From f5e833c0d72eaec80425203b15210ed304cc4811 Mon Sep 17 00:00:00 2001
From: Munyoki Kilyungi
Date: Thu, 29 Feb 2024 04:04:34 +0300
Subject: Add an extra endpoint for metadata authorisation.

* gn_auth/auth/authorisation/data/views.py: (metadata_resources): New
end-point for authorising metadata data.
* gn_auth/auth/authorisation/resources/models.py: Import sqlite3.Row.
(__metadata_resource_data__): New function.
(__assign_resource_owner_role__): Add __metadata_resource_data__
to the "resource_data_function" map.

Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
---
 gn_auth/auth/authorisation/data/views.py | 50 ++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)

(limited to 'gn_auth/auth/authorisation/data')

diff --git a/gn_auth/auth/authorisation/data/views.py b/gn_auth/auth/authorisation/data/views.py
index 05257a7..e5c8fd6 100644
--- a/gn_auth/auth/authorisation/data/views.py
+++ b/gn_auth/auth/authorisation/data/views.py
@@ -334,3 +334,53 @@ def link_phenotype() -> Response:
 
         return jsonify(with_db_connection(
             partial(__link__, **__values__(request.json))))
+
+
+@data.route("/metadata/authorisation", methods=["POST"])
+@require_json
+def metadata_resources() -> Response:
+    """Retrieve the authorisation level for given metadata resources"""
+    db_uri, privileges = app.config["AUTH_DB"], {}
+    user = User(uuid.uuid4(), "anon@ymous.user", "Anonymous User")
+    with db.connection(db_uri) as auth_conn:
+        with require_oauth.acquire("profile group resource") as token:
+            resources = attach_resources_data(
+                auth_conn, user_resources(auth_conn, token.user)
+            )
+            roles = user_resource_roles(
+                auth_conn, token.user
+            )
+            privileges = {
+                    resource_id: tuple(
+                        privilege.privilege_id
+                        for role in roles[resource_id]
+                        for privilege in role.privileges)
+                    for resource_id, is_authorised
+                    in authorised_for(
+                        auth_conn, token.user,
+                        ("group:resource:view-resource",),
+                        tuple(
+                            resource.resource_id for resource
+                            in resources
+                        )
+                    ).items()
+                    if is_authorised
+                } | {
+                    resource.resource_id: ("system:resource:public-read",)
+                    for resource in resources if resource.public
+                }
+            resource_map = {
+                resource.resource_category.resource_category_key.lower():
+                resource.resource_id
+                for resource in resources
+                for item in resource.resource_data
+            }
+            return jsonify(
+                {
+                    "user": user._asdict(),
+                    "resource_id": resource_map.get(
+                        request.json.get("name")  #type: ignore[union-attr]
+                    ),
+                    "privileges": privileges,
+                }
+            )
-- 
cgit v1.2.3