From 5f42365bb856a8272a27a127e9cd7e6e28971b42 Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Wed, 13 Sep 2023 08:07:18 +0300 Subject: Add `resource_group` function to retrieve the owning group Some resources are "owned" by specific user groups. This commit adds a way to retrieve those "owners" where relevant. --- gn_auth/auth/authorisation/resources/models.py | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) (limited to 'gn_auth/auth/authorisation/resources/models.py') diff --git a/gn_auth/auth/authorisation/resources/models.py b/gn_auth/auth/authorisation/resources/models.py index b5a6cd5..93a1aff 100644 --- a/gn_auth/auth/authorisation/resources/models.py +++ b/gn_auth/auth/authorisation/resources/models.py @@ -4,13 +4,13 @@ from uuid import UUID, uuid4 from functools import reduce, partial from typing import Dict, Sequence, Optional +from pymonad.maybe import Just, Maybe, Nothing + from ...db import sqlite3 as db from ...dictify import dictify from ...authentication.users import User from ...db.sqlite3 import with_db_connection -from .checks import authorised_for - from ..checks import authorised_p from ..errors import NotFoundError, AuthorisationError from ..groups.models import ( @@ -383,3 +383,20 @@ def save_resource( raise AuthorisationError( "You do not have the appropriate privileges to edit this resource.") + +def resource_group(conn: db.DbConnection, resource: Resource) -> Maybe[Group]: + """Return the group that owns the resource.""" + with db.cursor(conn) as cursor: + cursor.execute( + "SELECT g.* FROM resource_ownership AS ro " + "INNER JOIN groups AS g ON ro.group_id=g.group_id " + "WHERE ro.resource_id=?", + (str(resource.resource_id),)) + row = cursor.fetchone() + if row: + return Just(Group( + UUID(row["group_id"]), + row["group_name"], + json.loads(row["group_metadata"]))) + + return Nothing -- cgit v1.2.3