fix retrieval of groups from identity (#82)

qwc-services · Feb 14, 2024 · 33ae562 · 33ae562
1 parent 095f6d1
commit 33ae562
Showing 1 changed file with 6 additions and 6 deletions.
diff --git a/src/access_control.py b/src/access_control.py
@@ -25,24 +25,24 @@ def is_admin(self, identity):
         # Extract user infos from identity
         if isinstance(identity, dict):
             username = identity.get('username')
-            group = identity.get('group')
+            groups = identity.get('groups', [])
         else:
             username = identity
-            group = None
+            groups = []
         session = self.config_models.session()
-        admin_role = self.admin_role_query(username, group, session)
+        admin_role = self.admin_role_query(username, groups, session)
         session.close()
 
         return admin_role
 
-    def admin_role_query(self, username, group, session):
+    def admin_role_query(self, username, groups, session):
         """Create base query for all permissions of a user and group.
 
         Combine permissions from roles of user and user groups, group roles and
         public role.
 
         :param str username: User name
-        :param str group: Group name
+        :param list(str) groups: List of groups name
         :param Session session: DB session
         """
         Role = self.config_models.model('roles')
@@ -63,7 +63,7 @@ def admin_role_query(self, username, group, session):
 
         # query permissions from group roles
         group_roles_query = query.join(Role.groups_collection) \
-            .filter(Group.name == group)
+            .filter(Group.name.in_(groups))
 
         # combine queries
         query = groups_roles_query.union(user_roles_query) \