From 7148cca0f169ffbace5c1d19d9831e66c1fd7647 Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Mon, 17 Jun 2024 11:00:55 -0500
Subject: Don't save the resource-owner role as a resource role

The 'resource-owner' role is a system-default role that applies to
most resources, but should not be editable by users. This commit
removes the code that was linking the role with each resource, leading
it to being presented to the user as a editable role.
---
 gn_auth/auth/authorisation/resources/models.py | 16 +---------------
 1 file changed, 1 insertion(+), 15 deletions(-)

(limited to 'gn_auth/auth/authorisation/resources/models.py')

diff --git a/gn_auth/auth/authorisation/resources/models.py b/gn_auth/auth/authorisation/resources/models.py
index 95a7f1c..c6c2e9e 100644
--- a/gn_auth/auth/authorisation/resources/models.py
+++ b/gn_auth/auth/authorisation/resources/models.py
@@ -36,22 +36,8 @@ from .errors import MissingGroupError
 
 def __assign_resource_owner_role__(cursor, resource, user):
     """Assign `user` the 'Resource Owner' role for `resource`."""
-    cursor.execute(
-        "SELECT rr.* FROM resource_roles AS rr INNER JOIN roles AS r "
-        "ON rr.role_id=r.role_id WHERE r.role_name='resource-owner' "
-        "AND rr.resource_id=?",
-        (str(resource.resource_id),))
+    cursor.execute("SELECT * FROM roles WHERE role_name='resource-owner'")
     role = cursor.fetchone()
-    if not role:
-        cursor.execute("SELECT * FROM roles WHERE role_name='resource-owner'")
-        role = cursor.fetchone()
-        cursor.execute(
-            "INSERT INTO resource_roles(resource_id, role_created_by, role_id) "
-            "VALUES (:resource_id, :user_id, :role_id)",
-            {"resource_id": str(resource.resource_id),
-             "user_id": str(user.user_id),
-             "role_id": role["role_id"]})
-
     cursor.execute(
         "INSERT INTO user_roles "
         "VALUES (:user_id, :role_id, :resource_id) "
-- 
cgit v1.2.3