From 517e4f863bd461032c5b57243c4cd99e2bf26300 Mon Sep 17 00:00:00 2001 From: index-git Date: Tue, 5 Dec 2023 09:01:04 +0100 Subject: [PATCH] Filter roles when querying role service --- src/layman/authz/role_service.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/layman/authz/role_service.py b/src/layman/authz/role_service.py index f0db05e64..e24e133a5 100644 --- a/src/layman/authz/role_service.py +++ b/src/layman/authz/role_service.py @@ -25,6 +25,12 @@ def ensure_admin_roles(): def get_user_roles(username): - query = f"""select rolename from {ROLE_SERVICE_SCHEMA}.user_roles where username = %s""" - roles = db_util.run_query(query, (username, )) + query = f""" +select rolename from {ROLE_SERVICE_SCHEMA}.user_roles +where username = %s + and rolename not in (%s, %s, %s) + and LEFT(rolename, 5) != 'USER_' + and rolename ~ %s +""" + roles = db_util.run_query(query, (username, 'ADMIN', 'GROUP_ADMIN', settings.LAYMAN_GS_ROLE, '')) return {role[0] for role in roles}