aboutsummaryrefslogtreecommitdiff
path: root/gn_auth/auth/authorisation/resources/views.py
AgeCommit message (Collapse)Author
2024-06-11Temporary fix to retrieve users with read access to resource.Frederick Muriuki Muriithi
2024-06-11List users assigned a particular role on a specific resource.handle-role-privilege-escalationFrederick Muriuki Muriithi
2024-06-11Import the symbols we use in the module directly.Frederick Muriuki Muriithi
Import the modules directly to help with reducing line-length and unnecessary typing.
2024-06-11Unassign privilege from resource role.Frederick Muriuki Muriithi
2024-06-10Fetch a role by its ID.Frederick Muriuki Muriithi
2024-06-10Use new db resultset conversion functions.Frederick Muriuki Muriithi
2024-06-10Provide resource roles endpointFrederick Muriuki Muriithi
Provide an endpoint that returns all the roles that a particular user has on a specific resource.
2024-06-10Share reusable functionFrederick Muriuki Muriithi
2024-06-07Replace `…/group/roles` endpoint with `…/resource/…/roles` endpoint.Frederick Muriuki Muriithi
The `…/group/roles` endpoint relied on the now deleted `group_roles` table that caused the implementation to be prone to privilege escalation attacks. This commit provides the `…/resource/…/roles` endpoint that provides the required functionality without the exposure.
2024-06-03Move user creation from db resultset into static methodFrederick Muriuki Muriithi
Creation of a User object from the database resultset will mostly be the same. This commit moves the repetitive code into a static method that can be called wherever we need it. This improves maintainability, since we only ever need to do an update in one place now.
2024-04-30Create a JWT token when querying a user's role an a resource.Munyoki Kilyungi
* gn_auth/auth/authorisation/resources/views.py: Import time. (get_user_roles_on_resource): Add a JWT bearer token to the responses's header. Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
2024-04-24Move the errors module up one level to break circular dependencies.Frederick Muriuki Muriithi
2024-03-25Flatten roles list in "get_user_roles_on_resource."Munyoki Kilyungi
* gn_auth/auth/authorisation/resources/views.py: Import operator. (get_user_roles_on_resource): Flatten roles list. Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
2024-03-21Add extra endpoint to get user authorisation given a resource name.Munyoki Kilyungi
* gn_auth/auth/authorisation/resources/models.py (user_roles_on_resources): New function. * gn_auth/auth/authorisation/resources/views.py (resources_authorisation): New endpoint. Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
2024-03-13Define Resource/ResourceCategory using frozen dataclass.Munyoki Kilyungi
* gn_auth/auth/authorisation/resources/base.py: Import dataclass and asdict. Remove NamedTuple and dictify. (ResourceCategory): Use frozen dataclass. (ResourceCategory.dictify): Delete. (Resource): Use frozen dataclass. (Resource.dictify): Delete. * gn_auth/auth/authorisation/resources/models.py: Delete dictify import. (assign_resource_user): Replace dictify with asdict. (unassign_resource_user): Ditto. * gn_auth/auth/authorisation/resources/views.py: Import asdict. Remove dictify import. (list_resource_categories): Replace dictify with asdict. (create_resource): Ditto. (view_resource): Ditto. (__safe_get_requests_page__): Ditto. * gn_auth/auth/authorisation/users/views.py: (user_resources): Replace dictify with asdict. Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
2024-03-13Define Privilege/Role using frozen dataclass.Munyoki Kilyungi
* gn_auth/auth/authorisation/privileges.py: Import dataclass. Remove NamedTuple import. (Privilege): Use frozen dataclass. (Privelege.dictify): Delete. * gn_auth/auth/authorisation/resources/groups/views.py: Import dataclasses.asdict. (group_privileges): Replace dictify with asdict. (add_priv_to_role): Ditto. (delete_priv_from_role): Ditto. * gn_auth/auth/authorisation/resources/models.py: (assign_resource_user): Replace dictify with asdict. (unassign_resource_user): Ditto. * gn_auth/auth/authorisation/resources/system/views.py: Import dataclasses.asdict. Remove dictify import. (system_roles): Replace dictify with asdict. * gn_auth/auth/authorisation/resources/views.py: (resource_users): Replace dictify with asdict. (resources_authorisation): Ditto. * gn_auth/auth/authorisation/roles/models.py: Remove dictify and NameTuple import. (Role): Use frozen dataclass. (Role.dictify): Replace dictify(priv) with asdict(priv). * gn_auth/auth/authorisation/roles/views.py: Import dataclasses.asdict. Remove dictify import. (view_role): Replace dictify with asdict. * gn_auth/auth/authorisation/users/views.py: (user_roles): Replace dictify with asdict. Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
