api: Remove user handling from OpenDC API server

This change removes any of the user handling and endpoints from the OpenDC API server. The API server does not need to store user information other than an identifier in the database.
author: Fabian Mastenbroek <mail.fabianm@gmail.com> 2021-05-14 16:50:23 +0200
committer: Fabian Mastenbroek <mail.fabianm@gmail.com> 2021-05-17 17:06:51 +0200
commit: 05d2318538eba71ac0555dc5ec146499d9cb0592 (patch)
tree: 6163e6429879109e322a4c0883fab168031aa109 /opendc-web/opendc-web-api/opendc/models
parent: 0c6ccca5fac44ab40671627fd3181e9b138672fa (diff)
6 files changed, 34 insertions, 103 deletions
diff --git a/opendc-web/opendc-web-api/opendc/models/portfolio.py b/opendc-web/opendc-web-api/opendc/models/portfolio.py
index 32961b63..8e3f2a52 100644
--- a/opendc-web/opendc-web-api/opendc/models/portfolio.py
+++ b/opendc-web/opendc-web-api/opendc/models/portfolio.py
@@ -1,7 +1,5 @@
+from opendc.models.project import Project
 from opendc.models.model import Model
-from opendc.models.user import User
-from opendc.util.exceptions import ClientError
-from opendc.util.rest import Response
 
 
 class Portfolio(Model):
@@ -9,16 +7,13 @@ class Portfolio(Model):
 
     collection_name = 'portfolios'
 
-    def check_user_access(self, google_id, edit_access):
-        """Raises an error if the user with given [google_id] has insufficient access.
+    def check_user_access(self, user_id, edit_access):
+        """Raises an error if the user with given [user_id] has insufficient access.
 
         Checks access on the parent project.
 
-        :param google_id: The Google ID of the user.
+        :param user_id: The User ID of the user.
         :param edit_access: True when edit access should be checked, otherwise view access.
         """
-        user = User.from_google_id(google_id)
-        authorizations = list(
-            filter(lambda x: str(x['projectId']) == str(self.obj['projectId']), user.obj['authorizations']))
-        if len(authorizations) == 0 or (edit_access and authorizations[0]['authorizationLevel'] == 'VIEW'):
-            raise ClientError(Response(403, 'Forbidden from retrieving/editing portfolio.'))
+        project = Project.from_id(self.obj['projectId'])
+        project.check_user_access(user_id, edit_access)
diff --git a/opendc-web/opendc-web-api/opendc/models/prefab.py b/opendc-web/opendc-web-api/opendc/models/prefab.py
index edf1d4c4..05356358 100644
--- a/opendc-web/opendc-web-api/opendc/models/prefab.py
+++ b/opendc-web/opendc-web-api/opendc/models/prefab.py
@@ -1,5 +1,4 @@
 from opendc.models.model import Model
-from opendc.models.user import User
 from opendc.util.exceptions import ClientError
 from opendc.util.rest import Response
 
@@ -9,20 +8,10 @@ class Prefab(Model):
 
     collection_name = 'prefabs'
 
-    def check_user_access(self, google_id):
-        """Raises an error if the user with given [google_id] has insufficient access to view this prefab.
+    def check_user_access(self, user_id):
+        """Raises an error if the user with given [user_id] has insufficient access to view this prefab.
 
