From 5d3dffd703822b019f39e7b898758085b88b4809 Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Tue, 26 Sep 2023 03:17:54 +0300
Subject: Update query

Replace `group_user_roles_on_resources` table with `user_roles` for
the query that checks whether the user has appropriate permissions to
act on a specific resource.
---
 gn_auth/auth/authorisation/resources/checks.py | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

(limited to 'gn_auth/auth/authorisation')

diff --git a/gn_auth/auth/authorisation/resources/checks.py b/gn_auth/auth/authorisation/resources/checks.py
index db975de..717e5e4 100644
--- a/gn_auth/auth/authorisation/resources/checks.py
+++ b/gn_auth/auth/authorisation/resources/checks.py
@@ -24,14 +24,12 @@ def authorised_for(conn: db.DbConnection, user: User, privileges: tuple[str],
     """
     with db.cursor(conn) as cursor:
         cursor.execute(
-            ("SELECT guror.*, rp.privilege_id FROM "
-             "group_user_roles_on_resources AS guror "
-             "INNER JOIN group_roles AS gr ON  "
-             "(guror.group_id=gr.group_id AND guror.role_id=gr.role_id) "
-             "INNER JOIN roles AS r ON gr.role_id=r.role_id "
+            ("SELECT ur.*, rp.privilege_id FROM "
+             "user_roles AS ur "
+             "INNER JOIN roles AS r ON ur.role_id=r.role_id "
              "INNER JOIN role_privileges AS rp ON r.role_id=rp.role_id "
-             "WHERE guror.user_id=? "
-             f"AND guror.resource_id IN ({', '.join(['?']*len(resource_ids))})"
+             "WHERE ur.user_id=? "
+             f"AND ur.resource_id IN ({', '.join(['?']*len(resource_ids))})"
              f"AND rp.privilege_id IN ({', '.join(['?']*len(privileges))})"),
             ((str(user.user_id),) + tuple(
                 str(r_id) for r_id in resource_ids) + tuple(privileges)))
-- 
cgit v1.2.3