summaryrefslogtreecommitdiff
path: root/web-server
diff options
context:
space:
mode:
Diffstat (limited to 'web-server')
-rw-r--r--web-server/opendc/api/v2/prefabs/endpoint.py6
-rw-r--r--web-server/opendc/api/v2/prefabs/prefabId/endpoint.py53
-rw-r--r--web-server/opendc/api/v2/prefabs/prefabId/test_endpoint.py140
-rw-r--r--web-server/opendc/api/v2/prefabs/test_endpoint.py9
-rw-r--r--web-server/opendc/models/prefab.py24
5 files changed, 211 insertions, 21 deletions
diff --git a/web-server/opendc/api/v2/prefabs/endpoint.py b/web-server/opendc/api/v2/prefabs/endpoint.py
index d7e23450..723a2f0d 100644
--- a/web-server/opendc/api/v2/prefabs/endpoint.py
+++ b/web-server/opendc/api/v2/prefabs/endpoint.py
@@ -14,10 +14,10 @@ def POST(request):
prefab = Prefab(request.params_body['prefab'])
prefab.set_property('datetimeCreated', Database.datetime_to_string(datetime.now()))
prefab.set_property('datetimeLastEdited', Database.datetime_to_string(datetime.now()))
- prefab.insert()
user = User.from_google_id(request.google_id)
- user.obj['authorizations'].append({'prefabId': prefab.get_id(), 'authorizationLevel': 'OWN'})
- user.update()
+ prefab.set_property('authorId', user.get_id())
+
+ prefab.insert()
return Response(200, 'Successfully created prefab.', prefab.obj)
diff --git a/web-server/opendc/api/v2/prefabs/prefabId/endpoint.py b/web-server/opendc/api/v2/prefabs/prefabId/endpoint.py
index e69de29b..e8508ee0 100644
--- a/web-server/opendc/api/v2/prefabs/prefabId/endpoint.py
+++ b/web-server/opendc/api/v2/prefabs/prefabId/endpoint.py
@@ -0,0 +1,53 @@
+from datetime import datetime
+
+from opendc.models.prefab import Prefab
+from opendc.util.database import Database
+from opendc.util.rest import Response
+
+
+def GET(request):
+ """Get this Prefab."""
+
+ request.check_required_parameters(path={'prefabId': 'string'})
+
+ prefab = Prefab.from_id(request.params_path['prefabId'])
+ print(prefab.obj)
+ prefab.check_exists()
+ print("before cua")
+ prefab.check_user_access(request.google_id)
+ print("after cua")
+
+ return Response(200, 'Successfully retrieved prefab', prefab.obj)
+
+
+def PUT(request):
+ """Update a prefab's name and/or contents."""
+
+ request.check_required_parameters(body={'prefab': {'name': 'name'}}, path={'prefabId': 'string'})
+
+ prefab = Prefab.from_id(request.params_path['prefabId'])
+
+ prefab.check_exists()
+ prefab.check_user_access(request.google_id)
+
+ prefab.set_property('name', request.params_body['prefab']['name'])
+ prefab.set_property('rack', request.params_body['prefab']['rack'])
+ prefab.set_property('datetime_last_edited', Database.datetime_to_string(datetime.now()))
+ prefab.update()
+
+ return Response(200, 'Successfully updated prefab.', prefab.obj)
+
+
+def DELETE(request):
+ """Delete this Prefab."""
