about summary refs log tree commit diff
path: root/gn_auth/auth
AgeCommit message (Collapse)Author
4 daysFix: Temp traits were broken by some recent changes that prevents auth from ↵ HEAD mainzsloan
ever allowing them This commit allows the auth system to handle Temp traits (by just treating them as public traits)
9 daysOnly grant system-administration role against the system resource.Frederick Muriuki Muriithi
10 daysusers/models: add delete_users_by_id functionClaude Sonnet 4.6
Add a low-level delete_users_by_id function that removes users and all their dependent data unconditionally, bypassing the policy checks in the '/auth/users/delete' HTTP endpoint (which refuses to delete privileged users). This is intended for use by CLI test-teardown commands and the sudo-wrapped CI cleanup script. It might also find utility in other places where we do actually need to delete a user and their data unconditionally. Co-authored-by: Frederick Muriuki Muriithi <fredmanglis@gmail.com>
2026-05-21Remove dead code caught by vulture.Frederick Muriuki Muriithi
2026-05-21Move scripts to top-level gn_auth package.Frederick Muriuki Muriithi
In preparation for migrating to pyproject.toml (from setup.py and friends) we need to have only one top-level package. This will also help in improving testing and checks down the line, since everything will be relative to one single top-level directory.
2026-05-21Deprecate functions which duplicate those in gn-libs.Frederick Muriuki Muriithi
The `gn_auth.auth.authorisation.resources.checks.can_[edit/delete]` functions duplicate the utility provided by similar named functions in the `gn_libs.privileges.resources` package. These ones are, thus, deprecated in favour of the gn-libs ones.
2026-05-21Delete unused function.Frederick Muriuki Muriithi
The `gn_auth.auth.authorisation.resources.checks.can_view` function is no longer used in this code base. It can be safely removed.
2026-05-21Remove unused argument/parameter from function.Frederick Muriuki Muriithi
2026-05-20Raise a NotFoundError if not a single resource is found.Frederick Muriuki Muriithi
2026-05-20Initialise initial value used in reduce.Frederick Muriuki Muriithi
To avoid failures later due to missing keys, we initialise the initial value used in reduce to a dict with empty tuples for every key.
2026-05-18Refactor authorisation-by-datasets-and-traits endpoint.Frederick Muriuki Muriithi
Fetch resources using the dataset names (and trait names where relevant) to simplify the code, and make it clearer what the endpoint actually does.
2026-05-18Fetch genotype resources by dataset.Frederick Muriuki Muriithi
2026-05-18Fetch mRNA resources by dataset name.Frederick Muriuki Muriithi
2026-05-18Fetch phenotype resources by dataset name and trait name.Frederick Muriuki Muriithi
2026-05-18Update call to `can_edit` to separate resource and system privilegesFrederick Muriuki Muriithi
2026-05-18Replace objects with gn_libs alternatives and deprecate the module.Frederick Muriuki Muriithi
Replace the functions and classes in `gn_auth.auth.db.sqlite3` with those in `gn_libs.sqlite3` to reduce duplications. Deprecate the `gn_auth.auth.db.sqlite3` module and the remaining function(s) within in preparation for removal.
2026-05-01Use module-level logging rather than the app's logger.Frederick Muriuki Muriithi
2026-05-01Ensure ALL users with access to the resource are actually listed.Frederick Muriuki Muriithi
2026-04-23Remove debug artifact.Frederick Muriuki Muriithi
2026-04-23Improve error messages.Frederick Muriuki Muriithi
2026-04-23Fix minor linting bugs.Frederick Muriuki Muriithi
2026-04-23AuthorisationError is HTTP status code 401.Frederick Muriuki Muriithi
2026-04-23Allow anonymous users "public-view" privileges.Frederick Muriuki Muriithi
The default system-level privilege is the "public-view", i.e. the users can view basic details about the Genenetwork system. If no authorisation is provided when accessing the /auth/system/roles endpoint, return the default role/privilege.
2026-04-20Implement editing resource name.Frederick Muriuki Muriithi
2026-04-20Use module-level logger rather than application's logger.Frederick Muriuki Muriithi
2026-04-15Do not grant sysadmins direct access at resource creation.Frederick Muriuki Muriithi
2026-04-08user resources: Add a text filter for further filtering.Frederick Muriuki Muriithi
2026-04-08user resources: Enable filtering using only the limit and offset.Frederick Muriuki Muriithi
2026-04-08Use module-level logger.Frederick Muriuki Muriithi
2026-04-08user resources: return total with filtered records.Frederick Muriuki Muriithi
Return a count of the total number of resources that the user has access to even if we are only interested in a few of the records.
2026-04-07Update code to handle resource creators and creation times.Frederick Muriuki Muriithi
2026-04-07Add creator and creation time tracking to Resources.Frederick Muriuki Muriithi
2026-04-02Update resource creation: Add tracking informationFrederick Muriuki Muriithi
Add the creator of the resource and the time the resource was created.
2026-03-26Update edit access: use more flexible 'can_edit(...)' function.Frederick Muriuki Muriithi
2026-02-10Check only for the base URL and path.Frederick Muriuki Muriithi
To allow the client to pass flags to the redirect_uri that the authorisation server has no interest in, check that only the "base" url (protocol, hostname/netlog and path) are registered, ignoring any query and fragment parameters.
2026-02-10Bug: Fix import path.Frederick Muriuki Muriithi
2026-02-10Setup correct flash message classes.Frederick Muriuki Muriithi
2026-02-10Authorisation Check: New function to check user has edit access.Frederick Muriuki Muriithi
2026-02-10Authorisation Check: New function to check user has view access.Frederick Muriuki Muriithi
2026-02-10Use Auth function that checks for delete access.Frederick Muriuki Muriithi
2026-02-10Authorisation Check: New function to check user has delete access.Frederick Muriuki Muriithi
2026-02-06Use AuthorisationError to indicate error condition.Frederick Muriuki Muriithi
2026-02-06Replace hard-coded email check with check against privilegesFrederick Muriuki Muriithi
Fix the check: rather than using a hard-coded email to check for authorisation, we instead check against the privileges the user has on the resource, or whether they have global privileges allowing them to act on any data.
2026-02-06Fetch a single resource ID: delete data from one resource at a time.Frederick Muriuki Muriithi
2026-01-30Add placeholder check for privilegesFrederick Muriuki Muriithi
For now, only one user is allowed to delete data from Genenetwork. To get the code online as quickly as possible, in order to test out the system, I have elected to do a quick and dirty check that prevents everyone except @acenteno from being able to delete data from the system. To fix this, I'll need to actually implement (a) new role(s) to grant certain users special permissions on **ALL** the data in the system regardless of who owns it.
2026-01-27Leave notes for tasks that need doing.Frederick Muriuki Muriithi
2026-01-27Proof-of-concept: Delete linked phenotype data.Frederick Muriuki Muriithi
2026-01-27Simplify relative import.Frederick Muriuki Muriithi
2025-12-29`system_resource(...)` function takes either connection or cursorFrederick Muriuki Muriithi
Refactor to allow the `gn_auth.auth.authorisation.resources.system.models.system_resource` function to take either a database connection or cursor and use that to retrieve the "system resource".
2025-12-29`create_resource(...)` function takes either connection or cursorFrederick Muriuki Muriithi
Refactor to allow the `gn_auth.auth.authorisation.resources.models.create_resource` function to take either a database connection or cursor to perform its tasks.
generated by cgit-pink 1.4.1 (git 2.36.1) at 2026-06-13 05:55:41 +0000