aboutsummaryrefslogtreecommitdiff
path: root/gn_auth
diff options
context:
space:
mode:
Diffstat (limited to 'gn_auth')
-rw-r--r--gn_auth/auth/authorisation/resources/models.py8
-rw-r--r--gn_auth/auth/authorisation/resources/views.py14
2 files changed, 10 insertions, 12 deletions
diff --git a/gn_auth/auth/authorisation/resources/models.py b/gn_auth/auth/authorisation/resources/models.py
index 93a1aff..783bf8a 100644
--- a/gn_auth/auth/authorisation/resources/models.py
+++ b/gn_auth/auth/authorisation/resources/models.py
@@ -384,7 +384,7 @@ def save_resource(
raise AuthorisationError(
"You do not have the appropriate privileges to edit this resource.")
-def resource_group(conn: db.DbConnection, resource: Resource) -> Maybe[Group]:
+def resource_group(conn: db.DbConnection, resource: Resource) -> Group:
"""Return the group that owns the resource."""
with db.cursor(conn) as cursor:
cursor.execute(
@@ -394,9 +394,9 @@ def resource_group(conn: db.DbConnection, resource: Resource) -> Maybe[Group]:
(str(resource.resource_id),))
row = cursor.fetchone()
if row:
- return Just(Group(
+ return Group(
UUID(row["group_id"]),
row["group_name"],
- json.loads(row["group_metadata"])))
+ json.loads(row["group_metadata"]))
- return Nothing
+ raise MissingGroupError("Resource has no 'owning' group.")
diff --git a/gn_auth/auth/authorisation/resources/views.py b/gn_auth/auth/authorisation/resources/views.py
index 3a733c6..4fe04d9 100644
--- a/gn_auth/auth/authorisation/resources/views.py
+++ b/gn_auth/auth/authorisation/resources/views.py
@@ -154,7 +154,6 @@ def resource_users(resource_id: uuid.UUID):
with require_oauth.acquire("profile group resource") as the_token:
def __the_users__(conn: db.DbConnection):
resource = resource_by_id(conn, the_token.user, resource_id)
- rgroup = resource_group(conn, resource).maybe(None, lambda grp: grp)
authorised = authorised_for(
conn, the_token.user, ("group:resource:edit-resource",),
(resource_id,))
@@ -166,7 +165,7 @@ def resource_users(resource_id: uuid.UUID):
"user", User(user_id, row["email"], row["name"]))
role = GroupRole(
uuid.UUID(row["group_role_id"]),
- rgroup,
+ resource_group(conn, resource),
Role(uuid.UUID(row["role_id"]), row["role_name"],
bool(int(row["user_editable"])), tuple()))
return {
@@ -219,12 +218,12 @@ def assign_role_to_user(resource_id: uuid.UUID) -> Response:
def __assign__(conn: db.DbConnection) -> dict:
resource = resource_by_id(conn, the_token.user, resource_id)
- rgroup = resource_group(conn, resource).maybe(
- None, lambda grp: grp)
user = user_by_email(conn, user_email)
return assign_resource_user(
conn, resource, user,
- group_role_by_id(conn, rgroup, uuid.UUID(group_role_id)))
+ group_role_by_id(conn,
+ resource_group(conn, resource),
+ uuid.UUID(group_role_id)))
except AssertionError as aserr:
raise AuthorisationError(aserr.args[0]) from aserr
@@ -244,11 +243,10 @@ def unassign_role_to_user(resource_id: uuid.UUID) -> Response:
def __assign__(conn: db.DbConnection) -> dict:
resource = resource_by_id(conn, the_token.user, resource_id)
- rgroup = resource_group(conn, resource).maybe(
- None, lambda grp: grp)
return unassign_resource_user(
conn, resource, user_by_id(conn, uuid.UUID(user_id)),
- group_role_by_id(conn, rgroup,
+ group_role_by_id(conn,
+ resource_group(conn, resource),
uuid.UUID(group_role_id)))
except AssertionError as aserr:
raise AuthorisationError(aserr.args[0]) from aserr