add openalex permissions to route

ee5406cd · Tim Repke · 745d2dee · ee5406cd · ee5406cd
Commit ee5406cd authored 1 year ago by Tim Repke
--- a/server/api/routes/project/permissions.py
+++ b/server/api/routes/project/permissions.py
+from uuid import uuid4
 from fastapi import APIRouter, Depends
 from nacsos_data.db.crud import upsert_orm
 from sqlalchemy import select
@@ -12,7 +13,7 @@ from nacsos_data.db.crud.projects import \
    delete_project_permissions

 from server.data import db_engine
-from server.util.security import UserPermissionChecker, UserPermissions
+from server.util.security import UserPermissionChecker, UserPermissions, InsufficientPermissions
 from server.util.logging import get_logger

 logger = get_logger('nacsos.api.route.project')
@@ -51,11 +52,53 @@ async def get_all_user_permissions(permission=Depends(UserPermissionChecker('own
 @router.put('/permission', response_model=str)
 async def save_project_permission(project_permission: ProjectPermissionsModel,
                                  permission=Depends(UserPermissionChecker('owner'))) -> str:
-    pkey = await upsert_orm(upsert_model=project_permission, Schema=ProjectPermissions,
-                            primary_key='project_permission_id',
-                            skip_update=['project_id', 'user_id', 'project_permission_id'],
-                            db_engine=db_engine)
-    return str(pkey)
+    async with db_engine.session() as session:
+        logger.debug(f'Updating project permissions')
+
+        # Some permissions can only be given by superusers of the platform.
+        is_su = permission.user.is_superuser
+
+        if project_permission.project_permission_id is None:
+            logger.debug(f'No existing project_permissions found, creating new!')
+            project_permission.project_permission_id = uuid4()
+        else:
+            # fetch existing model from the database
+            stmt = select(ProjectPermissions).filter_by(project_permission_id=project_permission.project_permission_id)
+            existing_perms: ProjectPermissions | None = (await session.scalars(stmt)).one_or_none()
+            if existing_perms is not None:
+                logger.debug(f'Existing project_permissions found, attempting to UPDATE!')
+
+                # Assert that the current user is even allowed to hand out these permissions
+                if not is_su and ((project_permission.search_oa is True
+                                   and existing_perms.search_oa is False)
+                                  or (project_permission.import_limit_oa > 0
+                                      and existing_perms.import_limit_oa < 1)
+                                  or (project_permission.search_dimensions is True
+                                      and existing_perms.search_dimensions is False)):
+                    raise InsufficientPermissions('Only super-admins are allowed to change this setting.')
+
+                # Update values
+                for key, value in project_permission.model_dump().items():
+                    if key not in {'project_id', 'user_id', 'project_permission_id'}:
+                        setattr(existing_perms, key, value)
+
+                # Save
+                await session.commit()
+                return str(project_permission.project_permission_id)
+
+        # Create new permission
+
+        # Assert that the current user is even allowed to hand out these permissions
+        if not is_su and (project_permission.search_oa is True
+                          or project_permission.import_limit_oa > 0
+                          or project_permission.search_dimensions is True):
+            raise InsufficientPermissions('Only super-admins are allowed to change this setting.')
+
+        # Write new permissions to database
+        pp_orm = ProjectPermissions(**project_permission.model_dump())
+        session.add(pp_orm)
+        await session.commit()
+        return str(project_permission.project_permission_id)


 @router.delete('/permission')

--- a/server/util/config.py
+++ b/server/util/config.py
@@ -118,6 +118,9 @@ class Settings(BaseSettings):
    USERS: UsersConfig = UsersConfig()
    PIPES: PipelinesConfig = PipelinesConfig()

+    # URL including path to OpenAlex collection
+    OPENALEX: AnyHttpUrl = 'http://localhost:8983/solr/openalex'
+
    # EMAIL: EmailConfig

    LOG_CONF_FILE: str = 'config/logging.conf'