aboutsummaryrefslogtreecommitdiff
path: root/gn_auth/auth/authorisation/resources/models.py
AgeCommit message (Collapse)Author
2024-09-25Implement genotype resource creation via API with resource dataFrederick Muriuki Muriithi
Create the resource, assign the resource-owner role and link the resource's data in a single API call.
2024-09-25Extract common role assignment to its own moduleFrederick Muriuki Muriithi
2024-09-16Pass cursor rather than connection to create_resource functionFrederick Muriuki Muriithi
In order to decouple the `create_resource` function from the related functions that assign roles to users, this commit changes the code to pass in a cursor rather than a connection. The cursor will be the same cursor passed into the role assignment functions ensuring that the resource creation and role assignment happen in a single transaction.
2024-09-13Notes: Add note on some items that could go into hooks.Frederick Muriuki Muriithi
2024-06-25Roles: Get rid of use of GroupRole; use Role directly for resourcesFrederick Muriuki Muriithi
The GroupRole idea was flawed, and led to a critical bug that would have allowed privilege escalation. This uses the Role directly acting on a specific resource when assigning said role to a user.
2024-06-20Reorganise test fixtures. Fix tests and issues caught.Frederick Muriuki Muriithi
Reorganise test fixtures to more closely follow the design of the auth system. Fix the broken tests due to refactors and fix all issues caught by the running tests.
2024-06-17Don't save the resource-owner role as a resource roleFrederick Muriuki Muriithi
The 'resource-owner' role is a system-default role that applies to most resources, but should not be editable by users. This commit removes the code that was linking the role with each resource, leading it to being presented to the user as a editable role.
2024-06-07Update role assignment: user resource_roles tableFrederick Muriuki Muriithi
We no longer use the group_roles table, and have moved to the less privilege-escalation-prone resource_roles table. This commit updates the queries to use the newer resource_roles table.
2024-04-24Move the errors module up one level to break circular dependencies.Frederick Muriuki Muriithi
2024-04-23pylint: Fix linting errors.Frederick Muriuki Muriithi
2024-03-30Update call: Drop unused argument in call.Frederick Muriuki Muriithi
2024-03-21Return empty tuples when metadata is queried for data.Munyoki Kilyungi
* gn_auth/auth/authorisation/resources/models.py (resource_data): A metadata resource is not linked to any data so we return an empty tuple. Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
2024-03-21Add extra endpoint to get user authorisation given a resource name.Munyoki Kilyungi
* gn_auth/auth/authorisation/resources/models.py (user_roles_on_resources): New function. * gn_auth/auth/authorisation/resources/views.py (resources_authorisation): New endpoint. Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
2024-03-21Revert "Add an extra endpoint for metadata authorisation."Munyoki Kilyungi
This reverts commit f5e833c0d72eaec80425203b15210ed304cc4811. Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
2024-03-13Define Resource/ResourceCategory using frozen dataclass.Munyoki Kilyungi
* gn_auth/auth/authorisation/resources/base.py: Import dataclass and asdict. Remove NamedTuple and dictify. (ResourceCategory): Use frozen dataclass. (ResourceCategory.dictify): Delete. (Resource): Use frozen dataclass. (Resource.dictify): Delete. * gn_auth/auth/authorisation/resources/models.py: Delete dictify import. (assign_resource_user): Replace dictify with asdict. (unassign_resource_user): Ditto. * gn_auth/auth/authorisation/resources/views.py: Import asdict. Remove dictify import. (list_resource_categories): Replace dictify with asdict. (create_resource): Ditto. (view_resource): Ditto. (__safe_get_requests_page__): Ditto. * gn_auth/auth/authorisation/users/views.py: (user_resources): Replace dictify with asdict. Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
2024-03-13Define Privilege/Role using frozen dataclass.Munyoki Kilyungi
* gn_auth/auth/authorisation/privileges.py: Import dataclass. Remove NamedTuple import. (Privilege): Use frozen dataclass. (Privelege.dictify): Delete. * gn_auth/auth/authorisation/resources/groups/views.py: Import dataclasses.asdict. (group_privileges): Replace dictify with asdict. (add_priv_to_role): Ditto. (delete_priv_from_role): Ditto. * gn_auth/auth/authorisation/resources/models.py: (assign_resource_user): Replace dictify with asdict. (unassign_resource_user): Ditto. * gn_auth/auth/authorisation/resources/system/views.py: Import dataclasses.asdict. Remove dictify import. (system_roles): Replace dictify with asdict. * gn_auth/auth/authorisation/resources/views.py: (resource_users): Replace dictify with asdict. (resources_authorisation): Ditto. * gn_auth/auth/authorisation/roles/models.py: Remove dictify and NameTuple import. (Role): Use frozen dataclass. (Role.dictify): Replace dictify(priv) with asdict(priv). * gn_auth/auth/authorisation/roles/views.py: Import dataclasses.asdict. Remove dictify import. (view_role): Replace dictify with asdict. * gn_auth/auth/authorisation/users/views.py: (user_roles): Replace dictify with asdict. Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
