From f3bec4784af4715465fe63fd2cb9b8a0ca026d3e Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Wed, 22 Nov 2023 11:43:36 +0300
Subject: Move system admin creation

Make the system admin creation code part of the core system, and
simply call it from the script(s). This will help with maintenance,
since the changes are done in a single place only.
---
 scripts/register_sys_admin.py | 34 +++++-----------------------------
 1 file changed, 5 insertions(+), 29 deletions(-)

(limited to 'scripts/register_sys_admin.py')

diff --git a/scripts/register_sys_admin.py b/scripts/register_sys_admin.py
index 78a0b33..dfd4d59 100644
--- a/scripts/register_sys_admin.py
+++ b/scripts/register_sys_admin.py
@@ -1,6 +1,5 @@
 """Script to register and mark a user account as sysadmin."""
 import sys
-import uuid
 import getpass
 from pathlib import Path
 
@@ -8,7 +7,8 @@ import click
 from email_validator import validate_email, EmailNotValidError
 
 from gn_auth.auth.db import sqlite3 as db
-from gn_auth.auth.authentication.users import hash_password
+from gn_auth.auth.authorisation.users.admin.models import make_sys_admin
+from gn_auth.auth.authentication.users import save_user, set_user_password
 
 def fetch_email() -> str:
     """Prompt user for email."""
@@ -46,34 +46,10 @@ def fetch_name() -> str:
 
 def save_admin(conn: db.DbConnection, name: str, email: str, passwd: str):
     """Save the details to the database and assign the new user as admin."""
-    admin_id = uuid.uuid4()
-    admin = {
-        "user_id": str(admin_id),
-        "email": email,
-        "name": name,
-        "hash": hash_password(passwd)
-    }
     with db.cursor(conn) as cursor:
-        cursor.execute("INSERT INTO users VALUES (:user_id, :email, :name)",
-                       admin)
-        cursor.execute("INSERT INTO user_credentials VALUES (:user_id, :hash)",
-                       admin)
-        cursor.execute(
-            "SELECT * FROM roles WHERE role_name='system-administrator'")
-        admin_role = cursor.fetchone()
-        cursor.execute(
-            "SELECT * FROM resources AS r "
-            "INNER JOIN resource_categories AS rc "
-            "ON r.resource_category_id=rc.resource_category_id "
-            "WHERE resource_category_key='system'")
-        the_system = cursor.fetchall()
-        cursor.execute(
-            "INSERT INTO user_roles VALUES (:user_id, :role_id, :resource_id)",
-            {
-                **admin,
-                "role_id": admin_role["role_id"],
-                "resource_id": the_system["resource_id"]
-            })
+        usr, _hpasswd = set_user_password(
+            cursor, save_user(cursor, email, name), passwd)
+        make_sys_admin(cursor, usr)
         return 0
 
 def register_admin(authdbpath: Path):
-- 
cgit v1.2.3