From 529165c1fda8b7f88bcc4fff4f227d95c7bf6ba5 Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Mon, 17 Jun 2024 15:41:52 -0500 Subject: Retrieve complete list of a users roles on a particular resource. --- gn_auth/auth/authorisation/resources/views.py | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) (limited to 'gn_auth/auth/authorisation/resources/views.py') diff --git a/gn_auth/auth/authorisation/resources/views.py b/gn_auth/auth/authorisation/resources/views.py index 0849466..07439a0 100644 --- a/gn_auth/auth/authorisation/resources/views.py +++ b/gn_auth/auth/authorisation/resources/views.py @@ -18,7 +18,9 @@ from gn_auth.auth.db import sqlite3 as db from gn_auth.auth.db.sqlite3 import with_db_connection from gn_auth.auth.authorisation.roles import Role -from gn_auth.auth.authorisation.roles.models import create_role +from gn_auth.auth.authorisation.roles.models import ( + create_role, + user_resource_roles as _user_resource_roles) from gn_auth.auth.errors import ( InvalidData, InconsistencyError, @@ -609,3 +611,21 @@ def create_resource_role(resource_id: UUID): }) return jsonify(asdict(role)) + +@resources.route("//users//roles", methods=["GET"]) +@require_oauth("profile group resource role") +def user_resource_roles(resource_id: UUID, user_id: UUID): + """Get a specific user's roles on a particular resource.""" + with (require_oauth.acquire("profile group resource") as _token, + db.connection(app.config["AUTH_DB"]) as conn, + db.cursor(conn) as cursor): + if _token.user.user_id != user_id: + raise AuthorisationError( + "You are not authorised to view the roles this user has.") + + _resource = resource_by_id(conn, _token.user, resource_id) + if not bool(_resource): + raise BadRequest("No resource was found with the given ID.") + + return jsonify([asdict(role) for role in + _user_resource_roles(conn, _token.user, _resource)]) -- cgit v1.2.3