diff options
Diffstat (limited to 'web-server/opendc')
| -rw-r--r-- | web-server/opendc/api/v2/prefabs/endpoint.py | 2 | ||||
| -rw-r--r-- | web-server/opendc/api/v2/prefabs/prefabId/endpoint.py | 21 | ||||
| -rw-r--r-- | web-server/opendc/api/v2/prefabs/prefabId/test_endpoint.py | 151 | ||||
| -rw-r--r-- | web-server/opendc/api/v2/prefabs/test_endpoint.py | 9 | ||||
| -rw-r--r-- | web-server/opendc/models/prefab.py | 24 |
5 files changed, 110 insertions, 97 deletions
diff --git a/web-server/opendc/api/v2/prefabs/endpoint.py b/web-server/opendc/api/v2/prefabs/endpoint.py index da422875..723a2f0d 100644 --- a/web-server/opendc/api/v2/prefabs/endpoint.py +++ b/web-server/opendc/api/v2/prefabs/endpoint.py @@ -16,7 +16,7 @@ def POST(request): prefab.set_property('datetimeLastEdited', Database.datetime_to_string(datetime.now())) user = User.from_google_id(request.google_id) - prefab.set_property('userId', user.get_id) + prefab.set_property('authorId', user.get_id()) prefab.insert() diff --git a/web-server/opendc/api/v2/prefabs/prefabId/endpoint.py b/web-server/opendc/api/v2/prefabs/prefabId/endpoint.py index c30565d0..e8508ee0 100644 --- a/web-server/opendc/api/v2/prefabs/prefabId/endpoint.py +++ b/web-server/opendc/api/v2/prefabs/prefabId/endpoint.py @@ -1,9 +1,6 @@ from datetime import datetime -from opendc.models.experiment import Experiment from opendc.models.prefab import Prefab -from opendc.models.topology import Topology -from opendc.models.user import User from opendc.util.database import Database from opendc.util.rest import Response @@ -14,24 +11,27 @@ def GET(request): request.check_required_parameters(path={'prefabId': 'string'}) prefab = Prefab.from_id(request.params_path['prefabId']) - + print(prefab.obj) prefab.check_exists() - prefab.check_user_access(request.google_id, False) + print("before cua") + prefab.check_user_access(request.google_id) + print("after cua") return Response(200, 'Successfully retrieved prefab', prefab.obj) def PUT(request): - """Update a prefab's name.""" + """Update a prefab's name and/or contents.""" request.check_required_parameters(body={'prefab': {'name': 'name'}}, path={'prefabId': 'string'}) prefab = Prefab.from_id(request.params_path['prefabId']) prefab.check_exists() - prefab.check_user_access(request.google_id, True) + prefab.check_user_access(request.google_id) prefab.set_property('name', request.params_body['prefab']['name']) + prefab.set_property('rack', request.params_body['prefab']['rack']) prefab.set_property('datetime_last_edited', Database.datetime_to_string(datetime.now())) prefab.update() @@ -46,12 +46,7 @@ def DELETE(request): prefab = Prefab.from_id(request.params_path['prefabId']) prefab.check_exists() - prefab.check_user_access(request.google_id, True) - - user = User.from_google_id(request.google_id) - user.obj['authorizations'] = list( - filter(lambda x: str(x['prefabId']) != request.params_path['prefabId'], user.obj['authorizations'])) - user.update() + prefab.check_user_access(request.google_id) old_object = prefab.delete() diff --git a/web-server/opendc/api/v2/prefabs/prefabId/test_endpoint.py b/web-server/opendc/api/v2/prefabs/prefabId/test_endpoint.py index c34bf6fa..b25c881d 100644 --- a/web-server/opendc/api/v2/prefabs/prefabId/test_endpoint.py +++ b/web-server/opendc/api/v2/prefabs/prefabId/test_endpoint.py @@ -1,41 +1,57 @@ from opendc.util.database import DB +from unittest.mock import Mock def test_get_prefab_non_existing(client, mocker): mocker.patch.object(DB, 'fetch_one', return_value=None) assert '404' in client.get('/api/v2/prefabs/1').status - -def test_get_prefab_no_authorizations(client, mocker): - mocker.patch.object(DB, 'fetch_one', return_value={'authorizations': []}) +def test_get_private_prefab_not_authorized(client, mocker): + DB.fetch_one = Mock() + DB.fetch_one.side_effect = [{ + '_id': '1', + 'name': 'test prefab', + 'authorId': '2', + 'visibility': 'private', + 'rack': {} + }, + { + '_id': '1' + } + ] res = client.get('/api/v2/prefabs/1') assert '403' in res.status -def test_get_prefab_not_authorized(client, mocker): - mocker.patch.object(DB, - 'fetch_one', - return_value={ +def test_get_private_prefab(client, mocker): + DB.fetch_one = Mock() + DB.fetch_one.side_effect = [{ '_id': '1', - 'authorizations': [{ - 'prefabId': '2', - 'authorizationLevel': 'OWN' - }] - }) + 'name': 'test prefab', + 'authorId': '1', + 'visibility': 'private', + 'rack': {} + }, + { + '_id': '1' + } + ] res = client.get('/api/v2/prefabs/1') - assert '403' in res.status - + assert '200' in res.status -def test_get_prefab(client, mocker): - mocker.patch.object(DB, - 'fetch_one', - return_value={ +def test_get_public_prefab(client, mocker): + DB.fetch_one = Mock() + DB.fetch_one.side_effect = [{ '_id': '1', - 'authorizations': [{ - 'prefabId': '1', - 'authorizationLevel': 'EDIT' - }] - }) + 'name': 'test prefab', + 'authorId': '2', + 'visibility': 'public', + 'rack': {} + }, + { + '_id': '1' + } + ] res = client.get('/api/v2/prefabs/1') assert '200' in res.status @@ -50,32 +66,37 @@ def test_update_prefab_non_existing(client, mocker): def test_update_prefab_not_authorized(client, mocker): - mocker.patch.object(DB, - 'fetch_one', - return_value={ + DB.fetch_one = Mock() + DB.fetch_one.side_effect = [{ '_id': '1', - 'authorizations': [{ - 'prefabId': '1', - 'authorizationLevel': 'VIEW' - }] - }) + 'name': 'test prefab', + 'authorId': '2', + 'visibility': 'private', + 'rack': {} + }, + { + '_id': '1' + } + ] mocker.patch.object(DB, 'update', return_value={}) - assert '403' in client.put('/api/v2/prefabs/1', json={'prefab': {'name': 'S'}}).status + assert '403' in client.put('/api/v2/prefabs/1', json={'prefab': {'name': 'test prefab', 'rack' : {}}}).status def test_update_prefab(client, mocker): - mocker.patch.object(DB, - 'fetch_one', - return_value={ + DB.fetch_one = Mock() + DB.fetch_one.side_effect = [{ '_id': '1', - 'authorizations': [{ - 'prefabId': '1', - 'authorizationLevel': 'OWN' - }] - }) + 'name': 'test prefab', + 'authorId': '1', + 'visibility': 'private', + 'rack': {} + }, + { + '_id': '1' + } + ] mocker.patch.object(DB, 'update', return_value={}) - - res = client.put('/api/v2/prefabs/1', json={'prefab': {'name': 'S'}}) + res = client.put('/api/v2/prefabs/1', json={'prefab': {'name': 'test prefab', 'rack' : {}}}) assert '200' in res.status @@ -85,35 +106,35 @@ def test_delete_prefab_non_existing(client, mocker): def test_delete_prefab_different_user(client, mocker): - mocker.patch.object(DB, - 'fetch_one', - return_value={ + DB.fetch_one = Mock() + DB.fetch_one.side_effect = [{ '_id': '1', - 'googleId': 'other_test', - 'authorizations': [{ - 'prefabId': '1', - 'authorizationLevel': 'VIEW' - }], - 'topologyIds': [] - }) + 'name': 'test prefab', + 'authorId': '2', + 'visibility': 'private', + 'rack': {} + }, + { + '_id': '1' + } + ] mocker.patch.object(DB, 'delete_one', return_value=None) assert '403' in client.delete('/api/v2/prefabs/1').status def test_delete_prefab(client, mocker): - mocker.patch.object(DB, - 