From 00597ec99f587557b88b9982a2c41a2cb8db8112 Mon Sep 17 00:00:00 2001 From: Georgios Andreadis Date: Thu, 25 Jun 2020 18:35:53 +0200 Subject: Add simulation put path --- opendc/api/v2/simulations/simulationId/endpoint.py | 42 +++++---------- .../v2/simulations/simulationId/test_endpoint.py | 59 +++++++++++++++++++++- opendc/api/v2/simulations/test_endpoint.py | 9 +++- opendc/models/simulation.py | 11 ++++ 4 files changed, 90 insertions(+), 31 deletions(-) diff --git a/opendc/api/v2/simulations/simulationId/endpoint.py b/opendc/api/v2/simulations/simulationId/endpoint.py index 5c9d126f..b08cf8be 100644 --- a/opendc/api/v2/simulations/simulationId/endpoint.py +++ b/opendc/api/v2/simulations/simulationId/endpoint.py @@ -3,6 +3,7 @@ from datetime import datetime from opendc.models.simulation import Simulation from opendc.models.user import User from opendc.util import database, exceptions +from opendc.util.database import Database from opendc.util.rest import Response @@ -19,12 +20,9 @@ def GET(request): if validation_error is not None: return validation_error - user = User.from_google_id(request.google_id) - authorizations = list(filter( - lambda x: str(x['simulationId']) == str(request.params_path['simulationId']), - user.obj['authorizations'])) - if len(authorizations) == 0 or authorizations[0]['authorizationLevel'] == 'VIEW': - return Response(403, "Forbidden from retrieving simulation.") + access_error = simulation.validate_user_access(request.google_id, False) + if access_error is not None: + return access_error return Response(200, 'Successfully retrieved simulation', simulation.obj) @@ -32,38 +30,26 @@ def GET(request): def PUT(request): """Update a simulation's name.""" - # Make sure required parameters are there - try: request.check_required_parameters(body={'simulation': {'name': 'name'}}, path={'simulationId': 'string'}) - except exceptions.ParameterError as e: return Response(400, str(e)) - # Instantiate a Simulation and make sure it exists - - simulation = Simulation.from_primary_key((request.params_path['simulationId'], )) - - if not simulation.exists(): - return Response(404, '{} not found.'.format(simulation)) - - # Make sure this User is allowed to edit this Simulation - - if not simulation.google_id_has_at_least(request.google_id, 'EDIT'): - return Response(403, 'Forbidden from editing {}.'.format(simulation)) - - # Update this Simulation in the database + simulation = Simulation.from_id(request.params_path['simulationId']) - simulation.read() + validation_error = simulation.validate() + if validation_error is not None: + return validation_error - simulation.name = request.params_body['simulation']['name'] - simulation.datetime_last_edited = database.datetime_to_string(datetime.now()) + access_error = simulation.validate_user_access(request.google_id, True) + if access_error is not None: + return access_error + simulation.set_property('name', request.params_body['simulation']['name']) + simulation.set_property('datetime_last_edited', Database.datetime_to_string(datetime.now())) simulation.update() - # Return this Simulation - - return Response(200, 'Successfully updated {}.'