From 7148cca0f169ffbace5c1d19d9831e66c1fd7647 Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Mon, 17 Jun 2024 11:00:55 -0500 Subject: Don't save the resource-owner role as a resource role The 'resource-owner' role is a system-default role that applies to most resources, but should not be editable by users. This commit removes the code that was linking the role with each resource, leading it to being presented to the user as a editable role. --- gn_auth/auth/authorisation/resources/models.py | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/gn_auth/auth/authorisation/resources/models.py b/gn_auth/auth/authorisation/resources/models.py index 95a7f1c..c6c2e9e 100644 --- a/gn_auth/auth/authorisation/resources/models.py +++ b/gn_auth/auth/authorisation/resources/models.py @@ -36,22 +36,8 @@ from .errors import MissingGroupError def __assign_resource_owner_role__(cursor, resource, user): """Assign `user` the 'Resource Owner' role for `resource`.""" - cursor.execute( - "SELECT rr.* FROM resource_roles AS rr INNER JOIN roles AS r " - "ON rr.role_id=r.role_id WHERE r.role_name='resource-owner' " - "AND rr.resource_id=?", - (str(resource.resource_id),)) + cursor.execute("SELECT * FROM roles WHERE role_name='resource-owner'") role = cursor.fetchone() - if not role: - cursor.execute("SELECT * FROM roles WHERE role_name='resource-owner'") - role = cursor.fetchone() - cursor.execute( - "INSERT INTO resource_roles(resource_id, role_created_by, role_id) " - "VALUES (:resource_id, :user_id, :role_id)", - {"resource_id": str(resource.resource_id), - "user_id": str(user.user_id), - "role_id": role["role_id"]}) - cursor.execute( "INSERT INTO user_roles " "VALUES (:user_id, :role_id, :resource_id) " -- cgit v1.2.3