From 690818051d0c9768cdaf735acf77ea9e98f00b38 Mon Sep 17 00:00:00 2001 From: Georgios Andreadis Date: Tue, 30 Jun 2020 10:31:27 +0200 Subject: Implement authorizations endpoint --- web-server/opendc/models/simulation.py | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'web-server/opendc/models') diff --git a/web-server/opendc/models/simulation.py b/web-server/opendc/models/simulation.py index 5cd3d49e..a77697ab 100644 --- a/web-server/opendc/models/simulation.py +++ b/web-server/opendc/models/simulation.py @@ -1,5 +1,6 @@ from opendc.models.model import Model from opendc.models.user import User +from opendc.util.database import DB from opendc.util.exceptions import ClientError from opendc.util.rest import Response @@ -13,3 +14,10 @@ class Simulation(Model): filter(lambda x: str(x['simulationId']) == str(self.obj['_id']), user.obj['authorizations'])) if len(authorizations) == 0 or (edit_access and authorizations[0]['authorizationLevel'] == 'VIEW'): raise ClientError(Response(403, "Forbidden from retrieving simulation.")) + + def get_all_authorizations(self): + return [ + user['_id'] for user in DB.fetch_all({'authorizations': { + 'simulationId': self.obj['_id'] + }}, User.collection_name) + ] -- cgit v1.2.3 From 4ec6212a220c3627bdad070ac2f0e05e2d663979 Mon Sep 17 00:00:00 2001 From: Georgios Andreadis Date: Tue, 30 Jun 2020 11:17:06 +0200 Subject: Add new experiment endpoints --- web-server/opendc/models/experiment.py | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 web-server/opendc/models/experiment.py (limited to 'web-server/opendc/models') diff --git a/web-server/opendc/models/experiment.py b/web-server/opendc/models/experiment.py new file mode 100644 index 00000000..dd7aa4f8 --- /dev/null +++ b/web-server/opendc/models/experiment.py @@ -0,0 +1,15 @@ +from opendc.models.model import Model +from opendc.models.user import User +from opendc.util.exceptions import ClientError +from opendc.util.rest import Response + + +class Experiment(Model): + collection_name = 'experiments' + + def check_user_access(self, google_id, edit_access): + user = User.from_google_id(google_id) + authorizations = list( + filter(lambda x: str(x['simulationId']) == str(self.obj['simulationId']), user.obj['authorizations'])) + if len(authorizations) == 0 or (edit_access and authorizations[0]['authorizationLevel'] == 'VIEW'): + raise ClientError(Response(403, "Forbidden from retrieving/editing experiment.")) -- cgit v1.2.3 From 9f87ab4bbab048b527585929135cab80fafd9ef9 Mon Sep 17 00:00:00 2001 From: Georgios Andreadis Date: Tue, 30 Jun 2020 13:28:18 +0200 Subject: Address a number of pylint issues --- web-server/opendc/models/experiment.py | 9 +++++++++ web-server/opendc/models/model.py | 15 ++++++++++++--- web-server/opendc/models/simulation.py | 8 ++++++++ web-server/opendc/models/topology.py | 11 ++++++++++- web-server/opendc/models/trace.py | 2 ++ web-server/opendc/models/user.py | 10 ++++++++++ 6 files changed, 51 insertions(+), 4 deletions(-) (limited to 'web-server/opendc/models') diff --git a/web-server/opendc/models/experiment.py b/web-server/opendc/models/experiment.py index dd7aa4f8..ac606d64 100644 --- a/web-server/opendc/models/experiment.py +++ b/web-server/opendc/models/experiment.py @@ -5,9 +5,18 @@ from opendc.util.rest import Response class Experiment(Model): + """Model representing a Experiment.""" + collection_name = 'experiments' def check_user_access(self, google_id, edit_access): + """Raises an error if the user with given [google_id] has insufficient access. + + Checks access on the parent simulation. + + :param google_id: The Google ID of the user. + :param edit_access: True when edit access should be checked, otherwise view access. + """ user = User.from_google_id(google_id) authorizations = list( filter(lambda x: str(x['simulationId']) == str(self.obj['simulationId']), user.obj['authorizations'])) diff --git a/web-server/opendc/models/model.py b/web-server/opendc/models/model.py index b2fd1844..2b8eb4dc 100644 --- a/web-server/opendc/models/model.py +++ b/web-server/opendc/models/model.py @@ -4,31 +4,40 @@ from opendc.util.rest import Response class Model: + """Base class for all models.""" + collection_name = '' @classmethod