diff options
Diffstat (limited to 'gn_auth')
-rw-r--r-- | gn_auth/auth/authorisation/checks.py | 12 | ||||
-rw-r--r-- | gn_auth/auth/authorisation/data/views.py | 10 |
2 files changed, 11 insertions, 11 deletions
diff --git a/gn_auth/auth/authorisation/checks.py b/gn_auth/auth/authorisation/checks.py index bf5e05a..4d5b6bc 100644 --- a/gn_auth/auth/authorisation/checks.py +++ b/gn_auth/auth/authorisation/checks.py @@ -32,21 +32,21 @@ def authorised_p( privileges: tuple[str, ...], error_description: str = ( "You lack authorisation to perform requested action"), - oauth2_scope = "profile"): + oauth2_scope="profile"): """Authorisation decorator.""" assert len(privileges) > 0, "You must provide at least one privilege" def __build_authoriser__(func: Callable): @wraps(func) def __authoriser__(*args, **kwargs): - with require_oauth.acquire(oauth2_scope) as the_token: - the_user = the_token.user - if the_user: + with require_oauth.acquire(oauth2_scope) as _token: + _user = _token.user + if _user: with db.connection(app.config["AUTH_DB"]) as conn: user_privileges = tuple( priv.privilege_id for priv in - auth_privs.user_privileges(conn, the_user)) + tuple( + auth_privs.user_privileges(conn, _user)) + tuple( priv_id for priv_id in - __system_privileges_in_roles__(conn, the_user)) + __system_privileges_in_roles__(conn, _user)) not_assigned = [ priv for priv in privileges if priv not in user_privileges] diff --git a/gn_auth/auth/authorisation/data/views.py b/gn_auth/auth/authorisation/data/views.py index 9d59a70..c40b667 100644 --- a/gn_auth/auth/authorisation/data/views.py +++ b/gn_auth/auth/authorisation/data/views.py @@ -88,11 +88,11 @@ def authorisation() -> Response: user = User(uuid.uuid4(), "anon@ymous.user", "Anonymous User") with db.connection(db_uri) as auth_conn: try: - with require_oauth.acquire("profile group resource") as the_token: - user = the_token.user + with require_oauth.acquire("profile group resource") as _token: + user = _token.user resources = attach_resources_data( - auth_conn, user_resources(auth_conn, the_token.user)) - resources_roles = user_resource_roles(auth_conn, the_token.user) + auth_conn, user_resources(auth_conn, _token.user)) + resources_roles = user_resource_roles(auth_conn, _token.user) privileges = { resource_id: tuple( privilege.privilege_id @@ -100,7 +100,7 @@ def authorisation() -> Response: for privilege in roles.privileges)#("group:resource:view-resource",) for resource_id, is_authorised in authorised_for( - auth_conn, the_token.user, + auth_conn, _token.user, ("group:resource:view-resource",), tuple( resource.resource_id for resource in resources)).items() if is_authorised |