2024-03-13Define User using a frozen dataclass.Munyoki Kilyungi
* gn_auth/auth/authentication/users.py: Import dataclass. Remove NamedTuple and Tuple import. (User): Use a frozen dataclass. (User.get_user_id): Delete. (User.dictify): Ditto. * gn_auth/auth/authorisation/data/views.py: Import dataclasses.dict. (authorisation): Replace user._asdict() with asdict(user). (metadata_resources): Ditto. * gn_auth/auth/authorisation/resources/groups/views.py: (group_members): Replace dictify with asdict. * gn_auth/auth/authorisation/resources/models.py: Import dataclasses.asdict. (assign_resource_user): Replace dictify(user) with asdict(user). (unassign_resource_user): Ditto. * gn_auth/auth/authorisation/resources/views.py: (resource_users): Replace dictify with asdict. * gn_auth/auth/authorisation/users/masquerade/views.py: Import dataclasses.asdict. (masquerade): Replace masq_user._asdict() with asdict(masq_user). * gn_auth/auth/authorisation/users/views.py: (list_all_users): Replace dictify with asdict. Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
2024-03-04Add an extra endpoint for metadata authorisation.Munyoki Kilyungi
* gn_auth/auth/authorisation/data/views.py: (metadata_resources): New end-point for authorising metadata data. * gn_auth/auth/authorisation/resources/models.py: Import sqlite3.Row. (__metadata_resource_data__): New function. (__assign_resource_owner_role__): Add __metadata_resource_data__ to the "resource_data_function" map. Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
2023-11-23Scripts: Update script for newer db schemaFrederick Muriuki Muriithi
The schema changed a while back, and the script that is used to make all existing data public needs to be updated for the new schema. This commit does exactly that.
2023-11-02mypy: Fix typing errors.Frederick Muriuki Muriithi
2023-10-12Bugs: Fix query and provide default function for inbredset-groupFrederick Muriuki Muriithi
2023-10-10Get authorisation by resource_idsFrederick Muriuki Muriithi
Add an endpoint to help users get the resources authorisation by the resource ids.
2023-10-10Temporarily return no data for resources of types system and group.Frederick Muriuki Muriithi
2023-09-27typing: fix and ignore typing issues.Frederick Muriuki Muriithi
2023-09-27Bug: Fix issue with viewing resources of type "group".Frederick Muriuki Muriithi
2023-09-26Handle temporary edge casesFrederick Muriuki Muriithi
Fetching resource data: system and group categories of resources do not have associated genetic data. This commit adds some code to temporarily handle that case as an edge case before I can devote more time to fixing the issue in a much better way.
2023-09-26Add System resource, and group resource(s) to list of user resourcesFrederick Muriuki Muriithi
* The system resource is public, and should be present for all users. * Each user that is a member of a group, should have their group show up in their list of resources. * Fix the SQL join: add an `ON ...` clause.
2023-09-26Move `groups` package under `resources` packageFrederick Muriuki Muriithi
With user groups being resources that users can act on (with the recent changes), this commit moves the `groups` module to under the `resources` module. It also renames the `*_resources.py` modules by dropping the `_resources` part since the code is under the `resources` module anyway.
2023-09-26Remove group from resource objectsFrederick Muriuki Muriithi
With the new schema, not all Resource objects are "owned" by a group. Those that are, are linked together through a different db table (`resource_ownership`). This commit removes the `Group` object from `Resource` objects and updates the `resource_ownership` where relevant.
2023-09-26Raise exception if no group for `resource_group`Frederick Muriuki Muriithi
Rather than using pymonad's Maybe monad and dealing with the complexity it introduces, raise an exception if there is no group found for the given resource.
2023-09-26Add `resource_group` function to retrieve the owning groupFrederick Muriuki Muriithi
Some resources are "owned" by specific user groups. This commit adds a way to retrieve those "owners" where relevant.
2023-09-26Extract resource-type-specific code into separate modulesFrederick Muriuki Muriithi
For easier maintenance, extract the code that relates to specific resource types/categories into separate modules, each dealing with a single resource type/category.
2023-09-26Extract basic resource types to a separate module.Frederick Muriuki Muriithi
2023-08-08Use relative imports to break circular import errorsFrederick Muriuki Muriithi
2023-08-07Change imports to new unified db module.Frederick Muriuki Muriithi
2023-08-07Update module name/pathFrederick Muriuki Muriithi
Change from gn3 to gn_auth
2023-08-04Copy over files from GN3 repository.Frederick Muriuki Muriithi