add permission dependencies, add endpoints for various data

62d60447 · Tim Repke · 562b6838 · 62d60447 · 562b6838 · 62d60447
Commit 62d60447 authored 2 years ago by Tim Repke
--- a/server/api/__init__.py
+++ b/server/api/__init__.py
 from fastapi import APIRouter
 from .routes import ping
-from .routes import admin
+from .routes import users
 from .routes import annotations
-from .routes import login
+from .routes import auth
 from .routes import projects
+from .routes import project

 # this router proxies all /api endpoints
 router = APIRouter()
@@ -11,14 +12,18 @@ router = APIRouter()
 # route for testing / checking the service is reachable
 router.include_router(ping.router, prefix='/ping')

-# route for all admin-related endpoints
-router.include_router(admin.router, prefix='/admin')

 # route to fetch, manage, submit item annotations
 router.include_router(annotations.router, prefix='/annotations')

+# route for all user-related endpoints (everything not related to authentication)
+router.include_router(users.router, prefix='/users')
+
 # route for authentication
-router.include_router(login.router, prefix='/login')
+router.include_router(auth.router, prefix='/login')

-# route for project related things
+# route for general project things (aka non-project-specific)
 router.include_router(projects.router, prefix='/projects')
+
+# route for project related things
+router.include_router(project.router, prefix='/project')
--- a/server/api/routes/admin/__init__.py
+++ b/server/api/routes/admin/__init__.py
-from fastapi import APIRouter, Depends
-
-from server.util.security import get_current_active_superuser
-from . import users
-
-router = APIRouter(dependencies=[Depends(get_current_active_superuser)])
-
-router.include_router(users.router, prefix='/users')
--- a/server/api/routes/login.py
+++ b/server/api/routes/login.py
@@ -15,23 +15,23 @@ router = APIRouter()
 logger.info('Setting up login route')


-@router.post("/token", response_model=Token)
+@router.post('/token', response_model=Token)
 async def login_for_access_token(form_data: OAuth2PasswordRequestForm = Depends()):
    user = await authenticate_user(form_data.username, form_data.password)
    if not user:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
-            detail="Incorrect username or password",
-            headers={"WWW-Authenticate": "Bearer"},
+            detail='Incorrect username or password',
+            headers={'WWW-Authenticate': 'Bearer'},
        )
    access_token_expires = timedelta(minutes=settings.SERVER.ACCESS_TOKEN_EXPIRE_MINUTES)
    access_token = create_access_token(
-        data={"sub": user.username}, expires_delta=access_token_expires
+        data={'sub': user.username}, expires_delta=access_token_expires
    )
-    return {"access_token": access_token, "token_type": "bearer"}
+    return {'access_token': access_token, 'token_type': 'bearer'}


-@router.get("/me", response_model=UserModel)
+@router.get('/me', response_model=UserModel)
 async def read_users_me(current_user: UserModel = Depends(get_current_active_user)):
    return current_user

@@ -41,7 +41,7 @@ async def read_users_me(current_user: UserModel = Depends(get_current_active_use
 # TODO (optional) create permanent auth token


-# @router.post("/login/access-token", response_model=Token)
+# @router.post('/login/access-token", response_model=Token)
 # def login_access_token(
 #     form_data: OAuth2PasswordRequestForm = Depends()
 # ) -> Any:

