From ccd4ee5405f6a302283bac80dee15919dd3c6ffe Mon Sep 17 00:00:00 2001 From: Munyoki Kilyungi Date: Thu, 21 Mar 2024 10:10:46 +0300 Subject: Add extra endpoint to get user authorisation given a resource name. * gn_auth/auth/authorisation/resources/models.py (user_roles_on_resources): New function. * gn_auth/auth/authorisation/resources/views.py (resources_authorisation): New endpoint. Signed-off-by: Munyoki Kilyungi --- gn_auth/auth/authorisation/resources/models.py | 11 +++++++++++ gn_auth/auth/authorisation/resources/views.py | 24 +++++++++++++++++++++++- 2 files changed, 34 insertions(+), 1 deletion(-) diff --git a/gn_auth/auth/authorisation/resources/models.py b/gn_auth/auth/authorisation/resources/models.py index 8bd8c73..60d24ff 100644 --- a/gn_auth/auth/authorisation/resources/models.py +++ b/gn_auth/auth/authorisation/resources/models.py @@ -420,3 +420,14 @@ def user_roles_on_resources(conn: db.DbConnection, with db.cursor(conn) as cursor: cursor.execute(query, params) return reduce(__organise__, cursor.fetchall(), {}) + + +def get_resource_id(conn: db.DbConnection, name: str) -> Optional[str]: + """Given a resource_name, return it's resource_id.""" + with db.cursor(conn) as cursor: + cursor.execute( + "SELECT resource_id \ +FROM resources as r WHERE r.resource_name=?", (name, )) + if res := cursor.fetchone(): + return res["resource_id"] + return None diff --git a/gn_auth/auth/authorisation/resources/views.py b/gn_auth/auth/authorisation/resources/views.py index 13d9bdf..8034110 100644 --- a/gn_auth/auth/authorisation/resources/views.py +++ b/gn_auth/auth/authorisation/resources/views.py @@ -23,7 +23,8 @@ from .models import ( Resource, resource_data, resource_by_id, public_resources, resource_categories, assign_resource_user, link_data_to_resource, unassign_resource_user, resource_category_by_id, user_roles_on_resources, - unlink_data_from_resource, create_resource as _create_resource) + unlink_data_from_resource, create_resource as _create_resource, + get_resource_id) from .groups.models import Group, resource_owner, group_role_by_id resources = Blueprint("resources", __name__) @@ -372,3 +373,24 @@ def resources_authorisation(): resp.status_code = 400 return resp + + +@resources.route("/authorisation/", methods=["GET"]) +def get_user_roles_on_resource(name) -> Response: + """Get user authorisation for a given resource given it's name""" + resid = with_db_connection( + lambda conn: get_resource_id(conn, name) + ) + with require_oauth.acquire("profile resource") as _token: + _resources = with_db_connection( + lambda conn: user_roles_on_resources( + conn, _token.user, (resid,) + ) + ) + return jsonify({ + name: { + "roles": tuple( + asdict(rol) for rol in + _resources.get(resid, {}).get("roles", tuple())) + } + }) -- cgit v1.2.3