From 45b73e4683cce35de79117c5b4a6919556d9644f Mon Sep 17 00:00:00 2001
From: Fabian Mastenbroek <mail.fabianm@gmail.com>
Date: Fri, 2 Jul 2021 14:26:23 +0200
Subject: api: Add stricter validation of input/output data

This change adds stricter validation of data that enters and leaves the
database. As a result, we clearly separate the database model from the
data model that the REST API exports.
---
 opendc-web/opendc-web-api/opendc/models/project.py | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

(limited to 'opendc-web/opendc-web-api/opendc/models/project.py')

diff --git a/opendc-web/opendc-web-api/opendc/models/project.py b/opendc-web/opendc-web-api/opendc/models/project.py
index ee84c73e..f2b3b564 100644
--- a/opendc-web/opendc-web-api/opendc/models/project.py
+++ b/opendc-web/opendc-web-api/opendc/models/project.py
@@ -1,20 +1,29 @@
-from marshmallow import Schema, fields
+from marshmallow import Schema, fields, validate
 from werkzeug.exceptions import Forbidden
 
 from opendc.models.model import Model
 from opendc.exts import db
 
 
+class ProjectAuthorizations(Schema):
+    """
+    Schema representing a project authorization.
+    """
+    userId = fields.String(required=True)
+    level = fields.String(required=True, validate=validate.OneOf(["VIEW", "EDIT", "OWN"]))
+
+
 class ProjectSchema(Schema):
     """
     Schema representing a Project.
     """
-    _id = fields.String()
+    _id = fields.String(dump_only=True)
     name = fields.String(required=True)
     datetimeCreated = fields.DateTime()
     datetimeLastEdited = fields.DateTime()
     topologyIds = fields.List(fields.String())
     portfolioIds = fields.List(fields.String())
+    authorizations = fields.List(fields.Nested(ProjectAuthorizations))
 
 
 class Project(Model):
-- 
cgit v1.2.3