Initial commit

2 files changed, 208 insertions, 0 deletions

diff --git a/opendc/api/v1/simulations/simulationId/authorizations/userId/__init__.py b/opendc/api/v1/simulations/simulationId/authorizations/userId/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/opendc/api/v1/simulations/simulationId/authorizations/userId/__init__.py
diff --git a/opendc/api/v1/simulations/simulationId/authorizations/userId/endpoint.py b/opendc/api/v1/simulations/simulationId/authorizations/userId/endpoint.py
new file mode 100644
index 00000000..c3e599cf
--- /dev/null
+++ b/opendc/api/v1/simulations/simulationId/authorizations/userId/endpoint.py
@@ -0,0 +1,208 @@
+from opendc.models.authorization import Authorization
+from opendc.models.simulation import Simulation
+from opendc.models.user import User
+from opendc.util import database, exceptions
+from opendc.util.rest import Response
+
+def DELETE(request):
+    """Delete a user's authorization level over a simulation."""
+
+    # Make sure required parameters are there
+
+    try:
+        request.check_required_parameters(
+            path = {
+                'simulationId': 'int',
+                'userId': 'int'
+            }
+        )
+
+    except exceptions.ParameterError as e:
+        return Response(400, e.message)
+
+    # Instantiate an Authorization
+    
+    authorization = Authorization.from_primary_key((
+        request.params_path['userId'],
+        request.params_path['simulationId']
+    ))
+
+    # Make sure this Authorization exists in the database
+
+    if not authorization.exists():
+        return Response (404, '{} not found.'.format(authorization))
+
+    # Make sure this User is allowed to delete this Authorization
+
+    if not authorization.google_id_has_at_least(request.google_id, 'OWN'):
+        return Response(403, 'Forbidden from deleting {}.'.format(authorization))
+
+    # Delete this Authorization
+
+    authorization.delete()
+
+    return Response(
+        200,
+        'Successfully deleted {}.'.format(authorization),
+        authorization.to_JSON()
+    )
+
+def GET(request):
+    """Get this User's Authorization over this Simulation."""
+    
+    # Make sure required parameters are there
+
+    try:
+        request.check_required_parameters(
+            path = {
+                'simulationId': 'int',
+                'userId': 'int'
+            }
+        )
+
+    except exceptions.ParameterError as e:
+        return Response(400, e.message)
+    
+    # Instantiate an Authorization
+
+    authorization = Authorization.from_primary_key((
+        request.params_path['userId'],
+        request.params_path['simulationId']
+    ))
+
+    # Make sure this Authorization exists in the database
+
+    if not authorization.exists():
+        return Response(404, '{} not found.'.format(authorization))
+
+    # Read this Authorization from the database
+
+    authorization.read()
+
+    # Return this Authorization
+
+    return Response(
+        200,
+        'Successfully retrieved {}'.format(authorization),
+        authorization.to_JSON()
+    )
+
+def POST(request):
+    """Add an authorization for a user's access to a simulation."""
+
+    # Make sure required parameters are there
+
+    try:
+        request.check_required_parameters(
+            path = {
+                'userId': 'int',
+                'simulationId': 'int'
+            },
+            body = {
+                'authorization': {
+                    'authorizationLevel': 'string'
+                }
+            }
+        )
+
+    except exceptions.ParameterError as e:
+        return Response(400, e.message)
+
+    # Instantiate an Authorization
+
+    authorization = Authorization.from_JSON({
+        'userId': request.params_path['userId'],
+        'simulationId': request.params_path['simulationId'],
+        'authorizationLevel': request.params_body['authorization']['authorizationLevel']
+    })
+
+    # Make sure the Simulation and User exist
+
+    user = User.from_primary_key((authorization.user_id,))
+    if not user.exists():
+        return Response(404, '{} not found.'.format(user))
+
+    simulation = Simulation.from_primary_key((authorization.simulation_id,))
+    if not simulation.exists():
+        return Response(404, '{} not found.'.format(simulation))
+
+    # Make sure this User is allowed to add this Authorization
+
+    if not simulation.google_id_has_at_least(request.google_id, 'OWN'):
+        return Response(403, 'Forbidden from creating {}.'.format(authorization))
+
+    # Make sure this Authorization does not already exist
+
+    if authorization.exists():
+        return Response(409, '{} already exists.'.format(authorization))
+
+    # Try to insert this Authorization into the database
+
+    try:
+        authorization.insert()
+
+    except exceptions.ForeignKeyError:
+        return Response(400, 'Invalid authorizationLevel')
+    
+    # Return this Authorization
+
+    return Response(
+        200,
+        'Successfully added {}'.format(authorization),
+        authorization.to_JSON()
+    )
+
+def PUT(request):
+    """Change a user's authorization level over a simulation."""
+
+    # Make sure required parameters are there
+
+    try:
+        request.check_required_parameters(
+            path = {
+                'simulationId': 'int',
+                'userId': 'int'
+            },
+            body = {
+                'authorization': {
+                    'authorizationLevel': 'string'
+                }
+            }
+        )
+
+    except exceptions.ParameterError as e:
+        return Response(400, e.message)
+
+    # Instantiate and Authorization
+
+    authorization = Authorization.from_JSON({
+        'userId': request.params_path['userId'],
+        'simulationId': request.params_path['simulationId'],
+        'authorizationLevel': request.params_body['authorization']['authorizationLevel']
+    })
+
+    # Make sure this Authorization exists
+
+    if not authorization.exists():
+        return Response(404, '{} not found.'.format(authorization))
+
+    # Make sure this User is allowed to edit this Authorization
+
+    if not authorization.google_id_has_at_least(request.google_id, 'OWN'):
+        return Response(403, 'Forbidden from updating {}.'.format(authorization))
+
+    # Try to update this Authorization
+    
+    try:
+        authorization.update()
+
+    except exceptions.ForeignKeyError as e:
+        return Response(400, 'Invalid authorization level.')
+
+    # Return this Authorization
+    
+    return Response(
+        200,
+        'Successfully updated {}.'.format(authorization),
+        authorization.to_JSON()
+    )