aboutsummaryrefslogtreecommitdiff
path: root/gn_auth
diff options
context:
space:
mode:
Diffstat (limited to 'gn_auth')
-rw-r--r--gn_auth/auth/authorisation/resources/groups/views.py2
-rw-r--r--gn_auth/auth/authorisation/users/masquerade/models.py9
-rw-r--r--gn_auth/auth/authorisation/users/masquerade/views.py4
3 files changed, 9 insertions, 6 deletions
diff --git a/gn_auth/auth/authorisation/resources/groups/views.py b/gn_auth/auth/authorisation/resources/groups/views.py
index 401be00..f98783b 100644
--- a/gn_auth/auth/authorisation/resources/groups/views.py
+++ b/gn_auth/auth/authorisation/resources/groups/views.py
@@ -48,7 +48,7 @@ def create_group():
with require_oauth.acquire("profile group") as the_token:
group_name=request_json().get("group_name", "").strip()
if not bool(group_name):
- raise GroupCreationError("Could not create the group.")
+ raise GroupCreationError(f"Could not create the group. Invalid Group name provided was `{group_name}`")
db_uri = current_app.config["AUTH_DB"]
with db.connection(db_uri) as conn:
diff --git a/gn_auth/auth/authorisation/users/masquerade/models.py b/gn_auth/auth/authorisation/users/masquerade/models.py
index 57bc564..ae2abad 100644
--- a/gn_auth/auth/authorisation/users/masquerade/models.py
+++ b/gn_auth/auth/authorisation/users/masquerade/models.py
@@ -31,9 +31,12 @@ def can_masquerade(func):
conn = kwargs["conn"]
token = kwargs["original_token"]
- masq_privs = [priv for role in user_roles(conn, token.user)
- for priv in role.privileges
- if priv.privilege_id == "system:user:masquerade"]
+ masq_privs = []
+ for roles in user_roles(conn, token.user):
+ for role in roles["roles"]:
+ privileges = [p for p in role.privileges if p.privilege_id == "system:user:masquerade"]
+ masq_privs.extend(privileges)
+
if len(masq_privs) == 0:
raise ForbiddenAccess(
"You do not have the ability to masquerade as another user.")
diff --git a/gn_auth/auth/authorisation/users/masquerade/views.py b/gn_auth/auth/authorisation/users/masquerade/views.py
index 276859a..71cf98d 100644
--- a/gn_auth/auth/authorisation/users/masquerade/views.py
+++ b/gn_auth/auth/authorisation/users/masquerade/views.py
@@ -33,13 +33,13 @@ def masquerade() -> Response:
return new_token
def __dump_token__(tok):
return {
- key: value for key, value in (tok._asdict().items())
+ key: value for key, value in tok.items()
if key in ("access_token", "refresh_token", "expires_in",
"token_type")
}
return jsonify({
"original": {
- "user": token.user._asdict(),
+ "user": asdict(token.user),
"token": __dump_token__(token)
},
"masquerade_as": {