summaryrefslogtreecommitdiff
path: root/api/opendc/models
diff options
context:
space:
mode:
Diffstat (limited to 'api/opendc/models')
-rw-r--r--api/opendc/models/__init__.py0
-rw-r--r--api/opendc/models/model.py59
-rw-r--r--api/opendc/models/portfolio.py24
-rw-r--r--api/opendc/models/prefab.py26
-rw-r--r--api/opendc/models/project.py31
-rw-r--r--api/opendc/models/scenario.py26
-rw-r--r--api/opendc/models/topology.py27
-rw-r--r--api/opendc/models/trace.py7
-rw-r--r--api/opendc/models/user.py36
9 files changed, 236 insertions, 0 deletions
diff --git a/api/opendc/models/__init__.py b/api/opendc/models/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/api/opendc/models/__init__.py
diff --git a/api/opendc/models/model.py b/api/opendc/models/model.py
new file mode 100644
index 00000000..bcb833ae
--- /dev/null
+++ b/api/opendc/models/model.py
@@ -0,0 +1,59 @@
+from uuid import uuid4
+
+from opendc.util.database import DB
+from opendc.util.exceptions import ClientError
+from opendc.util.rest import Response
+
+
+class Model:
+ """Base class for all models."""
+
+ collection_name = '<specified in subclasses>'
+
+ @classmethod
+ def from_id(cls, _id):
+ """Fetches the document with given ID from the collection."""
+ return cls(DB.fetch_one({'_id': _id}, cls.collection_name))
+
+ @classmethod
+ def get_all(cls):
+ """Fetches all documents from the collection."""
+ return cls(DB.fetch_all({}, cls.collection_name))
+
+ def __init__(self, obj):
+ self.obj = obj
+
+ def get_id(self):
+ """Returns the ID of the enclosed object."""
+ return str(self.obj['_id'])
+
+ def check_exists(self):
+ """Raises an error if the enclosed object does not exist."""
+ if self.obj is None:
+ raise ClientError(Response(404, 'Not found.'))
+
+ def set_property(self, key, value):
+ """Sets the given property on the enclosed object, with support for simple nested access."""
+ if '.' in key:
+ keys = key.split('.')
+ self.obj[keys[0]][keys[1]] = value
+ else:
+ self.obj[key] = value
+
+ def insert(self):
+ """Inserts the enclosed object and generates a UUID for it."""
+ self.obj['_id'] = str(uuid4())
+ DB.insert(self.obj, self.collection_name)
+
+ def update(self):
+ """Updates the enclosed object and updates the internal reference to the newly inserted object."""
+ DB.update(self.get_id(), self.obj, self.collection_name)
+
+ def delete(self):
+ """Deletes the enclosed object in the database, if it existed."""
+ if self.obj is None:
+ return None
+
+ old_object = self.obj.copy()
+ DB.delete_one({'_id': self.get_id()}, self.collection_name)
+ return old_object
diff --git a/api/opendc/models/portfolio.py b/api/opendc/models/portfolio.py
new file mode 100644
index 00000000..32961b63
--- /dev/null
+++ b/api/opendc/models/portfolio.py
@@ -0,0 +1,24 @@
+from opendc.models.model import Model
+from opendc.models.user import User
+from opendc.util.exceptions import ClientError
+from opendc.util.rest import Response
+
+
+class Portfolio(Model):
+ """Model representing a Portfolio."""
+
+ collection_name = 'portfolios'
+
+ def check_user_access(self, google_id, edit_access):
+ """Raises an error if the user with given [google_id] has insufficient access.
+
+ Checks access on the parent project.
+
+ :param google_id: The Google ID of the user.
+ :param edit_access: True when edit access should be checked, otherwise view access.
+ """
+ user = User.from_google_id(google_id)
+ authorizations = list(
+ filter(lambda x: str(x['projectId']) == str(self.obj['projectId']), user.obj['authorizations']))
+ if len(authorizations) == 0 or (edit_access and authorizations[0]['authorizationLevel'] == 'VIEW'):
+ raise ClientError(Response(403, 'Forbidden from retrieving/editing portfolio.'))
diff --git a/api/opendc/models/prefab.py b/api/opendc/models/prefab.py
new file mode 100644
index 00000000..70910c4a
--- /dev/null
+++ b/api/opendc/models/prefab.py
@@ -0,0 +1,26 @@
+from opendc.models.model import Model
+from opendc.models.user import User
+from opendc.util.exceptions import ClientError
+from opendc.util.rest import Response
+
+
+class Prefab(Model):
+ """Model representing a Project."""
+
+ collection_name = 'prefabs'
+
+ def check_user_access(self, google_id):
+ """Raises an error if the user with given [google_id] has insufficient access to view this prefab.
+
+ :param google_id: The Google ID of the user.
+ """
+ user = User.from_google_id(google_id)
+
+ #try:
+
+ print(self.obj)
+ if self.obj['authorId'] != user.get_id() and self.obj['visibility'] == "private":
+ raise ClientError(Response(403, "Forbidden from retrieving prefab."))
+ #except KeyError:
+ # OpenDC-authored objects don't necessarily have an authorId
+ # return
diff --git a/api/opendc/models/project.py b/api/opendc/models/project.py
new file mode 100644
index 00000000..b57e9f77
--- /dev/null
+++ b/api/opendc/models/project.py
@@ -0,0 +1,31 @@
+from opendc.models.model import Model
+from opendc.models.user import User
+from opendc.util.database import DB
+from opendc.util.exceptions import ClientError
+from opendc.util.rest import Response
+
+
+class Project(Model):
+ """Model representing a Project."""