def from_id(cls, _id): - return cls(DB.fetch_one({'_id': _id}, Model.collection_name)) + """Fetches the document with given ID from the collection.""" + return cls(DB.fetch_one({'_id': _id}, cls.collection_name)) @classmethod def get_all(cls): - return cls(DB.fetch_all({}, Model.collection_name)) + """Fetches all documents from the collection.""" + return cls(DB.fetch_all({}, cls.collection_name)) def __init__(self, obj): self.obj = obj def check_exists(self): + """Raises an error if the enclosed object does not exist.""" if self.obj is None: raise ClientError(Response(404, 'Not found.')) def set_property(self, key, value): + """Sets the given property on the enclosed object.""" self.obj[key] = value def insert(self): + """Inserts the enclosed object and updates the internal reference to the newly inserted object.""" self.obj = DB.insert(self.obj, self.collection_name) def update(self): + """Updates the enclosed object and updates the internal reference to the newly inserted object.""" self.obj = DB.update(self.obj['_id'], self.obj, self.collection_name) def delete(self): - self.obj = DB.delete_one({'_id': self.obj['_id']}, self.collection_name) + """Deletes the enclosed object in the database.""" + DB.delete_one({'_id': self.obj['_id']}, self.collection_name) diff --git a/web-server/opendc/models/simulation.py b/web-server/opendc/models/simulation.py index a77697ab..bf19368c 100644 --- a/web-server/opendc/models/simulation.py +++ b/web-server/opendc/models/simulation.py @@ -6,9 +6,16 @@ from opendc.util.rest import Response class Simulation(Model): + """Model representing a Simulation.""" + collection_name = 'simulations' def check_user_access(self, google_id, edit_access): + """Raises an error if the user with given [google_id] has insufficient access. + + :param google_id: The Google ID of the user. + :param edit_access: True when edit access should be checked, otherwise view access. + """ user = User.from_google_id(google_id) authorizations = list( filter(lambda x: str(x['simulationId']) == str(self.obj['_id']), user.obj['authorizations'])) @@ -16,6 +23,7 @@ class Simulation(Model): raise ClientError(Response(403, "Forbidden from retrieving simulation.")) def get_all_authorizations(self): + """Get all user IDs having access to this simulation.""" return [ user['_id'] for user in DB.fetch_all({'authorizations': { 'simulationId': self.obj['_id'] diff --git a/web-server/opendc/models/topology.py b/web-server/opendc/models/topology.py index 37b4c5c8..1447af98 100644 --- a/web-server/opendc/models/topology.py +++ b/web-server/opendc/models/topology.py @@ -5,11 +5,20 @@ from opendc.util.rest import Response class Topology(Model): + """Model representing a Simulation.""" + collection_name = 'topologies' def check_user_access(self, google_id, edit_access): + """Raises an error if the user with given [google_id] has insufficient access. + + Checks access on the parent simulation. + + :param google_id: The Google ID of the user. + :param edit_access: True when edit access should be checked, otherwise view access. + """ user = User.from_google_id(google_id) - authorizations = list(filter(lambda x: str(x['topologyId']) == str(self.obj['_id']), + authorizations = list(filter(lambda x: str(x['simulationId']) == str(self.obj['simulationId']), user.obj['authorizations'])) if len(authorizations) == 0 or (edit_access and authorizations[0]['authorizationLevel'] == 'VIEW'): raise ClientError(Response(403, "Forbidden from retrieving topology.")) diff --git a/web-server/opendc/models/trace.py b/web-server/opendc/models/trace.py index c18f8ea2..2f6e4926 100644 --- a/web-server/opendc/models/trace.py +++ b/web-server/opendc/models/trace.py @@ -2,4 +2,6 @@ from opendc.models.model import Model class Trace(Model): + """Model representing a Trace.""" + collection_name = 'traces' diff --git a/web-server/opendc/models/user.py b/web-server/opendc/models/user.py index cd314457..8e8ff945 100644 --- a/web-server/opendc/models/user.py +++ b/web-server/opendc/models/user.py @@ -5,21 +5,31 @@ from opendc.util.rest import Response class User(Model): + """Model representing a User.""" + collection_name = 'users' @classmethod def from_email(cls, email): + """Fetches the user