+
+ request.check_required_parameters(path={'prefabId': 'string'})
+
+ prefab = Prefab.from_id(request.params_path['prefabId'])
+
+ prefab.check_exists()
+ prefab.check_user_access(request.google_id)
+
+ old_object = prefab.delete()
+
+ return Response(200, 'Successfully deleted prefab.', old_object)
diff --git a/web-server/opendc/api/v2/prefabs/prefabId/test_endpoint.py b/web-server/opendc/api/v2/prefabs/prefabId/test_endpoint.py
index e69de29b..b25c881d 100644
--- a/web-server/opendc/api/v2/prefabs/prefabId/test_endpoint.py
+++ b/web-server/opendc/api/v2/prefabs/prefabId/test_endpoint.py
@@ -0,0 +1,140 @@
+from opendc.util.database import DB
+from unittest.mock import Mock
+
+
+def test_get_prefab_non_existing(client, mocker):
+ mocker.patch.object(DB, 'fetch_one', return_value=None)
+ assert '404' in client.get('/api/v2/prefabs/1').status
+
+def test_get_private_prefab_not_authorized(client, mocker):
+ DB.fetch_one = Mock()
+ DB.fetch_one.side_effect = [{
+ '_id': '1',
+ 'name': 'test prefab',
+ 'authorId': '2',
+ 'visibility': 'private',
+ 'rack': {}
+ },
+ {
+ '_id': '1'
+ }
+ ]
+ res = client.get('/api/v2/prefabs/1')
+ assert '403' in res.status
+
+
+def test_get_private_prefab(client, mocker):
+ DB.fetch_one = Mock()
+ DB.fetch_one.side_effect = [{
+ '_id': '1',
+ 'name': 'test prefab',
+ 'authorId': '1',
+ 'visibility': 'private',
+ 'rack': {}
+ },
+ {
+ '_id': '1'
+ }
+ ]
+ res = client.get('/api/v2/prefabs/1')
+ assert '200' in res.status
+
+def test_get_public_prefab(client, mocker):
+ DB.fetch_one = Mock()
+ DB.fetch_one.side_effect = [{
+ '_id': '1',
+ 'name': 'test prefab',
+ 'authorId': '2',
+ 'visibility': 'public',
+ 'rack': {}
+ },
+ {
+ '_id': '1'
+ }
+ ]
+ res = client.get('/api/v2/prefabs/1')
+ assert '200' in res.status
+
+
+def test_update_prefab_missing_parameter(client):
+ assert '400' in client.put('/api/v2/prefabs/1').status
+
+
+def test_update_prefab_non_existing(client, mocker):
+ mocker.patch.object(DB, 'fetch_one', return_value=None)
+ assert '404' in client.put('/api/v2/prefabs/1', json={'prefab': {'name': 'S'}}).status
+
+
+def test_update_prefab_not_authorized(client, mocker):
+ DB.fetch_one = Mock()
+ DB.fetch_one.side_effect = [{
+ '_id': '1',
+ 'name': 'test prefab',
+ 'authorId': '2',
+ 'visibility': 'private',
+ 'rack': {}
+ },
+ {
+ '_id': '1'
+ }
+ ]
+ mocker.patch.object(DB, 'update', return_value={})
+ assert '403' in client.put('/api/v2/prefabs/1', json={'prefab': {'name': 'test prefab', 'rack' : {}}}).status
+
+
+def test_update_prefab(client, mocker):
+ DB.fetch_one = Mock()
+ DB.fetch_one.side_effect = [{
+ '_id': '1',
+ 'name': 'test prefab',
+ 'authorId': '1',
+ 'visibility': 'private',
+ 'rack': {}
+ },
+ {
+ '_id': '1'
+ }
+ ]
+ mocker.patch.object(DB, 'update', return_value={})
+ res = client.put('/api/v2/prefabs/1', json={'prefab': {'name': 'test prefab', 'rack' : {}}})
+ assert '200' in res.status
+
+
+def test_delete_prefab_non_existing(client, mocker):
+ mocker.patch.object(DB, 'fetch_one', return_value=None)
+ assert '404' in client.delete('/api/v2/prefabs/1').status
+
+
+def test_delete_prefab_different_user(client, mocker):
+ DB.fetch_one = Mock()
+ DB.fetch_one.side_effect = [{
+ '_id': '1',
+ 'name': 'test prefab',
+ 'authorId': '2',
+ 'visibility': 'private',
+ 'rack': {}
+ },
+ {
+ '_id': '1'
+ }
+ ]
+ mocker.patch.object(DB, 'delete_one', return_value=None)
