Endpoint for file acl

Signed-off-by: Tiago Garcia <tiago.rgarcia@ua.pt>
This commit is contained in:
Tiago Garcia 2024-12-16 19:07:16 +00:00
parent e228e4f340
commit 7a00abbd6f
Signed by: TiagoRG
GPG Key ID: DFCD48E3F420DB42
3 changed files with 61 additions and 13 deletions

View File

@ -149,6 +149,14 @@ Mainly, it's divided into 3 categories:
- `POST /file/delete/<document_handle>`: Deletes a file. - `POST /file/delete/<document_handle>`: Deletes a file.
- Required headers: - Required headers:
- `Authorization: token - `Authorization: token
- `POST /file/acl`: Updates the ACL for a file.
- Required headers:
- `Authorization: token`
- Required payload fields:
- `document_handle`: Document handle.
- `role`: Role name.
- `perm`: Permission name.
- `operation`: `add` | `remove`. (One of the following: add, remove)
- `POST /role/create`: Creates a new role. - `POST /role/create`: Creates a new role.
- Required headers: - Required headers:
- `Authorization: token` - `Authorization: token`

View File

@ -2,8 +2,8 @@ import json
from flask import Blueprint, request, jsonify, send_file, Response from flask import Blueprint, request, jsonify, send_file, Response
from utils import Perm, get_hex_from_temp_file, get_hash, check_valid_time from utils import Perm, get_hex_from_temp_file, get_hash, check_valid_time, PermOperation
from services import FileService, OrganizationService, UserService, SessionService from services import FileService, OrganizationService, UserService, SessionService, RoleService
file_bp = Blueprint("file", __name__) file_bp = Blueprint("file", __name__)
upload_service = FileService() upload_service = FileService()
@ -164,6 +164,46 @@ def file_delete(document_handle: str):
return jsonify(file.to_dict()) return jsonify(file.to_dict())
@file_bp.route("/acl", methods=["POST"])
def file_acl():
session_token = request.headers.get("Authorization")
if not session_token:
return jsonify({"error": "No session token"}), 400
data = request.json
if type(data) is str:
data = json.loads(data)
if "document_handle" not in data or "role" not in data or "perm" not in data or "operation" not in data:
return jsonify({"error": "Missing required fields"}), 400
doc_handle = data["document_handle"]
role = data["role"]
perm = Perm.from_str(data["perm"])
operation = PermOperation.ADD if data["operation"] == "add" else PermOperation.REMOVE
session = SessionService.validate_session(session_token, required_perms=[Perm.DOC_ACL], doc_handle=doc_handle)
if isinstance(session, tuple):
return session
org = OrganizationService.get_organization(session.org_id)
if not org:
return jsonify({"error": "Organization not found"}), 404
file = FileService.get_file_by_document_handle(doc_handle)
if not file:
return jsonify({"error": "File not found"}), 404
if role not in org.roles:
return jsonify({"error": "Role not found"}), 404
try:
RoleService.change_perm_on_role_in_file(file, role, perm, operation)
except ValueError as e:
return jsonify({"error": str(e)}), 400
return jsonify(file.to_dict()), 200
################################################ ################################################

