From 37771b3be3142f705101beb4c5dc34c1000962f9 Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Wed, 13 Sep 2023 11:23:45 +0300 Subject: Remove group from resource objects With the new schema, not all Resource objects are "owned" by a group. Those that are, are linked together through a different db table (`resource_ownership`). This commit removes the `Group` object from `Resource` objects and updates the `resource_ownership` where relevant. --- gn_auth/auth/authorisation/roles/models.py | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'gn_auth/auth/authorisation/roles') diff --git a/gn_auth/auth/authorisation/roles/models.py b/gn_auth/auth/authorisation/roles/models.py index e1b0d6b..579c9dc 100644 --- a/gn_auth/auth/authorisation/roles/models.py +++ b/gn_auth/auth/authorisation/roles/models.py @@ -136,6 +136,9 @@ def assign_default_roles(cursor: db.DbCursor, user: User): def revoke_user_role_by_name(cursor: db.DbCursor, user: User, role_name: str): """Revoke a role from `user` by the role's name""" + # TODO: Pass in the resource_id - this works somewhat correctly, but it's + # only because it is used in for revoking the "group-creator" role so + # far cursor.execute( "SELECT role_id FROM roles WHERE role_name=:role_name", {"role_name": role_name}) @@ -146,7 +149,8 @@ def revoke_user_role_by_name(cursor: db.DbCursor, user: User, role_name: str): "WHERE user_id=:user_id AND role_id=:role_id"), {"user_id": str(user.user_id), "role_id": role["role_id"]}) -def assign_user_role_by_name(cursor: db.DbCursor, user: User, role_name: str): +def assign_user_role_by_name( + cursor: db.DbCursor, user: User, resource_id: UUID, role_name: str): """Revoke a role from `user` by the role's name""" cursor.execute( "SELECT role_id FROM roles WHERE role_name=:role_name", @@ -155,6 +159,10 @@ def assign_user_role_by_name(cursor: db.DbCursor, user: User, role_name: str): if role: cursor.execute( - ("INSERT INTO user_roles VALUES(:user_id, :role_id) " + ("INSERT INTO user_roles VALUES(:user_id, :role_id, :resource_id) " "ON CONFLICT DO NOTHING"), - {"user_id": str(user.user_id), "role_id": role["role_id"]}) + { + "user_id": str(user.user_id), + "role_id": role["role_id"], + "resource_id": str(resource_id) + }) -- cgit v1.2.3