From 342933a0221aa0bbe0243e30d21cdfe5539bc269 Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Mon, 10 Jun 2024 12:39:22 -0500 Subject: Provide resource roles endpoint Provide an endpoint that returns all the roles that a particular user has on a specific resource. --- gn_auth/auth/authorisation/resources/views.py | 38 +++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) (limited to 'gn_auth') diff --git a/gn_auth/auth/authorisation/resources/views.py b/gn_auth/auth/authorisation/resources/views.py index 24b2416..22f72e7 100644 --- a/gn_auth/auth/authorisation/resources/views.py +++ b/gn_auth/auth/authorisation/resources/views.py @@ -474,3 +474,41 @@ def get_user_roles_on_resource(name) -> Response: token = jwt.encode(jose_header, payload, app.config["SSL_PRIVATE_KEY"]) response.headers["Authorization"] = f"Bearer {token.decode('utf-8')}" return response + + +@resources.route("//role/", methods=["GET"]) +@require_oauth("profile group resource") +def resource_role(resource_id: uuid.UUID, role_id: uuid.UUID): + """Fetch details for resource.""" + with (require_oauth.acquire("profile group resource") as _token, + db.connection(app.config["AUTH_DB"]) as conn, + db.cursor(conn) as cursor): + cursor.execute( + "SELECT rr.role_created_by, r.*, p.* FROM resource_roles AS rr " + "INNER JOIN roles AS r ON rr.role_id=r.role_id " + "INNER JOIN role_privileges AS rp ON r.role_id=rp.role_id " + "INNER JOIN privileges AS p ON rp.privilege_id=p.privilege_id " + "WHERE rr.resource_id=? AND rr.role_created_by=? AND rr.role_id=?", + (str(resource_id), str(_token.user.user_id), str(role_id))) + results = cursor.fetchall() + + if not bool(results): + msg = f"Could not find role with ID '{role_id}'." + return jsonify({ + "error": "RoleNotFound", + "error_description": msg, + "error_message": msg, + "message": msg + }), 404 + + _roles = tuple(reduce(__resultset_to_roles__, results, {}).values()) + if len(_roles) > 1: + msg = f"There is data corruption in the database." + return jsonify({ + "error": "RoleNotFound", + "error_description": msg, + "error_message": msg, + "message": msg + }), 500 + + return asdict(_roles[0]) -- cgit v1.2.3