blob: 21e4a58e85ca2ebd16b5b33ae7d62c35017f4d47 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
"""Major function for handling admin users."""
import warnings
from gn_auth.auth.db import sqlite3 as db
from gn_auth.auth.authentication.users import User
from gn_auth.auth.authorisation.roles.models import Role, db_rows_to_roles
def sysadmin_role(conn: db.DbConnection) -> Role:
"""Fetch the `system-administrator` role details."""
with db.cursor(conn) as cursor:
cursor.execute(
"SELECT roles.*, privileges.* "
"FROM roles INNER JOIN role_privileges "
"ON roles.role_id=role_privileges.role_id "
"INNER JOIN privileges "
"ON role_privileges.privilege_id=privileges.privilege_id "
"WHERE role_name='system-administrator'")
results = db_rows_to_roles(cursor.fetchall())
assert len(results) == 1, (
"There should only ever be one 'system-administrator' role.")
return results[0]
def grant_sysadmin_role(cursor: db.DbCursor, user: User) -> User:
"""Grant `system-administrator` role to `user`."""
cursor.execute(
"SELECT * FROM roles WHERE role_name='system-administrator'")
admin_role = cursor.fetchone()
cursor.execute(
"SELECT * FROM resources AS r "
"INNER JOIN resource_categories AS rc "
"ON r.resource_category_id=rc.resource_category_id "
"WHERE resource_category_key='system'")
the_system = cursor.fetchone()
cursor.execute(
"INSERT INTO user_roles VALUES (:user_id, :role_id, :resource_id)",
{
"user_id": str(user.user_id),
"role_id": admin_role["role_id"],
"resource_id": the_system["resource_id"]
})
return user
def make_sys_admin(cursor: db.DbCursor, user: User) -> User:
"""Make a given user into an system admin."""
warnings.warn(
DeprecationWarning(
f"The function `{__name__}.make_sys_admin` will be removed soon"),
stacklevel=1)
return grant_sysadmin_role(cursor, user)
|
