Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
|
|
|
|
Provide an endpoint that returns all the roles that a particular user
has on a specific resource.
|
|
|
|
The `…/group/roles` endpoint relied on the now deleted `group_roles`
table that caused the implementation to be prone to privilege
escalation attacks.
This commit provides the `…/resource/…/roles` endpoint that provides
the required functionality without the exposure.
|
|
We no longer use the group_roles table, and have moved to the less
privilege-escalation-prone resource_roles table. This commit updates
the queries to use the newer resource_roles table.
|
|
|
|
|
|
|
|
If a user provides the correct credentials to login, but they are
unverified, redirect them to the email verification page, where they
are provided with a chance to verify their email, or send a new
verification code.
|
|
|
|
|
|
Use dataclasses.asdict function to generate the dict that will be used
for the response rather than building it up manually.
|
|
Creation of a User object from the database resultset will mostly be
the same. This commit moves the repetitive code into a static method
that can be called wherever we need it.
This improves maintainability, since we only ever need to do an update
in one place now.
|
|
These linting errors can't be rebased into the newer commits.
|
|
|
|
|
|
This commit makes the values for the grant types dynamic, enabling
adding and/or removing of supported grant types. The editing was not
updating the grant type values correctly either - we update the
metadata key from "grants" to "grant_types" to fix that.
|
|
|
|
|
|
|
|
|
|
|
|
* gn_auth/auth/authorisation/resources/views.py: Import time.
(get_user_roles_on_resource): Add a JWT bearer token to the
responses's header.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
|
|
|
|
|
|
|
|
* gn_auth/auth/authorisation/resources/views.py: Import operator.
(get_user_roles_on_resource): Flatten roles list.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
* gn_auth/auth/authorisation/resources/models.py (resource_data): A
metadata resource is not linked to any data so we return an empty
tuple.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
* gn_auth/auth/authorisation/resources/models.py
(user_roles_on_resources): New function.
* gn_auth/auth/authorisation/resources/views.py
(resources_authorisation): New endpoint.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
This reverts commit f5e833c0d72eaec80425203b15210ed304cc4811.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
* gn_auth/auth/authorisation/resources/base.py: Import dataclass and
asdict. Remove NamedTuple and dictify.
(ResourceCategory): Use frozen dataclass.
(ResourceCategory.dictify): Delete.
(Resource): Use frozen dataclass.
(Resource.dictify): Delete.
* gn_auth/auth/authorisation/resources/models.py: Delete dictify
import.
(assign_resource_user): Replace dictify with asdict.
(unassign_resource_user): Ditto.
* gn_auth/auth/authorisation/resources/views.py: Import asdict.
Remove dictify import.
(list_resource_categories): Replace dictify with asdict.
(create_resource): Ditto.
(view_resource): Ditto.
(__safe_get_requests_page__): Ditto.
* gn_auth/auth/authorisation/users/views.py:
(user_resources): Replace dictify with asdict.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
* gn_auth/auth/authorisation/privileges.py: Import dataclass. Remove
NamedTuple import.
(Privilege): Use frozen dataclass.
(Privelege.dictify): Delete.
* gn_auth/auth/authorisation/resources/groups/views.py: Import
dataclasses.asdict.
(group_privileges): Replace dictify with asdict.
(add_priv_to_role): Ditto.
(delete_priv_from_role): Ditto.
* gn_auth/auth/authorisation/resources/models.py:
(assign_resource_user): Replace dictify with asdict.
(unassign_resource_user): Ditto.
* gn_auth/auth/authorisation/resources/system/views.py: Import
dataclasses.asdict. Remove dictify import.
(system_roles): Replace dictify with asdict.
* gn_auth/auth/authorisation/resources/views.py:
(resource_users): Replace dictify with asdict.
(resources_authorisation): Ditto.
* gn_auth/auth/authorisation/roles/models.py: Remove dictify and
NameTuple import.
(Role): Use frozen dataclass.
(Role.dictify): Replace dictify(priv) with asdict(priv).
* gn_auth/auth/authorisation/roles/views.py: Import
dataclasses.asdict. Remove dictify import.
(view_role): Replace dictify with asdict.
* gn_auth/auth/authorisation/users/views.py:
(user_roles): Replace dictify with asdict.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
* gn_auth/auth/authorisation/resources/groups/models.py: Import
dataclasses.asdict. Remove dictify import.
(GroupRole): Use frozen dataclass.
(GroupRole.dictify): Replace dictify(...) with self.role.dictify().
* gn_auth/auth/authorisation/resources/groups/views.py:
(group_roles): Replace dictify with asdict.
(view_group_role): Ditto.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
* gn_auth/auth/authorisation/data/genotypes.py: Import
dataclasses.asdict.
(link_genotype_data): Replace dictify with asdict.
* gn_auth/auth/authorisation/data/mrna.py: Import dataclasses.asdict.
(link_mrna_data): Replace dictify with asdict.
* gn_auth/auth/authorisation/data/phenotypes.py: Import
dataclasses.asdict.
(link_phenotype_data): Replace dictify with asdict.
* gn_auth/auth/authorisation/resources/groups/models.py: Import
dataclass.
(Group): Use frozen dataclass.
(Group.dictify): Delete.
(GroupRole.dictify): Replace dictify with asdict.
* gn_auth/auth/authorisation/resources/groups/views.py: Import
dataclasses.asdict. Remove dictify import.
(list_groups): Replace dictify with asdict.
(create_group): Ditto.
* gn_auth/auth/authorisation/resources/views.py:
(resource_users): Replace dictify with asdict.
* gn_auth/auth/authorisation/users/views.py: Import
dataclasses.asdict. Remove dictify import.
(user_details): Replace dictify with asdict.
(user_group): Ditto.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
* gn_auth/auth/authentication/users.py: Import dataclass. Remove
NamedTuple and Tuple import.
(User): Use a frozen dataclass.
(User.get_user_id): Delete.
(User.dictify): Ditto.
* gn_auth/auth/authorisation/data/views.py: Import dataclasses.dict.
(authorisation): Replace user._asdict() with asdict(user).
(metadata_resources): Ditto.
* gn_auth/auth/authorisation/resources/groups/views.py:
(group_members): Replace dictify with asdict.
* gn_auth/auth/authorisation/resources/models.py: Import
dataclasses.asdict.
(assign_resource_user): Replace dictify(user) with asdict(user).
(unassign_resource_user): Ditto.
* gn_auth/auth/authorisation/resources/views.py:
(resource_users): Replace dictify with asdict.
* gn_auth/auth/authorisation/users/masquerade/views.py: Import
dataclasses.asdict.
(masquerade): Replace masq_user._asdict() with asdict(masq_user).
* gn_auth/auth/authorisation/users/views.py:
(list_all_users): Replace dictify with asdict.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
* gn_auth/auth/authorisation/data/views.py: (metadata_resources): New
end-point for authorising metadata data.
* gn_auth/auth/authorisation/resources/models.py: Import sqlite3.Row.
(__metadata_resource_data__): New function.
(__assign_resource_owner_role__): Add __metadata_resource_data__
to the "resource_data_function" map.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
* gn_auth/auth/authorisation/data/views.py (authorisation): Fix typo.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
|
|
|