth/auth/authorisation/resources/views.py
@@ -169,10 +169,27 @@ def resource_users(resource_id: UUID):
"""Retrieve all users with access to the given resource."""
with require_oauth.acquire("profile group resource") as the_token:
def __the_users__(conn: db.DbConnection):
- authorised = authorised_for(
- conn, the_token.user,
- ("group:resource:edit-resource","group:resource:view-resource"),
+ ########## BEGIN: HACK ##########
+ # This hack gets the UI to work, but needs replacing.
+ # It resolves (albeit, temporarily) the bug introduced after a
+ # refactor that made the system itself, and the groups into
+ # resources.
+ grouplevelauth = authorised_for(
+ conn,
+ the_token.user,
+ ("group:resource:view-resource",),
+ (resource_id,))
+ systemlevelauth = __pk__authorised_for(
+ conn,
+ the_token.user,
+ ("system:user:list",),
(resource_id,))
+ authorised = {
+ key: (grouplevelauth.get(key, False)
+ or systemlevelauth.get(key, False))
+ for key in grouplevelauth.keys() | systemlevelauth.keys()
+ }
+ ########## END: HACK ##########
if authorised.get(resource_id, False):
with db.cursor(conn) as cursor:
def __organise_users_n_roles__(users_n_roles, row):