From afa8a57015a070fbb37a22bca673f77abd6df50b Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Tue, 11 Jun 2024 12:53:23 -0500 Subject: Temporary fix to retrieve users with read access to resource. --- gn_auth/auth/authorisation/resources/views.py | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) (limited to 'gn_auth') diff --git a/gn_auth/auth/authorisation/resources/views.py b/gn_auth/auth/authorisation/resources/views.py index 4c8411f..50f0d8e 100644 --- a/gn_auth/auth/authorisation/resources/views.py +++ b/gn_auth/auth/authorisation/resources/views.py @@ -169,10 +169,27 @@ def resource_users(resource_id: UUID): """Retrieve all users with access to the given resource.""" with require_oauth.acquire("profile group resource") as the_token: def __the_users__(conn: db.DbConnection): - authorised = authorised_for( - conn, the_token.user, - ("group:resource:edit-resource","group:resource:view-resource"), + ########## BEGIN: HACK ########## + # This hack gets the UI to work, but needs replacing. + # It resolves (albeit, temporarily) the bug introduced after a + # refactor that made the system itself, and the groups into + # resources. + grouplevelauth = authorised_for( + conn, + the_token.user, + ("group:resource:view-resource",), + (resource_id,)) + systemlevelauth = __pk__authorised_for( + conn, + the_token.user, + ("system:user:list",), (resource_id,)) + authorised = { + key: (grouplevelauth.get(key, False) + or systemlevelauth.get(key, False)) + for key in grouplevelauth.keys() | systemlevelauth.keys() + } + ########## END: HACK ########## if authorised.get(resource_id, False): with db.cursor(conn) as cursor: def __organise_users_n_roles__(users_n_roles, row): -- cgit v1.2.3