--- a/server/api/routes/data.py
+++ b/server/api/routes/data.py
-from typing import Any
-from datetime import timedelta
-
-from fastapi import APIRouter, Body, Depends, HTTPException, status
-from fastapi.security import OAuth2PasswordRequestForm
-
-from nacsos_data.models.users import UserModel
-from nacsos_data.models.items import ItemModel
-from nacsos_data.models.items.twitter import TwitterItemModel
-
-from server.util.security import get_current_active_user, get_current_user_project_permissions
-from server.util.config import settings
-from server.util.logging import get_logger
-
-logger = get_logger('nacsos.api.route.data')
-router = APIRouter()
-
-logger.info('Setting up data route')
-
-
-@router.get("/project/{project_id}/items", response_model=list[ItemModel])
-async def read_users_me(project_id: str, current_user: UserModel = Depends(get_current_active_user)):
-    return current_user
--- a/server/api/routes/project/__init__.py
+++ b/server/api/routes/project/__init__.py
+from fastapi import APIRouter, Depends
+
+from nacsos_data.models.projects import ProjectModel
+from nacsos_data.db.crud.projects import read_project_by_id
+
+from server.data import db_engine
+from server.util.security import UserPermissionChecker
+from server.util.logging import get_logger
+
+from . import permissions
+from . import items
+
+logger = get_logger('nacsos.api.route.project')
+router = APIRouter()
+
+logger.info('Setting up projects route')
+
+
+@router.get('/{project_id}/info/', response_model=ProjectModel)
+async def get_project(project_id: str, permission=Depends(UserPermissionChecker())) -> ProjectModel:
+    return await read_project_by_id(project_id=project_id, engine=db_engine)
+
+
+# TODO create project (superuser only)
+# TODO edit project (project owner and superuser only)
+# TODO delete project (project owner and superuser only)
+
+# sub-router for everything related to project-level permission management
+router.include_router(permissions.router, prefix='/{project_id}/permissions')
+
+# sub-router for everything related to project-level items
+router.include_router(items.router, prefix='/{project_id}/items')
--- a/server/api/routes/project/items.py
+++ b/server/api/routes/project/items.py
+from typing import Any
+from datetime import timedelta
+
+from fastapi import APIRouter, Body, Depends, HTTPException, status
+from fastapi.security import OAuth2PasswordRequestForm
+
+from nacsos_data.models.users import UserModel
+from nacsos_data.models.items import ItemModel
+from nacsos_data.models.items.twitter import TwitterItemModel
+from nacsos_data.db.crud.items import read_all_items_for_project, create_item, create_items
+from nacsos_data.db.crud.items.twitter import read_tweet_by_item_id, read_tweet_by_twitter_id, \
+    read_tweets_by_author_id, read_all_tweets_for_project, create_tweet, create_tweets
+
+from server.data import db_engine
+from server.util.security import UserPermissionChecker
+from server.util.logging import get_logger
+
+logger = get_logger('nacsos.api.route.data')
+router = APIRouter()
+
+logger.info('Setting up data route')
+
+
+@router.get('/list/items', response_model=list[ItemModel])
+async def list_project_items(project_id: str, permission=Depends(UserPermissionChecker('dataset_read'))):
+    if permission:
+        items = await read_all_items_for_project(project_id=project_id, engine=db_engine)
+        return items
+
+
+@router.get('/detail/{item_id}', response_model=TwitterItemModel)
+async def get_detail_for_item(item_id: str, permission=Depends(UserPermissionChecker('dataset_read'))):
+    if permission:
+        # TODO first check what the correct data format for the project is via Project.type
+        tweets = await read_tweet_by_item_id(item_id=item_id, engine=db_engine)
+        return tweets
+
+
+@router.get('/twitter/list', response_model=list[TwitterItemModel])
+async def list_project_tweets(project_id: str, permission=Depends(UserPermissionChecker('dataset_read'))):
+    tweets = await read_all_tweets_for_project(project_id=project_id, engine=db_engine)
+    return tweets
+
+
+@router.post('/twitter/add')
+async def add_tweet(project_id: str, tweet: TwitterItemModel,
+                    permission=Depends(UserPermissionChecker('dataset_edit'))):
+    return await create_tweet(tweet=tweet, project_id=project_id, engine=db_engine)
--- a/server/api/routes/project/permissions.py
+++ b/server/api/routes/project/permissions.py
+from fastapi import APIRouter, Depends
+
+from nacsos_data.models.projects import ProjectPermissionsModel
+from nacsos_data.db.crud.projects import read_project_permissions_for_project, read_project_permissions_by_id
+
+from server.data import db_engine
+from server.util.security import UserPermissionChecker
+from server.util.logging import get_logger
+
+logger = get_logger('nacsos.api.route.project')
+router = APIRouter()
+
+logger.info('Setting up projects route')
+
+
+@router.get('/me', response_model=ProjectPermissionsModel)
+async def get_project_permissions_current_user(permission=Depends(UserPermissionChecker())) \
+        -> ProjectPermissionsModel:
+    return permission
+
+
+@router.get('/list', response_model=list[ProjectPermissionsModel])
+async def get_all_project_permissions(project_id: str, permission=Depends(UserPermissionChecker('owner'))) \
+        -> list[ProjectPermissionsModel]:
+    if permission:
+        return await read_project_permissions_for_project(project_id=project_id, engine=db_engine)
+
+
+@router.get('/{project_permission_id}', response_model=ProjectPermissionsModel)
+async def get_project_permissions_by_id(project_permission_id: str,
+                                        permission=Depends(UserPermissionChecker('owner'))) \
+        -> ProjectPermissionsModel:
+    if permission:
+        return await read_project_permissions_by_id(permissions_id=project_permission_id, engine=db_engine)
+
+# TODO create project permissions (project owner and superuser only)
+# TODO edit project permissions (project owner and superuser only)
+# TODO delete project permissions (project owner and superuser only)
--- a/server/api/routes/projects.py
+++ b/server/api/routes/projects.py
-from datetime import timedelta
-
-from fastapi import APIRouter, Body, Depends, HTTPException, status
-from fastapi.security import OAuth2PasswordRequestForm
+from fastapi import APIRouter, Depends

 from nacsos_data.models.users import UserModel
-from nacsos_data.models.projects import ProjectModel, ProjectPermissionsModel
-from nacsos_data.db.crud.projects import \
-    get_all_projects as crud_get_all_projects, \
-    get_all_projects_for_user as crud_get_all_projects_for_user, \
-    get_project_by_id as crud_get_project_by_id, \
-    get_project_permissions_for_project as crud_get_project_permissions_for_project, \
-    get_project_permissions_for_user as crud_get_project_permissions_for_user, \
-    get_project_permissions_by_id as crud_get_project_permissions_by_id
+from nacsos_data.models.projects import ProjectModel
+from nacsos_data.db.crud.projects import read_all_projects, read_all_projects_for_user

