sr2/cloud-api
6
0
Fork 1
Code Issues 8 Pull requests 2 Projects Releases Packages Wiki Activity Actions

Compare commits

base: sr2:d6c14655c0b47617ff8c031542928b50f2a3ca59
Branches Tags
sr2:main
sr2:renovate/configure
..
compare: sr2:662b9c8e268db74fef726fbde54cc49569277c46
Branches Tags
sr2:main
sr2:renovate/configure

No commits in common. "d6c14655c0b47617ff8c031542928b50f2a3ca59" and "662b9c8e268db74fef726fbde54cc49569277c46" have entirely different histories.
d6c14655c0 ... 662b9c8e26

8 changed files with 17 additions and 172 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/iam/models.py
View file

@ -42,9 +42,7 @@ class Permission(Base):
),
)
service_rel = relationship(
"Service", back_populates="permission_rel", foreign_keys="Permission.service_id"
)
service_rel = relationship("Service", foreign_keys="Permission.service_id")
@property
def service_name(self):

38
src/iam/router.py
View file

@ -23,7 +23,6 @@ from sqlalchemy.exc import IntegrityError
from psycopg.errors import UniqueViolation
from src.iam.exceptions import GroupNotFoundException
from src.organisation.dependencies import org_model_body_dependency
from src.organisation.exceptions import OrgNotFoundException
from src.schemas import GroupSummary, OrgSummary, ResourceName
from src.service.dependencies import service_model_body_dependency
@ -83,8 +82,6 @@ from src.iam.schemas import (
IAMCAoRResponse,
IAMPutGroupInvitationAcceptResponse,
IAMPutGroupInvitationResponse,
IAMPutOrgPermissionsRequest,
IAMPutOrgPermissionsResponse,
)
from src.utils import verify_email_token
@ -550,7 +547,7 @@ async def delete_permission(
response_model=IAMGetPermissionsSearchResponse,
responses={},
)
async def permissions_search(
async def post_permissions(
db: db_dependency,
org_model: org_model_root_claim_body_dependency,
request_model: IAMGetPermissionsSearchRequest,
@ -675,36 +672,3 @@ async def accept_invitation(
db.commit()
return response
@router.put(
path="/org/permissions",
summary="Grants an org access to permissions",
status_code=status.HTTP_200_OK,
response_model=IAMPutOrgPermissionsResponse,
responses={
status.HTTP_401_UNAUTHORIZED: {"description": "Must be super user."},
},
)
async def add_org_permissions(
db: db_dependency,
su: super_admin_dependency,
org_model: org_model_body_dependency,
request_model: IAMPutOrgPermissionsRequest,
):
"""
Grants a permission to a group. Returns a list of the permissions in the group as well as a summary for the org and group.
"""
for permission in request_model.permissions:
perm_model = db.get(Perm, permission)
if perm_model not in org_model.permission_rel:
org_model.permission_rel.append(perm_model)
db.flush()
response = IAMPutOrgPermissionsResponse(
organisation=OrgSummary(**org_model.__dict__),
permissions=org_model.permission_rel,
)
db.commit()
return response

9
src/iam/schemas.py
View file

@ -150,12 +150,3 @@ class IAMPutGroupInvitationAcceptResponse(CustomBaseModel):
organisation: OrgSummary
user: UserSummary
group: GroupDetails
class IAMPutOrgPermissionsRequest(OrgIDMixin):
permissions: list[int]
class IAMPutOrgPermissionsResponse(CustomBaseModel):
organisation: OrgSummary
permissions: list[PermissionSchema]

10
src/iam/service.py
View file

@ -7,19 +7,21 @@ Exports:
from typing import Annotated
from datetime import datetime, timedelta, timezone
from fastapi import Request, Depends
from src.service.models import Service
from src.database import db_dependency
from src.exceptions import UnauthorizedException
from src.utils import send_email, generate_jwt
from src.iam.schemas import IAMCAoRRequest
from src.iam.models import Group
from src.service.models import Service
from src.service.schemas import HasServiceName
from fastapi import Request, Depends
def valid_service_key(
db: db_dependency, request: Request, request_model: HasServiceName
db: db_dependency, request: Request, request_model: IAMCAoRRequest
) -> bool:
rn = request_model.rn
api_key = request.headers.get("X-API-Key", None)