with given email from the collection.""" return User(DB.fetch_one({'email': email}, User.collection_name)) @classmethod def from_google_id(cls, google_id): + """Fetches the user with given Google ID from the collection.""" return User(DB.fetch_one({'googleId': google_id}, User.collection_name)) def check_correct_user(self, request_google_id): + """Raises an error if a user tries to modify another user. + + :param request_google_id: + """ if request_google_id is not None and self.obj['googleId'] != request_google_id: raise ClientError(Response(403, f'Forbidden from editing user with ID {self.obj["_id"]}.')) def check_already_exists(self): + """Checks if the user already exists in the database.""" + existing_user = DB.fetch_one({'googleId': self.obj['googleId']}, self.collection_name) if existing_user is not None: -- cgit v1.2.3 From e1b29eafbd0b6285b7bea2e24709c7622d41173d Mon Sep 17 00:00:00 2001 From: Georgios Andreadis Date: Tue, 30 Jun 2020 14:04:11 +0200 Subject: Fix all violations --- web-server/opendc/models/topology.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'web-server/opendc/models') diff --git a/web-server/opendc/models/topology.py b/web-server/opendc/models/topology.py index 1447af98..1c717221 100644 --- a/web-server/opendc/models/topology.py +++ b/web-server/opendc/models/topology.py @@ -18,7 +18,7 @@ class Topology(Model): :param edit_access: True when edit access should be checked, otherwise view access. """ user = User.from_google_id(google_id) - authorizations = list(filter(lambda x: str(x['simulationId']) == str(self.obj['simulationId']), - user.obj['authorizations'])) + authorizations = list( + filter(lambda x: str(x['simulationId']) == str(self.obj['simulationId']), user.obj['authorizations'])) if len(authorizations) == 0 or (edit_access and authorizations[0]['authorizationLevel'] == 'VIEW'): raise ClientError(Response(403, "Forbidden from retrieving topology.")) -- cgit v1.2.3 From a27598ee4755423ebd2f0ad8c505644d644cf2c8 Mon Sep 17 00:00:00 2001 From: Georgios Andreadis Date: Tue, 30 Jun 2020 14:07:51 +0200 Subject: Make accessing the ID easer --- web-server/opendc/models/model.py | 8 ++++++-- web-server/opendc/models/simulation.py | 4 ++-- 2 files changed, 8 insertions(+), 4 deletions(-) (limited to 'web-server/opendc/models') diff --git a/web-server/opendc/models/model.py b/web-server/opendc/models/model.py index 2b8eb4dc..1935638f 100644 --- a/web-server/opendc/models/model.py +++ b/web-server/opendc/models/model.py @@ -21,6 +21,10 @@ class Model: def __init__(self, obj): self.obj = obj + def get_id(self): + """Returns the ID of the enclosed object.""" + return self.obj['_id'] + def check_exists(self): """Raises an error if the enclosed object does not exist.""" if self.obj is None: @@ -36,8 +40,8 @@ class Model: def update(self): """Updates the enclosed object and updates the internal reference to the newly inserted object.""" - self.obj = DB.update(self.obj['_id'], self.obj, self.collection_name) + self.obj = DB.update(self.get_id(), self.obj, self.collection_name) def delete(self): """Deletes the enclosed object in the database.""" - DB.delete_one({'_id': self.obj['_id']}, self.collection_name) + DB.delete_one({'_id': self.get_id()}, self.collection_name) diff --git a/web-server/opendc/models/simulation.py b/web-server/opendc/models/simulation.py index bf19368c..dbe1e800 100644 --- a/web-server/opendc/models/simulation.py +++ b/web-server/opendc/models/simulation.py @@ -18,7 +18,7 @@ class Simulation(Model): """ user = User.from_google_id(google_id) authorizations = list( - filter(lambda x: str(x['simulationId']) == str(self.obj['_id']), user.obj['authorizations'])) + filter(lambda x: str(x['simulationId']) == str(self.get_id()), user.obj['authorizations'])) if len(authorizations) == 0 or (edit_access and authorizations[0]['authorizationLevel'] == 'VIEW'): raise ClientError(Response(403, "Forbidden from retrieving simulation.")) @@ -26,6 +26,6 @@ class Simulation(Model): """Get all user IDs having access to this simulation.""" return [ user['_id'] for user in DB.fetch_all({'authorizations': { - 'simulationId': self.obj['_id'] + 'simulationId': self.get_id() }}, User.collection_name) ] -- cgit v1.2.3