'fetch_one', - return_value={ + DB.fetch_one = Mock() + DB.fetch_one.side_effect = [{ '_id': '1', - 'googleId': 'test', - 'authorizations': [{ - 'prefabId': '1', - 'authorizationLevel': 'OWN' - }], - 'topologyIds': [], - 'experimentIds': [], - }) - mocker.patch.object(DB, 'update', return_value=None) - mocker.patch.object(DB, 'delete_one', return_value={'googleId': 'test'}) + 'name': 'test prefab', + 'authorId': '1', + 'visibility': 'private', + 'rack': {} + }, + { + '_id': '1' + } + ] + mocker.patch.object(DB, 'delete_one', return_value={'prefab': {'name': 'name'}}) res = client.delete('/api/v2/prefabs/1') assert '200' in res.status diff --git a/web-server/opendc/api/v2/prefabs/test_endpoint.py b/web-server/opendc/api/v2/prefabs/test_endpoint.py index 58735ac7..47029579 100644 --- a/web-server/opendc/api/v2/prefabs/test_endpoint.py +++ b/web-server/opendc/api/v2/prefabs/test_endpoint.py @@ -1,21 +1,22 @@ from opendc.util.database import DB -def test_add_simulation_missing_parameter(client): +def test_add_prefab_missing_parameter(client): assert '400' in client.post('/api/v2/prefabs').status -def test_add_simulation(client, mocker): +def test_add_prefab(client, mocker): mocker.patch.object(DB, 'fetch_one', return_value={'_id': '1', 'authorizations': []}) mocker.patch.object(DB, 'insert', return_value={ '_id': '1', 'datetimeCreated': '000', - 'datetimeLastEdited': '000' + 'datetimeLastEdited': '000', + 'authorId': 1 }) - mocker.patch.object(DB, 'update', return_value={}) res = client.post('/api/v2/prefabs', json={'prefab': {'name': 'test prefab'}}) assert 'datetimeCreated' in res.json['content'] assert 'datetimeLastEdited' in res.json['content'] + assert 'authorId' in res.json['content'] assert '200' in res.status diff --git a/web-server/opendc/models/prefab.py b/web-server/opendc/models/prefab.py index 42c29697..70910c4a 100644 --- a/web-server/opendc/models/prefab.py +++ b/web-server/opendc/models/prefab.py @@ -1,6 +1,5 @@ from opendc.models.model import Model from opendc.models.user import User -from opendc.util.database import DB from opendc.util.exceptions import ClientError from opendc.util.rest import Response @@ -10,21 +9,18 @@ class Prefab(Model): collection_name = 'prefabs' - def check_user_access(self, google_id, edit_access): - """Raises an error if the user with given [google_id] has insufficient access. + def check_user_access(self, google_id): + """Raises an error if the user with given [google_id] has insufficient access to view this prefab. :param google_id: The Google ID of the user. - :param edit_access: True when edit access should be checked, otherwise view access. """ user = User.from_google_id(google_id) - authorizations = list(filter(lambda x: str(x['prefabId']) == str(self.get_id()), user.obj['authorizations'])) - if len(authorizations) == 0 or (edit_access and authorizations[0]['authorizationLevel'] == 'VIEW'): - raise ClientError(Response(403, "Forbidden from retrieving prefab.")) - def get_all_authorizations(self): - """Get all user IDs having access to this project.""" - return [ - str(user['_id']) for user in DB.fetch_all({'authorizations': { - 'prefabId': self.obj['_id'] - }}, User.collection_name) - ] + #try: + + print(self.obj) + if self.obj['authorId'] != user.get_id() and self.obj['visibility'] == "private": + raise ClientError(Response(403, "Forbidden from retrieving prefab.")) + #except KeyError: + # OpenDC-authored objects don't necessarily have an authorId + # return |