View File

@ -35,7 +35,7 @@ def role_create():
return jsonify(role), 201 return jsonify(role), 201
@role_bp.route("/<role>/list/users", methods=["GET"]) @role_bp.route("/<string:role>/list/users", methods=["GET"])
def role_list_users(role): def role_list_users(role):
session_token = request.headers.get("Authorization") session_token = request.headers.get("Authorization")
if not session_token: if not session_token:
@ -56,7 +56,7 @@ def role_list_users(role):
return jsonify(users), 200 return jsonify(users), 200
@role_bp.route("/<role>/list/perms", methods=["GET"]) @role_bp.route("/<string:role>/list/perms", methods=["GET"])
def role_list_perms(role): def role_list_perms(role):
session_token = request.headers.get("Authorization") session_token = request.headers.get("Authorization")
if not session_token: if not session_token:
@ -77,7 +77,7 @@ def role_list_perms(role):
return jsonify(perms), 200 return jsonify(perms), 200
@role_bp.route("/<role>/suspend", methods=["POST"]) @role_bp.route("/<string:role>/suspend", methods=["POST"])
def role_suspend(role): def role_suspend(role):
data = request.json data = request.json
if type(data) is str: if type(data) is str:
@ -106,7 +106,7 @@ def role_suspend(role):
return jsonify({"message": "Role suspended"}), 200 return jsonify({"message": "Role suspended"}), 200
@role_bp.route("/<role>/activate", methods=["POST"]) @role_bp.route("/<string:role>/activate", methods=["POST"])
def role_activate(role): def role_activate(role):
data = request.json data = request.json
if type(data) is str: if type(data) is str:
@ -135,7 +135,7 @@ def role_activate(role):
return jsonify({"message": "Role activated"}), 200 return jsonify({"message": "Role activated"}), 200
@role_bp.route("/<role>/user/add/<username>", methods=["POST"]) @role_bp.route("/<string:role>/user/add/<username>", methods=["POST"])
def role_user_add(role, username): def role_user_add(role, username):
data = request.json data = request.json
if type(data) is str: if type(data) is str:
@ -168,7 +168,7 @@ def role_user_add(role, username):
return jsonify({"message": "User added to role"}), 200 return jsonify({"message": "User added to role"}), 200
@role_bp.route("/<role>/user/remove/<username>", methods=["POST"]) @role_bp.route("/<string:role>/user/remove/<username>", methods=["POST"])
def role_user_remove(role, username): def role_user_remove(role, username):
data = request.json data = request.json
if type(data) is str: if type(data) is str:
@ -201,7 +201,7 @@ def role_user_remove(role, username):
return jsonify({"message": "User removed from role"}), 200 return jsonify({"message": "User removed from role"}), 200
@role_bp.route("/<role>/perm/add/<perm>", methods=["POST"]) @role_bp.route("/<string:role>/perm/add/<perm>", methods=["POST"])
def role_perm_add(role, perm): def role_perm_add(role, perm):
data = request.json data = request.json
if type(data) is str: if type(data) is str:
@ -230,7 +230,7 @@ def role_perm_add(role, perm):
return jsonify({"message": "Permission added to role"}), 200 return jsonify({"message": "Permission added to role"}), 200
@role_bp.route("/<role>/perm/remove/<perm>", methods=["POST"]) @role_bp.route("/<string:role>/perm/remove/<perm>", methods=["POST"])
def role_perm_remove(role, perm): def role_perm_remove(role, perm):
data = request.json data = request.json
if type(data) is str: if type(data) is str:
@ -259,7 +259,7 @@ def role_perm_remove(role, perm):
return jsonify({"message": "Permission removed from role"}), 200 return jsonify({"message": "Permission removed from role"}), 200
@role_bp.route("/session/assume/<role>", methods=["POST"]) @role_bp.route("/session/assume/<string:role>", methods=["POST"])
def role_session_assume(role): def role_session_assume(role):
session_token = request.headers.get("Authorization") session_token = request.headers.get("Authorization")
if not session_token: if not session_token:
@ -280,7 +280,7 @@ def role_session_assume(role):
return jsonify(session.to_dict()), 200 return jsonify(session.to_dict()), 200
@role_bp.route("/session/drop/<role>", methods=["POST"]) @role_bp.route("/session/drop/<string:role>", methods=["POST"])
def role_session_drop(role): def role_session_drop(role):
session_token = request.headers.get("Authorization") session_token = request.headers.get("Authorization")
if not session_token: if not session_token:
@ -314,7 +314,7 @@ def role_session_list():
roles = SessionService.list_roles(session) roles = SessionService.list_roles(session)
return jsonify(roles), 200 return jsonify(roles), 200
@role_bp.route("/perm/<perm>/roles", methods=["GET"]) @role_bp.route("/perm/<string:perm>/roles", methods=["GET"])
def perm_list_roles(perm): def perm_list_roles(perm):
session_token = request.headers.get("Authorization") session_token = request.headers.get("Authorization")
if not session_token: if not session_token: