From 263707c72f823d437106f579ad974775ad427ccc Mon Sep 17 00:00:00 2001
From: John Nduli
Date: Thu, 15 Aug 2024 14:13:36 +0300
Subject: fix: bugs in masquerade api

---
 gn_auth/auth/authorisation/resources/groups/views.py  | 2 +-
 gn_auth/auth/authorisation/users/masquerade/models.py | 9 ++++++---
 gn_auth/auth/authorisation/users/masquerade/views.py  | 4 ++--
 3 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/gn_auth/auth/authorisation/resources/groups/views.py b/gn_auth/auth/authorisation/resources/groups/views.py
index 401be00..f98783b 100644
--- a/gn_auth/auth/authorisation/resources/groups/views.py
+++ b/gn_auth/auth/authorisation/resources/groups/views.py
@@ -48,7 +48,7 @@ def create_group():
     with require_oauth.acquire("profile group") as the_token:
         group_name=request_json().get("group_name", "").strip()
         if not bool(group_name):
-            raise GroupCreationError("Could not create the group.")
+            raise GroupCreationError(f"Could not create the group. Invalid Group name provided was `{group_name}`")
 
         db_uri = current_app.config["AUTH_DB"]
         with db.connection(db_uri) as conn:
diff --git a/gn_auth/auth/authorisation/users/masquerade/models.py b/gn_auth/auth/authorisation/users/masquerade/models.py
index 57bc564..ae2abad 100644
--- a/gn_auth/auth/authorisation/users/masquerade/models.py
+++ b/gn_auth/auth/authorisation/users/masquerade/models.py
@@ -31,9 +31,12 @@ def can_masquerade(func):
             conn = kwargs["conn"]
             token = kwargs["original_token"]
 
-        masq_privs = [priv for role in user_roles(conn, token.user)
-                      for priv in role.privileges
-                      if priv.privilege_id == "system:user:masquerade"]
+        masq_privs = []
+        for roles in user_roles(conn, token.user):
+            for role in roles["roles"]:
+                privileges = [p for p in role.privileges if p.privilege_id == "system:user:masquerade"]
+                masq_privs.extend(privileges)
+
         if len(masq_privs) == 0:
             raise ForbiddenAccess(
                 "You do not have the ability to masquerade as another user.")
diff --git a/gn_auth/auth/authorisation/users/masquerade/views.py b/gn_auth/auth/authorisation/users/masquerade/views.py
index 276859a..71cf98d 100644
--- a/gn_auth/auth/authorisation/users/masquerade/views.py
+++ b/gn_auth/auth/authorisation/users/masquerade/views.py
@@ -33,13 +33,13 @@ def masquerade() -> Response:
             return new_token
         def __dump_token__(tok):
             return {
-                key: value for key, value in (tok._asdict().items())
+                key: value for key, value in tok.items()
                 if key in ("access_token", "refresh_token", "expires_in",
                            "token_type")
             }
         return jsonify({
             "original": {
-                "user": token.user._asdict(),
+                "user": asdict(token.user),
                 "token": __dump_token__(token)
             },
             "masquerade_as": {
-- 
cgit v1.2.3