+
+ collection_name = 'projects'
+
+ def check_user_access(self, google_id, edit_access):
+ """Raises an error if the user with given [google_id] has insufficient access.
+
+ :param google_id: The Google ID of the user.
+ :param edit_access: True when edit access should be checked, otherwise view access.
+ """
+ user = User.from_google_id(google_id)
+ authorizations = list(filter(lambda x: str(x['projectId']) == str(self.get_id()),
+ user.obj['authorizations']))
+ if len(authorizations) == 0 or (edit_access and authorizations[0]['authorizationLevel'] == 'VIEW'):
+ raise ClientError(Response(403, "Forbidden from retrieving project."))
+
+ def get_all_authorizations(self):
+ """Get all user IDs having access to this project."""
+ return [
+ str(user['_id']) for user in DB.fetch_all({'authorizations': {
+ 'projectId': self.obj['_id']
+ }}, User.collection_name)
+ ]
diff --git a/api/opendc/models/scenario.py b/api/opendc/models/scenario.py
new file mode 100644
index 00000000..8d53e408
--- /dev/null
+++ b/api/opendc/models/scenario.py
@@ -0,0 +1,26 @@
+from opendc.models.model import Model
+from opendc.models.portfolio import Portfolio
+from opendc.models.user import User
+from opendc.util.exceptions import ClientError
+from opendc.util.rest import Response
+
+
+class Scenario(Model):
+ """Model representing a Scenario."""
+
+ collection_name = 'scenarios'
+
+ def check_user_access(self, google_id, edit_access):
+ """Raises an error if the user with given [google_id] has insufficient access.
+
+ Checks access on the parent project.
+
+ :param google_id: The Google ID of the user.
+ :param edit_access: True when edit access should be checked, otherwise view access.
+ """
+ portfolio = Portfolio.from_id(self.obj['portfolioId'])
+ user = User.from_google_id(google_id)
+ authorizations = list(
+ filter(lambda x: str(x['projectId']) == str(portfolio.obj['projectId']), user.obj['authorizations']))
+ if len(authorizations) == 0 or (edit_access and authorizations[0]['authorizationLevel'] == 'VIEW'):
+ raise ClientError(Response(403, 'Forbidden from retrieving/editing scenario.'))
diff --git a/api/opendc/models/topology.py b/api/opendc/models/topology.py
new file mode 100644
index 00000000..cb4c4bab
--- /dev/null
+++ b/api/opendc/models/topology.py
@@ -0,0 +1,27 @@
+from opendc.models.model import Model
+from opendc.models.user import User
+from opendc.util.exceptions import ClientError
+from opendc.util.rest import Response
+
+
+class Topology(Model):
+ """Model representing a Project."""
+
+ collection_name = 'topologies'
+
+ def check_user_access(self, google_id, edit_access):
+ """Raises an error if the user with given [google_id] has insufficient access.
+
+ Checks access on the parent project.
+
+ :param google_id: The Google ID of the user.
+ :param edit_access: True when edit access should be checked, otherwise view access.
+ """
+ user = User.from_google_id(google_id)
+ if 'projectId' not in self.obj:
+ raise ClientError(Response(400, 'Missing projectId in topology.'))
+
+ authorizations = list(
+ filter(lambda x: str(x['projectId']) == str(self.obj['projectId']), user.obj['authorizations']))
+ if len(authorizations) == 0 or (edit_access and authorizations[0]['authorizationLevel'] == 'VIEW'):
+ raise ClientError(Response(403, 'Forbidden from retrieving topology.'))
diff --git a/api/opendc/models/trace.py b/api/opendc/models/trace.py
new file mode 100644
index 00000000..2f6e4926
--- /dev/null
+++ b/api/opendc/models/trace.py
@@ -0,0 +1,7 @@
+from opendc.models.model import Model
+
+
+class Trace(Model):
+ """Model representing a Trace."""
+
+ collection_name = 'traces'
diff --git a/api/opendc/models/user.py b/api/opendc/models/user.py
new file mode 100644
index 00000000..8e8ff945
--- /dev/null
+++ b/api/opendc/models/user.py
@@ -0,0 +1,36 @@
+from opendc.models.model import Model
+from opendc.util.database import DB
+from opendc.util.exceptions import ClientError
+from opendc.util.rest import Response
+
+
+class User(Model):
+ """Model representing a User."""
+
+ collection_name = 'users'
+
+ @classmethod
+ def from_email(cls, email):
+ """Fetches the user with given email from the collection."""
+ return User(DB.fetch_one({'email': email}, User.collection_name))
+
+ @classmethod
+ def from_google_id(cls, google_id):
+ """Fetches the user with given Google ID from the collection."""
+ return User(DB.fetch_one({'googleId': google_id}, User.collection_name))
+
+ def check_correct_user(self, request_google_id):
+ """Raises an error if a user tries to modify another user.
+
+ :param request_google_id:
+ """
+ if request_google_id is not None and self.obj['googleId'] != request_google_id:
+ raise ClientError(Response(403, f'Forbidden from editing user with ID {self.obj["_id"]}.'))
+
+ def check_already_exists(self):
+ """Checks if the user already exists in the database."""
+
+ existing_user = DB.fetch_one({'googleId': self.obj['googleId']}, self.collection_name)
+
+ if existing_user is not None:
+ raise ClientError(Response(409, 'User already exists.'))
generated by cgit v1.2.3 (git 2.25.1) at 2026-02-04 14:04:22 +0000