diff options
| -rw-r--r-- | web-server/opendc/api/v2/prefabs/endpoint.py | 6 | ||||
| -rw-r--r-- | web-server/opendc/api/v2/prefabs/prefabId/endpoint.py | 53 | ||||
| -rw-r--r-- | web-server/opendc/api/v2/prefabs/prefabId/test_endpoint.py | 140 | ||||
| -rw-r--r-- | web-server/opendc/api/v2/prefabs/test_endpoint.py | 9 | ||||
| -rw-r--r-- | web-server/opendc/models/prefab.py | 24 |
5 files changed, 211 insertions, 21 deletions
diff --git a/web-server/opendc/api/v2/prefabs/endpoint.py b/web-server/opendc/api/v2/prefabs/endpoint.py index d7e23450..723a2f0d 100644 --- a/web-server/opendc/api/v2/prefabs/endpoint.py +++ b/web-server/opendc/api/v2/prefabs/endpoint.py @@ -14,10 +14,10 @@ def POST(request): prefab = Prefab(request.params_body['prefab']) prefab.set_property('datetimeCreated', Database.datetime_to_string(datetime.now())) prefab.set_property('datetimeLastEdited', Database.datetime_to_string(datetime.now())) - prefab.insert() user = User.from_google_id(request.google_id) - user.obj['authorizations'].append({'prefabId': prefab.get_id(), 'authorizationLevel': 'OWN'}) - user.update() + prefab.set_property('authorId', user.get_id()) + + prefab.insert() return Response(200, 'Successfully created prefab.', prefab.obj) diff --git a/web-server/opendc/api/v2/prefabs/prefabId/endpoint.py b/web-server/opendc/api/v2/prefabs/prefabId/endpoint.py index e69de29b..e8508ee0 100644 --- a/web-server/opendc/api/v2/prefabs/prefabId/endpoint.py +++ b/web-server/opendc/api/v2/prefabs/prefabId/endpoint.py @@ -0,0 +1,53 @@ +from datetime import datetime + +from opendc.models.prefab import Prefab +from opendc.util.database import Database +from opendc.util.rest import Response + + +def GET(request): + """Get this Prefab.""" + + request.check_required_parameters(path={'prefabId': 'string'}) + + prefab = Prefab.from_id(request.params_path['prefabId']) + print(prefab.obj) + prefab.check_exists() + print("before cua") + prefab.check_user_access(request.google_id) + print("after cua") + + return Response(200, 'Successfully retrieved prefab', prefab.obj) + + +def PUT(request): + """Update a prefab's name and/or contents.""" + + request.check_required_parameters(body={'prefab': {'name': 'name'}}, path={'prefabId': 'string'}) + + prefab = Prefab.from_id(request.params_path['prefabId']) + + prefab.check_exists() + prefab.check_user_access(request.google_id) + + prefab.set_property('name', request.params_body['prefab']['name']) + prefab.set_property('rack', request.params_body['prefab']['rack']) + prefab.set_property('datetime_last_edited', Database.datetime_to_string(datetime.now())) + prefab.update() + + return Response(200, 'Successfully updated prefab.', prefab.obj) + + +def DELETE(request): + """Delete this Prefab.""" + + request.check_required_parameters(path={'prefabId': 'string'}) + + prefab = Prefab.from_id(request.params_path['prefabId']) + + prefab.check_exists() + prefab.check_user_access(request.google_id) + + old_object = prefab.delete() + + return Response(200, 'Successfully deleted prefab.', old_object) diff --git a/web-server/opendc/api/v2/prefabs/prefabId/test_endpoint.py b/web-server/opendc/api/v2/prefabs/prefabId/test_endpoint.py index e69de29b..b25c881d 100644 --- a/web-server/opendc/api/v2/prefabs/prefabId/test_endpoint.py +++ b/web-server/opendc/api/v2/prefabs/prefabId/test_endpoint.py @@ -0,0 +1,140 @@ +from opendc.util.database import DB +from unittest.mock import Mock + + +def test_get_prefab_non_existing(client, mocker): + mocker.patch.object(DB, 'fetch_one', return_value=None) + assert '404' in client.get('/api/v2/prefabs/1').status + +def test_get_private_prefab_not_authorized(client, mocker): + DB.fetch_one = Mock() + DB.fetch_one.side_effect = [{ + '_id': '1', + 'name': 'test prefab', + 'authorId': '2', + 'visibility': 'private', + 'rack': {} + }, + { + '_id': '1' + } + ] + res = client.get('/api/v2/prefabs/1') + assert '403' in res.status + + +def test_get_private_prefab(client, mocker): + DB.fetch_one = Mock() + DB.fetch_one.side_effect = [{ + '_id': '1', + 'name': 'test prefab', + 'authorId': '1', + 'visibility': 'private', + 'rack': {} + }, + { + '_id': '1' + } + ] + res = client.get('/api/v2/prefabs/1') + assert '200' in res.status + +def test_get_public_prefab(client, mocker): + DB.fetch_one = Mock() + DB.fetch_one.side_effect = [{ + '_id': '1', + 'name': 'test prefab', + 'authorId': '2', + 'visibility': 'public', + 'rack': {} + }, + { + '_id': '1' + } + ] + res = client.get('/api/v2/prefabs/1') + assert '200' in res.status + + +def test_update_prefab_missing_parameter(client): + assert '400' in client.put('/api/v2/prefabs/1').status + + +def test_update_prefab_non_existing(client, mocker): + mocker.patch.object(DB, 