-        :param google_id: The Google ID of the user.
+        :param user_id: The Google ID of the user.
         """
-        user = User.from_google_id(google_id)
-
-        # TODO(Jacob) add special handling for OpenDC-provided prefabs
-
-        #try:
-
-        print(self.obj)
-        if self.obj['authorId'] != user.get_id() and self.obj['visibility'] == "private":
+        if self.obj['authorId'] != user_id and self.obj['visibility'] == "private":
             raise ClientError(Response(403, "Forbidden from retrieving prefab."))
-        #except KeyError:
-            # OpenDC-authored objects don't necessarily have an authorId
-        #    return
diff --git a/opendc-web/opendc-web-api/opendc/models/project.py b/opendc-web/opendc-web-api/opendc/models/project.py
index b57e9f77..2b3fd5f4 100644
--- a/opendc-web/opendc-web-api/opendc/models/project.py
+++ b/opendc-web/opendc-web-api/opendc/models/project.py
@@ -1,5 +1,4 @@
 from opendc.models.model import Model
-from opendc.models.user import User
 from opendc.util.database import DB
 from opendc.util.exceptions import ClientError
 from opendc.util.rest import Response
@@ -10,22 +9,20 @@ class Project(Model):
 
     collection_name = 'projects'
 
-    def check_user_access(self, google_id, edit_access):
-        """Raises an error if the user with given [google_id] has insufficient access.
+    def check_user_access(self, user_id, edit_access):
+        """Raises an error if the user with given [user_id] has insufficient access.
 
-        :param google_id: The Google ID of the user.
+        :param user_id: The User ID of the user.
         :param edit_access: True when edit access should be checked, otherwise view access.
         """
-        user = User.from_google_id(google_id)
-        authorizations = list(filter(lambda x: str(x['projectId']) == str(self.get_id()),
-                                     user.obj['authorizations']))
-        if len(authorizations) == 0 or (edit_access and authorizations[0]['authorizationLevel'] == 'VIEW'):
-            raise ClientError(Response(403, "Forbidden from retrieving project."))
+        for authorization in self.obj['authorizations']:
+            if user_id == authorization['userId'] and authorization['authorizationLevel'] != 'VIEW' or not edit_access:
+                return
+        raise ClientError(Response(403, "Forbidden from retrieving project."))
 
-    def get_all_authorizations(self):
-        """Get all user IDs having access to this project."""
-        return [
-            str(user['_id']) for user in DB.fetch_all({'authorizations': {
-                'projectId': self.obj['_id']
-            }}, User.collection_name)
-        ]
+    @classmethod
+    def get_for_user(cls, user_id):
+        """Get all projects for the specified user id."""
+        return DB.fetch_all({'authorizations': {
+            'userId': user_id
+        }}, Project.collection_name)
diff --git a/opendc-web/opendc-web-api/opendc/models/scenario.py b/opendc-web/opendc-web-api/opendc/models/scenario.py
index 8d53e408..3dfde012 100644
--- a/opendc-web/opendc-web-api/opendc/models/scenario.py
+++ b/opendc-web/opendc-web-api/opendc/models/scenario.py
@@ -1,8 +1,5 @@
 from opendc.models.model import Model
 from opendc.models.portfolio import Portfolio
-from opendc.models.user import User
-from opendc.util.exceptions import ClientError
-from opendc.util.rest import Response
 
 
 class Scenario(Model):
@@ -10,17 +7,14 @@ class Scenario(Model):
 
     collection_name = 'scenarios'
 
-    def check_user_access(self, google_id, edit_access):
-        """Raises an error if the user with given [google_id] has insufficient access.
+    def check_user_access(self, user_id, edit_access):
+        """Raises an error if the user with given [user_id] has insufficient access.
 
         Checks access on the parent project.
 
-        :param google_id: The Google ID of the user.
+        :param user_id: The User ID of the user.
         :param edit_access: True when edit access should be checked, otherwise view access.
         """
         portfolio = Portfolio.from_id(self.obj['portfolioId'])
-        user = User.from_google_id(google_id)
-        authorizations = list(
-            filter(lambda x: str(x['projectId']) == str(portfolio.obj['projectId']), user.obj['authorizations']))
-        if len(authorizations) == 0 or (edit_access and authorizations[0]['authorizationLevel'] == 'VIEW'):
-            raise ClientError(Response(403, 'Forbidden from retrieving/editing scenario.'))
+        print(portfolio.obj)
+        portfolio.check_user_access(user_id, edit_access)
diff --git a/opendc-web/opendc-web-api/opendc/models/topology.py b/opendc-web/opendc-web-api/opendc/models/topology.py
index cb4c4bab..3ebec16d 100644
--- a/opendc-web/opendc-web-api/opendc/models/topology.py
+++ b/opendc-web/opendc-web-api/opendc/models/topology.py
@@ -1,7 +1,5 @@
+from opendc.models.project import Project
 from opendc.models.model import Model
-from opendc.models.user import User
-from opendc.util.exceptions import ClientError
-from opendc.util.rest import Response
 