 from server.data import db_engine
-from server.util.security import get_current_active_user, UserPermissionChecker
+from server.util.security import get_current_active_user
 from server.util.logging import get_logger

 logger = get_logger('nacsos.api.route.projects')
@@ -33,37 +24,5 @@ async def get_all_projects(current_user: UserModel = Depends(get_current_active_
    :return: List of projects
    """
    if current_user.is_superuser:
-        return await crud_get_all_projects(engine=db_engine)
-    return await crud_get_all_projects_for_user(current_user.user_id, engine=db_engine)
-
-
-@router.get('/{project_id}/info/', response_model=ProjectModel)
-async def get_project(project_id: str, permission=Depends(UserPermissionChecker())) -> ProjectModel:
-    return await crud_get_project_by_id(project_id=project_id, engine=db_engine)
-
-
-@router.get('/{project_id}/permissions/me', response_model=ProjectPermissionsModel)
-async def get_project_permissions_current_user(permission=Depends(UserPermissionChecker()))\
-        -> ProjectPermissionsModel:
-    return permission
-
-
-@router.get('/{project_id}/permissions/all', response_model=list[ProjectPermissionsModel])
-async def get_all_project_permissions(project_id: str, permission=Depends(UserPermissionChecker('owner'))) \
-        -> list[ProjectPermissionsModel]:
-    return await crud_get_project_permissions_for_project(project_id=project_id, engine=db_engine)
-
-
-@router.get('/{project_id}/permissions/{project_permission_id}', response_model=ProjectPermissionsModel)
-async def get_project_permissions_by_id(project_permission_id: str,
-                                        permission=Depends(UserPermissionChecker('owner'))) \
-        -> ProjectPermissionsModel:
-    return await crud_get_project_permissions_by_id(permissions_id=project_permission_id, engine=db_engine)
-
-# TODO create project (superuser only)
-# TODO edit project (project owner and superuser only)
-# TODO delete project (project owner and superuser only)
-
-# TODO create project permissions (project owner and superuser only)
-# TODO edit project permissions (project owner and superuser only)
-# TODO delete project permissions (project owner and superuser only)
+        return await read_all_projects(engine=db_engine)
+    return await read_all_projects_for_user(current_user.user_id, engine=db_engine)
--- a/server/api/routes/admin/users.py
+++ b/server/api/routes/admin/users.py
-from fastapi import APIRouter
+from fastapi import APIRouter, Depends
 from server.util.logging import get_logger
 from nacsos_data.models.users import UserModel, UserInDBModel
-from nacsos_data.db.crud.users import get_all_users as crud_get_all_users
+from nacsos_data.db.crud.users import read_all_users
+from server.util.security import get_current_active_superuser
 from server.data import db_engine

 logger = get_logger('nacsos.api.route.admin.users')
 router = APIRouter()


-@router.get('/', response_model=list[UserModel])
-async def get_all_users() -> list[UserInDBModel]:
-    result = await crud_get_all_users(engine=db_engine)
+@router.get('/list', response_model=list[UserModel])
+async def get_all_users(current_user=Depends(get_current_active_superuser)) -> list[UserInDBModel]:
+    result = await read_all_users(engine=db_engine)
    return result
+
--- a/server/schemas/__init__.py
+++ b/server/schemas/__init__.py
--- a/server/util/email.py
+++ b/server/util/email.py
 # TODO integrate this somehow in a sensible way
-# https://github.com/tiangolo/full-stack-fastapi-postgresql/blob/490c554e23343eec0736b06e59b2108fdd057fdc/%7B%7Bcookiecutter.project_slug%7D%7D/backend/app/app/utils.py
\ No newline at end of file
+#      https://fastapi.tiangolo.com/tutorial/background-tasks/
+#      https://github.com/tiangolo/full-stack-fastapi-postgresql/blob/490c554e23343eec0736b06e59b2108fdd057fdc/%7B%7Bcookiecutter.project_slug%7D%7D/backend/app/app/utils.py
\ No newline at end of file
--- a/server/util/security.py
+++ b/server/util/security.py
@@ -8,8 +8,8 @@ from fastapi.security import OAuth2PasswordBearer

 from nacsos_data.models.users import UserModel
 from nacsos_data.models.projects import ProjectPermissionsModel
-from nacsos_data.db.crud.users import get_user_by_name as crud_get_user_by_name
-from nacsos_data.db.crud.projects import get_project_permissions_for_user as crud_get_project_permissions_for_user
+from nacsos_data.db.crud.users import read_user_by_name as crud_get_user_by_name
+from nacsos_data.db.crud.projects import read_project_permissions_for_user as crud_get_project_permissions_for_user

 from server.data import db_engine
 from server.util.config import settings