Skip to content

Commit 7296ee7

Browse files
committed
Use TapDB 9 actor users for Bloom roles
1 parent fb8a332 commit 7296ee7

3 files changed

Lines changed: 24 additions & 20 deletions

File tree

bloom_lims/auth/repositories/tapdb/users.py

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -38,9 +38,9 @@ class TapdbUserRecord:
3838
END AS is_active
3939
FROM generic_instance gi
4040
WHERE gi.polymorphic_discriminator = 'actor_instance'
41-
AND gi.category = 'SYS'
42-
AND gi.type = 'actor'
43-
AND gi.subtype = 'system_user'
41+
AND gi.category = 'actor'
42+
AND gi.type = 'user'
43+
AND gi.subtype = 'system'
4444
AND COALESCE(gi.is_deleted, FALSE) = FALSE
4545
"""
4646

@@ -56,7 +56,7 @@ def _normalize_stored_role(
5656
role_value: Any, *, default: str | None = None
5757
) -> str | None:
5858
def _coerce(value: Any) -> str | None:
59-
candidate = str(value or "").strip()
59+
candidate = str(value or "").strip().upper()
6060
if not candidate:
6161
return None
6262
values = normalize_roles([candidate])
@@ -179,9 +179,9 @@ def set_user_role(session: Session, identifier: str | int, role: str) -> bool:
179179
),
180180
modified_dt = NOW()
181181
WHERE gi.polymorphic_discriminator = 'actor_instance'
182-
AND gi.category = 'SYS'
183-
AND gi.type = 'actor'
184-
AND gi.subtype = 'system_user'
182+
AND gi.category = 'actor'
183+
AND gi.type = 'user'
184+
AND gi.subtype = 'system'
185185
AND COALESCE(gi.is_deleted, FALSE) = FALSE
186186
AND gi.uid = :uid
187187
RETURNING gi.uid
@@ -204,9 +204,9 @@ def set_user_role(session: Session, identifier: str | int, role: str) -> bool:
204204
),
205205
modified_dt = NOW()
206206
WHERE gi.polymorphic_discriminator = 'actor_instance'
207-
AND gi.category = 'SYS'
208-
AND gi.type = 'actor'
209-
AND gi.subtype = 'system_user'
207+
AND gi.category = 'actor'
208+
AND gi.type = 'user'
209+
AND gi.subtype = 'system'
210210
AND COALESCE(gi.is_deleted, FALSE) = FALSE
211211
AND (
212212
lower(COALESCE(gi.json_addl->>'login_identifier', '')) = :identifier

bloom_lims/gui/deps.py

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -59,9 +59,9 @@ def _load_shared_display_timezone(email: str) -> str:
5959
FROM generic_instance gi
6060
WHERE gi.is_deleted = FALSE
6161
AND gi.polymorphic_discriminator = 'actor_instance'
62-
AND gi.category = 'generic'
63-
AND gi.type = 'actor'
64-
AND gi.subtype = 'system_user'
62+
AND gi.category = 'actor'
63+
AND gi.type = 'user'
64+
AND gi.subtype = 'system'
6565
AND (
6666
lower(COALESCE(gi.json_addl->>'login_identifier', '')) = :identifier
6767
OR lower(COALESCE(gi.json_addl->>'email', '')) = :identifier
@@ -104,9 +104,9 @@ def persist_display_timezone(email: str, display_timezone: str | None) -> bool:
104104
modified_dt = NOW()
105105
WHERE gi.is_deleted = FALSE
106106
AND gi.polymorphic_discriminator = 'actor_instance'
107-
AND gi.category = 'generic'
108-
AND gi.type = 'actor'
109-
AND gi.subtype = 'system_user'
107+
AND gi.category = 'actor'
108+
AND gi.type = 'user'
109+
AND gi.subtype = 'system'
110110
AND (
111111
lower(COALESCE(gi.json_addl->>'login_identifier', '')) = :identifier
112112
OR lower(COALESCE(gi.json_addl->>'email', '')) = :identifier

tests/test_tapdb_user_repository.py

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -3,12 +3,14 @@
33
from bloom_lims.auth.repositories.tapdb import users as repo
44

55

6-
def test_user_select_sql_targets_sys_actor_users() -> None:
7-
assert "gi.category = 'SYS'" in repo._USER_SELECT_SQL
6+
def test_user_select_sql_targets_tapdb9_actor_users() -> None:
7+
assert "gi.category = 'actor'" in repo._USER_SELECT_SQL
8+
assert "gi.type = 'user'" in repo._USER_SELECT_SQL
9+
assert "gi.subtype = 'system'" in repo._USER_SELECT_SQL
810
assert "gi.category = 'generic'" not in repo._USER_SELECT_SQL
911

1012

11-
def test_set_user_role_updates_sys_actor_user_by_uid() -> None:
13+
def test_set_user_role_updates_tapdb9_actor_user_by_uid() -> None:
1214
calls: list[dict[str, object]] = []
1315

1416
class FakeResult:
@@ -22,5 +24,7 @@ def execute(self, statement, params):
2224
return FakeResult()
2325

2426
assert repo.set_user_role(FakeSession(), 42, "ADMIN") is True
25-
assert "gi.category = 'SYS'" in calls[0]["sql"]
27+
assert "gi.category = 'actor'" in calls[0]["sql"]
28+
assert "gi.type = 'user'" in calls[0]["sql"]
29+
assert "gi.subtype = 'system'" in calls[0]["sql"]
2630
assert calls[0]["params"] == {"uid": 42, "role": "ADMIN"}

0 commit comments

Comments
 (0)