 
 class Topology(Model):
@@ -9,19 +7,13 @@ class Topology(Model):
 
     collection_name = 'topologies'
 
-    def check_user_access(self, google_id, edit_access):
-        """Raises an error if the user with given [google_id] has insufficient access.
+    def check_user_access(self, user_id, edit_access):
+        """Raises an error if the user with given [user_id] has insufficient access.
 
         Checks access on the parent project.
 
-        :param google_id: The Google ID of the user.
+        :param user_id: The User ID of the user.
         :param edit_access: True when edit access should be checked, otherwise view access.
         """
-        user = User.from_google_id(google_id)
-        if 'projectId' not in self.obj:
-            raise ClientError(Response(400, 'Missing projectId in topology.'))
-
-        authorizations = list(
-            filter(lambda x: str(x['projectId']) == str(self.obj['projectId']), user.obj['authorizations']))
-        if len(authorizations) == 0 or (edit_access and authorizations[0]['authorizationLevel'] == 'VIEW'):
-            raise ClientError(Response(403, 'Forbidden from retrieving topology.'))
+        project = Project.from_id(self.obj['projectId'])
+        project.check_user_access(user_id, edit_access)
diff --git a/opendc-web/opendc-web-api/opendc/models/user.py b/opendc-web/opendc-web-api/opendc/models/user.py
deleted file mode 100644
index 8e8ff945..00000000
--- a/opendc-web/opendc-web-api/opendc/models/user.py
+++ /dev/null
@@ -1,36 +0,0 @@
-from opendc.models.model import Model
-from opendc.util.database import DB
-from opendc.util.exceptions import ClientError
-from opendc.util.rest import Response
-
-
-class User(Model):
-    """Model representing a User."""
-
-    collection_name = 'users'
-
-    @classmethod
-    def from_email(cls, email):
-        """Fetches the user with given email from the collection."""
-        return User(DB.fetch_one({'email': email}, User.collection_name))
-
-    @classmethod
-    def from_google_id(cls, google_id):
-        """Fetches the user with given Google ID from the collection."""
-        return User(DB.fetch_one({'googleId': google_id}, User.collection_name))
-
-    def check_correct_user(self, request_google_id):
-        """Raises an error if a user tries to modify another user.
-
-        :param request_google_id:
-        """
-        if request_google_id is not None and self.obj['googleId'] != request_google_id:
-            raise ClientError(Response(403, f'Forbidden from editing user with ID {self.obj["_id"]}.'))
-
-    def check_already_exists(self):
-        """Checks if the user already exists in the database."""
-
-        existing_user = DB.fetch_one({'googleId': self.obj['googleId']}, self.collection_name)
-
-        if existing_user is not None:
-            raise ClientError(Response(409, 'User already exists.'))
author	Fabian Mastenbroek <mail.fabianm@gmail.com>	2021-05-14 16:50:23 +0200
committer	Fabian Mastenbroek <mail.fabianm@gmail.com>	2021-05-17 17:06:51 +0200
commit	05d2318538eba71ac0555dc5ec146499d9cb0592 (patch)
tree	6163e6429879109e322a4c0883fab168031aa109 /opendc-web/opendc-web-api/opendc/models
parent	0c6ccca5fac44ab40671627fd3181e9b138672fa (diff)