rename authorized_resources and make private

TeskaLabs · Dec 9, 2024 · 7951882 · 7951882
1 parent 8a7e4e7
commit 7951882
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 33 deletions.
diff --git a/asab/web/auth/authorization.py b/asab/web/auth/authorization.py
@@ -188,32 +188,6 @@ def require_tenant_access(self):
 			raise AccessDeniedError()
 
 
-	def authorized_resources(self) -> typing.Optional[typing.Set[str]]:
-		"""
-		DEPRECATED. Return the set of authorized resources.
-
-		Use these methods instead:
-		- has_resource_access(resource_id)
-		- has_superuser_access()
-		- has_tenant_access()
-		- require_resource_access(resource_id)
-		- require_superuser_access()
-		- require_tenant_access()
-
-		Returns:
-			set: Authorized resources.
-		"""
-		self.require_valid()
-
-		resources = _authorized_resources(self._Resources, Tenant.get(None))
-
-		if self.has_superuser_access():
-			# Ensure superuser resource is present no matter the tenant
-			resources.add(SUPERUSER_RESOURCE_ID)
-
-		return resources
-
-
 	def user_info(self) -> typing.Dict[str, typing.Any]:
 		"""
 		Return OpenID Connect UserInfo claims (or JWToken claims).
@@ -242,6 +216,24 @@ def get_claim(self, key: str) -> typing.Any:
 		return self._Claims.get(key)
 
 
+	def _resources(self) -> typing.Optional[typing.Set[str]]:
+		"""
+		Return the set of authorized resources.
+
+		Returns:
+			set: Authorized resources.
+		"""
+		self.require_valid()
+
+		resources = _authorized_resources(self._Resources, Tenant.get(None))
+
+		if self.has_superuser_access():
+			# Ensure superuser resource is present no matter the tenant
+			resources.add(SUPERUSER_RESOURCE_ID)
+
+		return resources
+
+
 def is_superuser(resources_claim: typing.Mapping) -> bool:
 	"""
 	Check if the superuser resource is present in the authorized resource list.

diff --git a/asab/web/auth/service.py b/asab/web/auth/service.py
@@ -649,5 +649,5 @@ def _pass_resources(handler):
 	@functools.wraps(handler)
 	async def wrapper(*args, **kwargs):
 		authz = Authz.get(None)
-		return await handler(*args, resources=authz.authorized_resources() if authz is not None else None, **kwargs)
+		return await handler(*args, resources=authz._resources() if authz is not None else None, **kwargs)
 	return wrapper
diff --git a/test/test_auth/test_authorization.py b/test/test_auth/test_authorization.py
@@ -99,7 +99,7 @@ def test_superuser_access(self):
 
 	def test_authorized_resources(self):
 		with self.assertRaises(asab.exceptions.NotAuthenticatedError):
-			self.Authz.authorized_resources()
+			self.Authz._resources()
 
 	def test_get_claim(self):
 		with self.assertRaises(asab.exceptions.NotAuthenticatedError):
@@ -186,7 +186,7 @@ def test_superuser_access(self):
 
 	def test_authorized_resources(self):
 		self.assertEqual(
-			self.Authz.authorized_resources(),
+			self.Authz._resources(),
 			{RESOURCE_1, RESOURCE_2},
 			"Entity is authorized to access RESOURCE_1, RESOURCE_2 in TENANT_1.",
 		)
@@ -259,7 +259,7 @@ def test_superuser_access(self):
 
 	def test_authorized_resources(self):
 		self.assertEqual(
-			self.Authz.authorized_resources(),
+			self.Authz._resources(),
 			set(),
 			"Entity is authorized to access RESOURCE_1, RESOURCE_2 in TENANT_1.",
 		)
@@ -341,7 +341,7 @@ def test_superuser_access(self):
 
 	def test_authorized_resources(self):
 		self.assertEqual(
-			self.Authz.authorized_resources(),
+			self.Authz._resources(),
 			{RESOURCE_1},
 			"Entity is globally authorized to access RESOURCE_1.",
 		)
@@ -426,7 +426,7 @@ def test_superuser_access(self):
 
 	def test_authorized_resources(self):
 		self.assertEqual(
-			self.Authz.authorized_resources(),
+			self.Authz._resources(),
 			{RESOURCE_SUPERUSER},
 		)
 
@@ -510,6 +510,6 @@ def test_superuser_access(self):
 
 	def test_authorized_resources(self):
 		self.assertEqual(
-			self.Authz.authorized_resources(),
+			self.Authz._resources(),
 			{RESOURCE_SUPERUSER},
 		)