17
src/schemas.py
View file

@ -14,6 +14,13 @@ class CustomBaseModel(BaseModel):
pass
class ResourceName(CustomBaseModel):
service: str
organisation: str
resource: str
instance: Optional[str] = None
### Mixins ###
class OrgIDMixin(CustomBaseModel):
organisation_id: int = Field(gt=0)
@ -35,10 +42,6 @@ class UserIDMixin(CustomBaseModel):
user_id: int = Field(gt=0)
class ServiceNameMixin(CustomBaseModel):
service: str
class OrgSummary(CustomBaseModel):
id: int
name: str
@ -57,9 +60,3 @@ class UserSummary(CustomBaseModel):
class ServiceSummary(CustomBaseModel):
id: int
name: str
class ResourceName(ServiceNameMixin):
organisation: str
resource: str
instance: Optional[str] = None

3
src/service/models.py
View file

@ -7,7 +7,6 @@ Models:
"""
from sqlalchemy import Column, Integer, String
from sqlalchemy.orm import relationship
from src.database import Base
@ -18,5 +17,3 @@ class Service(Base):
id = Column(Integer, primary_key=True)
name = Column(String, unique=True)
api_key = Column(String, unique=True)
permission_rel = relationship("Permission", back_populates="service_rel")

68
src/service/router.py
View file

@ -18,9 +18,6 @@ from src.auth.dependencies import (
super_admin_dependency,
org_model_root_claim_query_dependency,
)
from src.iam.service import service_key_dependency
from src.iam.models import Permission as Perm
from src.service.exceptions import ServiceNotFoundException
from src.service.models import Service
from src.service.utils import generate_api_key
@ -35,8 +32,6 @@ from src.service.schemas import (
ServiceWithKeySchema,
ServicePatchKeyResponse,
ServicePatchKeyRequest,
ServicePostPermissionsResponse,
ServicePostPermissionsRequest,
)
router = APIRouter(
@ -175,66 +170,3 @@ async def remove_service(
"""
db.delete(service_model)
db.commit()
@router.post(
path="/permissions",
summary="Service endpoint for creating its own permissions.",
status_code=status.HTTP_200_OK,
response_model=ServicePostPermissionsResponse,
responses={
status.HTTP_401_UNAUTHORIZED: {
"description": "API Key missing or invalid | Issue verifying user OIDC claims"
},
},
)
async def service_create_new_permissions(
db: db_dependency,
request_model: ServicePostPermissionsRequest,
valid_key: service_key_dependency,
):
"""
Allows a service to register its own set of permissions.
"""
service_model = (
db.query(Service).filter(Service.name == request_model.rn.service).first()
)
if service_model is None:
raise ServiceNotFoundException()
else:
service_id = service_model.id
response_list = []
for new_permission in request_model.permissions:
perm_model = (
db.query(Perm)
.filter(Perm.service_id == service_id)
.filter(Perm.resource == new_permission.resource)
.filter(Perm.action == new_permission.action)
.first()
)
if perm_model is not None:
response_code = 409
response = {
"id": perm_model.id,
"service_name": perm_model.service_name,
"resource": perm_model.resource,
"action": perm_model.action,
}
response_list.append((response, response_code))
continue
new_perm_model = Perm(**new_permission.__dict__)
new_perm_model.service_id = service_id
db.add(new_perm_model)
db.flush()
response_code = 201
response = {
"id": new_perm_model.id,
"service_name": new_perm_model.service_name,
"resource": new_perm_model.resource,
"action": new_perm_model.action,
}
response_list.append((response, response_code))
db.commit()
return {"permissions": response_list}

40
src/service/schemas.py
View file

@ -6,36 +6,9 @@ Models follow the nomenclature of:
- Models: "<Module><Method><Resource><Opt:Resource><Direction>" ie "ServiceGetServiceResponse"
"""
from typing import Generic, TypeVar
from pydantic import Field, ConfigDict
from pydantic import Field
from src.schemas import (
CustomBaseModel,
ServiceIDMixin,
ServiceSummary,
ServiceNameMixin,
)
T = TypeVar("T", bound=ServiceNameMixin)
class HasServiceName(CustomBaseModel, Generic[T]):
rn: T
class PermissionResponseSchema(CustomBaseModel):
model_config = ConfigDict(from_attributes=True, extra="ignore")
id: int
service_name: str
resource: str
action: str
class PermissionRequestSchema(CustomBaseModel):
resource: str
action: str
from src.schemas import CustomBaseModel, ServiceIDMixin, ServiceSummary
class ServiceWithKeySchema(ServiceSummary):
@ -60,12 +33,3 @@ class ServicePatchKeyRequest(ServiceIDMixin):
class ServicePatchKeyResponse(CustomBaseModel):
service: ServiceWithKeySchema
class ServicePostPermissionsRequest(CustomBaseModel):
rn: ServiceNameMixin
permissions: list[PermissionRequestSchema]
class ServicePostPermissionsResponse(CustomBaseModel):
permissions: list[tuple[PermissionResponseSchema, int]]