From afa8a57015a070fbb37a22bca673f77abd6df50b Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Tue, 11 Jun 2024 12:53:23 -0500
Subject: Temporary fix to retrieve users with read access to resource.
---
gn_auth/auth/authorisation/resources/views.py | 23 ++++++++++++++++++++---
1 file changed, 20 insertions(+), 3 deletions(-)
(limited to 'gn_auth')
diff --git a/gn_auth/auth/authorisation/resources/views.py b/gn_auth/auth/authorisation/resources/views.py
index 4c8411f..50f0d8e 100644
--- a/gn_auth/auth/authorisation/resources/views.py
+++ b/gn_auth/auth/authorisation/resources/views.py
@@ -169,10 +169,27 @@ def resource_users(resource_id: UUID):
"""Retrieve all users with access to the given resource."""
with require_oauth.acquire("profile group resource") as the_token:
def __the_users__(conn: db.DbConnection):
- authorised = authorised_for(
- conn, the_token.user,
- ("group:resource:edit-resource","group:resource:view-resource"),
+ ########## BEGIN: HACK ##########
+ # This hack gets the UI to work, but needs replacing.
+ # It resolves (albeit, temporarily) the bug introduced after a
+ # refactor that made the system itself, and the groups into
+ # resources.
+ grouplevelauth = authorised_for(
+ conn,
+ the_token.user,
+ ("group:resource:view-resource",),
+ (resource_id,))
+ systemlevelauth = __pk__authorised_for(
+ conn,
+ the_token.user,
+ ("system:user:list",),
(resource_id,))
+ authorised = {
+ key: (grouplevelauth.get(key, False)
+ or systemlevelauth.get(key, False))
+ for key in grouplevelauth.keys() | systemlevelauth.keys()
+ }
+ ########## END: HACK ##########
if authorised.get(resource_id, False):
with db.cursor(conn) as cursor:
def __organise_users_n_roles__(users_n_roles, row):
--
cgit v1.2.3