From e1f2966c0764980008a8caad6d2ba41a5ad0d853 Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Mon, 10 Jun 2024 17:12:59 -0500
Subject: Unassign privilege from resource role.

---
 gn_auth/auth/authorisation/roles/models.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'gn_auth/auth/authorisation/roles')

diff --git a/gn_auth/auth/authorisation/roles/models.py b/gn_auth/auth/authorisation/roles/models.py
index b559bff..e740bfd 100644
--- a/gn_auth/auth/authorisation/roles/models.py
+++ b/gn_auth/auth/authorisation/roles/models.py
@@ -239,3 +239,14 @@ def role_by_id(conn: db.DbConnection, role_id: UUID) -> Optional[Role]:
         raise Exception("Data corruption: Expected a single role.")
 
     return _roles[0]
+
+
+def delete_privilege_from_resource_role(
+        cursor: db.DbCursor,
+        role: Role,
+        privilege_id: str
+):
+    """Delete a privilege from a resource role."""
+    cursor.execute(
+        "DELETE FROM role_privileges WHERE role_id=? AND privilege_id=?",
+        (str(role.role_id), privilege.privilege_id))
-- 
cgit v1.2.3