Skip to content

Commit

Permalink
Filter roles when querying role service
Browse files Browse the repository at this point in the history
  • Loading branch information
@index-git
index-git committed Dec 5, 2023
1 parent c030a22 commit 517e4f8
Showing 1 changed file with 8 additions and 2 deletions.
10 changes: 8 additions & 2 deletions src/layman/authz/role_service.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,12 @@ def ensure_admin_roles():


def get_user_roles(username):
query = f"""select rolename from {ROLE_SERVICE_SCHEMA}.user_roles where username = %s"""
roles = db_util.run_query(query, (username, ))
query = f"""
select rolename from {ROLE_SERVICE_SCHEMA}.user_roles
where username = %s
and rolename not in (%s, %s, %s)
and LEFT(rolename, 5) != 'USER_'
and rolename ~ %s
"""
roles = db_util.run_query(query, (username, 'ADMIN', 'GROUP_ADMIN', settings.LAYMAN_GS_ROLE, ''))
return {role[0] for role in roles}

0 comments on commit 517e4f8

Please sign in to comment.