'fetch_one', return_value=None) + assert '404' in client.put('/api/v2/prefabs/1', json={'prefab': {'name': 'S'}}).status + + +def test_update_prefab_not_authorized(client, mocker): + DB.fetch_one = Mock() + DB.fetch_one.side_effect = [{ + '_id': '1', + 'name': 'test prefab', + 'authorId': '2', + 'visibility': 'private', + 'rack': {} + }, + { + '_id': '1' + } + ] + mocker.patch.object(DB, 'update', return_value={}) + assert '403' in client.put('/api/v2/prefabs/1', json={'prefab': {'name': 'test prefab', 'rack' : {}}}).status + + +def test_update_prefab(client, mocker): + DB.fetch_one = Mock() + DB.fetch_one.side_effect = [{ + '_id': '1', + 'name': 'test prefab', + 'authorId': '1', + 'visibility': 'private', + 'rack': {} + }, + { + '_id': '1' + } + ] + mocker.patch.object(DB, 'update', return_value={}) + res = client.put('/api/v2/prefabs/1', json={'prefab': {'name': 'test prefab', 'rack' : {}}}) + assert '200' in res.status + + +def test_delete_prefab_non_existing(client, mocker): + mocker.patch.object(DB, 'fetch_one', return_value=None) + assert '404' in client.delete('/api/v2/prefabs/1').status + + +def test_delete_prefab_different_user(client, mocker): + DB.fetch_one = Mock() + DB.fetch_one.side_effect = [{ + '_id': '1', + 'name': 'test prefab', + 'authorId': '2', + 'visibility': 'private', + 'rack': {} + }, + { + '_id': '1' + } + ] + mocker.patch.object(DB, 'delete_one', return_value=None) + assert '403' in client.delete('/api/v2/prefabs/1').status + + +def test_delete_prefab(client, mocker): + DB.fetch_one = Mock() + DB.fetch_one.side_effect = [{ + '_id': '1', + 'name': 'test prefab', + 'authorId': '1', + 'visibility': 'private', + 'rack': {} + }, + { + '_id': '1' + } + ] + mocker.patch.object(DB, 'delete_one', return_value={'prefab': {'name': 'name'}}) + res = client.delete('/api/v2/prefabs/1') + assert '200' in res.status diff --git a/web-server/opendc/api/v2/prefabs/test_endpoint.py b/web-server/opendc/api/v2/prefabs/test_endpoint.py index 58735ac7..47029579 100644 --- a/web-server/opendc/api/v2/prefabs/test_endpoint.py +++ b/web-server/opendc/api/v2/prefabs/test_endpoint.py @@ -1,21 +1,22 @@ from opendc.util.database import DB -def test_add_simulation_missing_parameter(client): +def test_add_prefab_missing_parameter(client): assert '400' in client.post('/api/v2/prefabs').status -def test_add_simulation(client, mocker): +def test_add_prefab(client, mocker): mocker.patch.object(DB, 'fetch_one', return_value={'_id': '1', 'authorizations': []}) mocker.patch.object(DB, 'insert', return_value={ '_id': '1', 'datetimeCreated': '000', - 'datetimeLastEdited': '000' + 'datetimeLastEdited': '000', + 'authorId': 1 }) - mocker.patch.object(DB, 'update', return_value={}) res = client.post('/api/v2/prefabs', json={'prefab': {'name': 'test prefab'}}) assert 'datetimeCreated' in res.json['content'] assert 'datetimeLastEdited' in res.json['content'] + assert 'authorId' in res.json['content'] assert '200' in res.status diff --git a/web-server/opendc/models/prefab.py b/web-server/opendc/models/prefab.py index 42c29697..70910c4a 100644 --- a/web-server/opendc/models/prefab.py +++ b/web-server/opendc/models/prefab.py @@ -1,6 +1,5 @@ from opendc.models.model import Model from opendc.models.user import User -from opendc.util.database import DB from opendc.util.exceptions import ClientError from opendc.util.rest import Response @@ -10,21 +9,18 @@ class Prefab(Model): collection_name = 'prefabs' - def check_user_access(self, google_id, edit_access): - """Raises an error if the user with given [google_id] has insufficient access. + def check_user_access(self, google_id): + """Raises an error if the user with given [google_id] has insufficient access to view this prefab. :param google_id: The Google ID of the user. - :param edit_access: True when edit access should be checked, otherwise view access. """ user = User.from_google_id(google_id) - authorizations = list(filter(lambda x: str(x['prefabId']) == str(self.get_id()), user.obj['authorizations'])) - if len(authorizations) == 0 or (edit_access and authorizations[0]['authorizationLevel'] == 'VIEW'): - raise ClientError(Response(403, "Forbidden from retrieving prefab.")) - def get_all_authorizations(self): - """Get all user IDs having access to this project.""" - return [ - str(user['_id']) for user in DB.fetch_all({'authorizations': { - 'prefabId': self.obj['_id'] - }}, User.collection_name) - ] + #try: + + print(self.obj) + if self.obj['authorId'] != user.get_id() and self.obj['visibility'] == "private": + raise ClientError(Response(403, "Forbidden from retrieving prefab.")) + #except KeyError: + # OpenDC-authored objects don't necessarily have an authorId + # return |