From 29d097ffcbe9b0993bfab794c91f96d473ce0207 Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Wed, 30 Jul 2025 10:53:16 -0500
Subject: Fetch resource object that wraps the group for authorisations

---
 gn_auth/auth/authorisation/resources/groups/models.py | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'gn_auth/auth/authorisation/resources/groups/models.py')

diff --git a/gn_auth/auth/authorisation/resources/groups/models.py b/gn_auth/auth/authorisation/resources/groups/models.py
index a681e25..9daadf4 100644
--- a/gn_auth/auth/authorisation/resources/groups/models.py
+++ b/gn_auth/auth/authorisation/resources/groups/models.py
@@ -316,6 +316,25 @@ def add_user_to_group(cursor: db.DbCursor, the_group: Group, user: User):
     revoke_user_role_by_name(cursor, user, "group-creator")
 
 
+def resource_from_group(conn: db.DbConnection, the_group: Group) -> Resource:
+    """Get the resource object that wraps the group for auth purposes."""
+    with db.cursor(conn) as cursor:
+        cursor.execute(
+            "SELECT "
+            "resources.resource_id, resources.resource_name, "
+            "resources.public, resource_categories.* "
+            "FROM group_resources "
+            "INNER JOIN resources "
+            "ON group_resources.resource_id=resources.resource_id "
+            "INNER JOIN resource_categories "
+            "ON resources.resource_category_id=resource_categories.resource_category_id "
+            "WHERE group_resources.group_id=?",
+            (str(the_group.group_id),))
+        results = db_rows_to_roles(cursor.fetchall())
+        assert len(results) == 1, "Expected a single group resource."
+        return results[0]
+
+
 @authorised_p(
     privileges=("system:group:view-group",),
     error_description=(
-- 
cgit 1.4.1