.format(simulation), simulation.to_JSON()) + return Response(200, 'Successfully updated simulation.', simulation.obj) def DELETE(request): diff --git a/opendc/api/v2/simulations/simulationId/test_endpoint.py b/opendc/api/v2/simulations/simulationId/test_endpoint.py index cf4b375a..ad53fcaa 100644 --- a/opendc/api/v2/simulations/simulationId/test_endpoint.py +++ b/opendc/api/v2/simulations/simulationId/test_endpoint.py @@ -13,12 +13,67 @@ def test_get_simulation_no_authorizations(client, mocker): def test_get_simulation_not_authorized(client, mocker): - mocker.patch.object(DB, 'fetch_one', return_value={'authorizations': [{'simulationId': '2', 'authorizationLevel': 'OWN'}]}) + mocker.patch.object(DB, + 'fetch_one', + return_value={ + '_id': '1', + 'authorizations': [{ + 'simulationId': '2', + 'authorizationLevel': 'OWN' + }] + }) res = client.get('/api/v2/simulations/1') assert '403' in res.status def test_get_simulation(client, mocker): - mocker.patch.object(DB, 'fetch_one', return_value={'authorizations': [{'simulationId': '1', 'authorizationLevel': 'EDIT'}]}) + mocker.patch.object(DB, + 'fetch_one', + return_value={ + '_id': '1', + 'authorizations': [{ + 'simulationId': '1', + 'authorizationLevel': 'EDIT' + }] + }) res = client.get('/api/v2/simulations/1') assert '200' in res.status + + +def test_update_simulation_missing_parameter(client): + assert '400' in client.put('/api/v2/simulations/1').status + + +def test_update_simulation_non_existing(client, mocker): + mocker.patch.object(DB, 'fetch_one', return_value=None) + assert '404' in client.put('/api/v2/simulations/1', json={'simulation': {'name': 'S'}}).status + + +def test_update_simulation_not_authorized(client, mocker): + mocker.patch.object(DB, + 'fetch_one', + return_value={ + '_id': '1', + 'authorizations': [{ + 'simulationId': '1', + 'authorizationLevel': 'VIEW' + }] + }) + mocker.patch.object(DB, 'update', return_value={}) + assert '403' in client.put('/api/v2/simulations/1', json={'simulation': {'name': 'S'}}).status + + +def test_update_simulation(client, mocker): + mocker.patch.object(DB, + 'fetch_one', + return_value={ + '_id': '1', + 'authorizations': [{ + 'simulationId': '1', + 'authorizationLevel': 'OWN' + }] + }) + mocker.patch.object(DB, 'update', return_value={}) + + res = client.put('/api/v2/simulations/1', json={'simulation': {'name': 'S'}}) + assert '200' in res.status diff --git a/opendc/api/v2/simulations/test_endpoint.py b/opendc/api/v2/simulations/test_endpoint.py index fe4ac6ed..d23df74a 100644 --- a/opendc/api/v2/simulations/test_endpoint.py +++ b/opendc/api/v2/simulations/test_endpoint.py @@ -7,7 +7,14 @@ def test_add_simulation_missing_parameter(client): def test_add_simulation(client, mocker): mocker.patch.object(DB, 'fetch_one', return_value={'_id': '1', 'authorizations': []}) - mocker.patch.object(DB, 'insert', return_value={'_id': '1', 'datetimeCreated': '000', 'datetimeEdit': '000', 'topologyIds': []}) + mocker.patch.object(DB, + 'insert', + return_value={ + '_id': '1', + 'datetimeCreated': '000', + 'datetimeEdit': '000', + 'topologyIds': [] + }) mocker.patch.object(DB, 'update', return_value={}) res = client.post('/api/v2/simulations', json={'simulation': {'name': 'test simulation'}}) assert 'datetimeCreated' in res.json['content'] diff --git a/opendc/models/simulation.py b/opendc/models/simulation.py index bb2ef1bc..f58581cf 100644 --- a/opendc/models/simulation.py +++ b/opendc/models/simulation.py @@ -1,5 +1,16 @@ from opendc.models.model import Model +from opendc.models.user import User +from opendc.util.rest import Response class Simulation(Model): collection_name = 'simulations' + + def validate_user_access(self, google_id, edit_access): + user = User.from_google_id(google_id) + authorizations = list( + filter(lambda x: str(x['simulationId']) == str(self.obj['_id']), user.obj['authorizations'])) + if len(authorizations) == 0 or (edit_access and authorizations[0]['authorizationLevel'] == 'VIEW'): + return Response(403, "Forbidden from retrieving simulation.") + + return None -- cgit v1.2.3