+ assert '403' in client.delete('/api/v2/prefabs/1').status
+
+
+def test_delete_prefab(client, mocker):
+ DB.fetch_one = Mock()
+ DB.fetch_one.side_effect = [{
+ '_id': '1',
+ 'name': 'test prefab',
+ 'authorId': '1',
+ 'visibility': 'private',
+ 'rack': {}
+ },
+ {
+ '_id': '1'
+ }
+ ]
+ mocker.patch.object(DB, 'delete_one', return_value={'prefab': {'name': 'name'}})
+ res = client.delete('/api/v2/prefabs/1')
+ assert '200' in res.status
diff --git a/web-server/opendc/api/v2/prefabs/test_endpoint.py b/web-server/opendc/api/v2/prefabs/test_endpoint.py
index 58735ac7..47029579 100644
--- a/web-server/opendc/api/v2/prefabs/test_endpoint.py
+++ b/web-server/opendc/api/v2/prefabs/test_endpoint.py
@@ -1,21 +1,22 @@
from opendc.util.database import DB
-def test_add_simulation_missing_parameter(client):
+def test_add_prefab_missing_parameter(client):
assert '400' in client.post('/api/v2/prefabs').status
-def test_add_simulation(client, mocker):
+def test_add_prefab(client, mocker):
mocker.patch.object(DB, 'fetch_one', return_value={'_id': '1', 'authorizations': []})
mocker.patch.object(DB,
'insert',
return_value={
'_id': '1',
'datetimeCreated': '000',
- 'datetimeLastEdited': '000'
+ 'datetimeLastEdited': '000',
+ 'authorId': 1
})
- mocker.patch.object(DB, 'update', return_value={})
res = client.post('/api/v2/prefabs', json={'prefab': {'name': 'test prefab'}})
assert 'datetimeCreated' in res.json['content']
assert 'datetimeLastEdited' in res.json['content']
+ assert 'authorId' in res.json['content']
assert '200' in res.status
diff --git a/web-server/opendc/models/prefab.py b/web-server/opendc/models/prefab.py
index 42c29697..70910c4a 100644
--- a/web-server/opendc/models/prefab.py
+++ b/web-server/opendc/models/prefab.py
@@ -1,6 +1,5 @@
from opendc.models.model import Model
from opendc.models.user import User
-from opendc.util.database import DB
from opendc.util.exceptions import ClientError
from opendc.util.rest import Response
@@ -10,21 +9,18 @@ class Prefab(Model):
collection_name = 'prefabs'
- def check_user_access(self, google_id, edit_access):
- """Raises an error if the user with given [google_id] has insufficient access.
+ def check_user_access(self, google_id):
+ """Raises an error if the user with given [google_id] has insufficient access to view this prefab.
:param google_id: The Google ID of the user.
- :param edit_access: True when edit access should be checked, otherwise view access.
"""
user = User.from_google_id(google_id)
- authorizations = list(filter(lambda x: str(x['prefabId']) == str(self.get_id()), user.obj['authorizations']))
- if len(authorizations) == 0 or (edit_access and authorizations[0]['authorizationLevel'] == 'VIEW'):
- raise ClientError(Response(403, "Forbidden from retrieving prefab."))
- def get_all_authorizations(self):
- """Get all user IDs having access to this project."""
- return [
- str(user['_id']) for user in DB.fetch_all({'authorizations': {
- 'prefabId': self.obj['_id']
- }}, User.collection_name)
- ]
+ #try:
+
+ print(self.obj)
+ if self.obj['authorId'] != user.get_id() and self.obj['visibility'] == "private":
+ raise ClientError(Response(403, "Forbidden from retrieving prefab."))
+ #except KeyError:
+ # OpenDC-authored objects don't necessarily have an authorId
+ # return
generated by cgit v1.2.3 (git 2.25.1) at 2026-02-04 13:23:06 +0000