Skip to content

Commit

Permalink
Filter roles when querying role service
Browse files Browse the repository at this point in the history
  • Loading branch information
@index-git
index-git committed Dec 5, 2023
1 parent b6c4ffd commit dd4c78b
Showing 1 changed file with 9 additions and 2 deletions.
11 changes: 9 additions & 2 deletions src/layman/authz/role_service.py
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
from db import util as db_util
from layman import settings

ROLE_NAME_PATTERN = r'^[A-Z][A-Z0-9]*(?:_[A-Z0-9]+)*$'
ROLE_SERVICE_SCHEMA = settings.LAYMAN_INTERNAL_ROLE_SERVICE_SCHEMA


Expand All @@ -25,6 +26,12 @@ def ensure_admin_roles():


def get_user_roles(username):
query = f"""select rolename from {ROLE_SERVICE_SCHEMA}.user_roles where username = %s"""
roles = db_util.run_query(query, (username, ))
query = f"""
select rolename from {ROLE_SERVICE_SCHEMA}.user_roles
where username = %s
and rolename not in (%s, %s, %s)
and LEFT(rolename, 5) != 'USER_'
and rolename ~ %s
"""
roles = db_util.run_query(query, (username, 'ADMIN', 'GROUP_ADMIN', settings.LAYMAN_GS_ROLE, ROLE_NAME_PATTERN))
return {role[0] for role in roles}

0 comments on commit dd4c78b

Please sign in to comment.