2024-03-13Define Group using a frozen dataclass.Munyoki Kilyungi
* gn_auth/auth/authorisation/data/genotypes.py: Import dataclasses.asdict. (link_genotype_data): Replace dictify with asdict. * gn_auth/auth/authorisation/data/mrna.py: Import dataclasses.asdict. (link_mrna_data): Replace dictify with asdict. * gn_auth/auth/authorisation/data/phenotypes.py: Import dataclasses.asdict. (link_phenotype_data): Replace dictify with asdict. * gn_auth/auth/authorisation/resources/groups/models.py: Import dataclass. (Group): Use frozen dataclass. (Group.dictify): Delete. (GroupRole.dictify): Replace dictify with asdict. * gn_auth/auth/authorisation/resources/groups/views.py: Import dataclasses.asdict. Remove dictify import. (list_groups): Replace dictify with asdict. (create_group): Ditto. * gn_auth/auth/authorisation/resources/views.py: (resource_users): Replace dictify with asdict. * gn_auth/auth/authorisation/users/views.py: Import dataclasses.asdict. Remove dictify import. (user_details): Replace dictify with asdict. (user_group): Ditto. Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
2024-03-13Define User using a frozen dataclass.Munyoki Kilyungi
* gn_auth/auth/authentication/users.py: Import dataclass. Remove NamedTuple and Tuple import. (User): Use a frozen dataclass. (User.get_user_id): Delete. (User.dictify): Ditto. * gn_auth/auth/authorisation/data/views.py: Import dataclasses.dict. (authorisation): Replace user._asdict() with asdict(user). (metadata_resources): Ditto. * gn_auth/auth/authorisation/resources/groups/views.py: (group_members): Replace dictify with asdict. * gn_auth/auth/authorisation/resources/models.py: Import dataclasses.asdict. (assign_resource_user): Replace dictify(user) with asdict(user). (unassign_resource_user): Ditto. * gn_auth/auth/authorisation/resources/views.py: (resource_users): Replace dictify with asdict. * gn_auth/auth/authorisation/users/masquerade/views.py: Import dataclasses.asdict. (masquerade): Replace masq_user._asdict() with asdict(masq_user). * gn_auth/auth/authorisation/users/views.py: (list_all_users): Replace dictify with asdict. Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
2023-11-02pylint: Fix linting errors.Frederick Muriuki Muriithi
2023-10-10Get authorisation by resource_idsFrederick Muriuki Muriithi
Add an endpoint to help users get the resources authorisation by the resource ids.
2023-09-27linting: Remove unused import, handle unused variableFrederick Muriuki Muriithi
2023-09-27Bug: Fix issue with viewing resources of type "group".Frederick Muriuki Muriithi
2023-09-26Add `public-view` role. Assign it to users.Frederick Muriuki Muriithi
Add a new `public-view` role to be assigned to all users on all resources that are defined as publicly viewable. Update code to make assign `public-view` role to a newly registered user for all publicly viewable roles. Update the code to assign/revoke the `public-view` role to/from users whenever the resource is toggled to and from being publicly viewable. Ensure that `public-view` is not revoked from system-administrators. Ensure that `public-view` is not revoked from the group administrators of the group that owns the resource.
2023-09-26Move `groups` package under `resources` packageFrederick Muriuki Muriithi
With user groups being resources that users can act on (with the recent changes), this commit moves the `groups` module to under the `resources` module. It also renames the `*_resources.py` modules by dropping the `_resources` part since the code is under the `resources` module anyway.
2023-09-26Raise exception if no group for `resource_group`Frederick Muriuki Muriithi
Rather than using pymonad's Maybe monad and dealing with the complexity it introduces, raise an exception if there is no group found for the given resource.
2023-09-26Add `resource_group` function to retrieve the owning groupFrederick Muriuki Muriithi
Some resources are "owned" by specific user groups. This commit adds a way to retrieve those "owners" where relevant.
2023-08-08Use relative imports to break circular import errorsFrederick Muriuki Muriithi
2023-08-08Fix issues caught by linterFrederick Muriuki Muriithi
* Add a .pylintrc to silence annoying messages * Fix imports * Add missing `parse_db_url` function * Add a new `gn_auth.auth.db.redis` module
2023-08-07Change imports to new unified db module.Frederick Muriuki Muriithi
2023-08-07Update module name/pathFrederick Muriuki Muriithi
Change from gn3 to gn_auth
2023-08-04Copy over files from GN3 repository.Frederick Muriuki Muriithi