From 37771b3be3142f705101beb4c5dc34c1000962f9 Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Wed, 13 Sep 2023 11:23:45 +0300 Subject: Remove group from resource objects With the new schema, not all Resource objects are "owned" by a group. Those that are, are linked together through a different db table (`resource_ownership`). This commit removes the `Group` object from `Resource` objects and updates the `resource_ownership` where relevant. --- gn_auth/auth/authorisation/checks.py | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'gn_auth/auth/authorisation/checks.py') diff --git a/gn_auth/auth/authorisation/checks.py b/gn_auth/auth/authorisation/checks.py index 55af0b1..ad71110 100644 --- a/gn_auth/auth/authorisation/checks.py +++ b/gn_auth/auth/authorisation/checks.py @@ -10,7 +10,7 @@ from .errors import InvalidData, AuthorisationError from ..db import sqlite3 as db from ..authentication.oauth2.resource_server import require_oauth -def __system_privileges_in_roles__(conn, user): +def __system_privileges_in_roles__(conn, user): # TODO: Remove this hack. """ This really is a hack since groups are not treated as resources at the moment of writing this. @@ -19,12 +19,11 @@ def __system_privileges_in_roles__(conn, user): """ query = ( "SELECT DISTINCT p.* FROM users AS u " - "INNER JOIN group_user_roles_on_resources AS guror " - "ON u.user_id=guror.user_id " - "INNER JOIN roles AS r ON guror.role_id=r.role_id " + "INNER JOIN user_roles AS ur ON u.user_id=ur.user_id " + "INNER JOIN roles AS r ON ur.role_id=r.role_id " "INNER JOIN role_privileges AS rp ON r.role_id=rp.role_id " "INNER JOIN privileges AS p ON rp.privilege_id=p.privilege_id " - "WHERE u.user_id=? AND p.privilege_id LIKE 'system:%'") + "WHERE u.user_id=? AND p.privilege_id LIKE 'system:%';") with db.cursor(conn) as cursor: cursor.execute(query, (str(user.user_id),)) return (row["privilege_id"] for row in cursor.fetchall()) -- cgit v1.2.3