From edf40e7531223a5747ceb6a9dd45c2bb41e39dae Mon Sep 17 00:00:00 2001 From: Jiri Kozel Date: Tue, 28 Nov 2023 17:54:52 +0100 Subject: [PATCH] Return role names in many requests --- CHANGELOG.md | 5 +++++ .../common/prime_db_schema/publications.py | 12 ++++++------ test_tools/process.py | 1 + .../publications/access_rights/test_role.py | 16 +++++++++++++++- 4 files changed, 27 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a9847300e..504743ebe 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,11 @@ #### Data migrations ### Changes - [#165](https://github.com/LayerManager/layman/issues/165) POST Workspace [Layers](doc/rest.md#post-workspace-layers)/[Maps](doc/rest.md#post-workspace-maps) saves [role names](doc/models.md#role) mentioned in `access_rights.read` and `access_rights.write` parameters into DB. +- [#165](https://github.com/LayerManager/layman/issues/165) Many endpoints return previously associated [role names](doc/models.md#role) in `access_rights.read` and `access_rights.write` keys: + - [GET](doc/rest.md#get-workspace-layer)/[PATCH](doc/rest.md#patch-workspace-layer) Workspace Layer + - [GET](doc/rest.md#get-workspace-map)/[PATCH](doc/rest.md#patch-workspace-map) Workspace Map + - GET Workspace [Layers](doc/rest.md#get-workspace-layers)/[Maps](doc/rest.md#get-workspace-maps) + - GET [Layers](doc/rest.md#get-layers)/[Maps](doc/rest.md#get-maps)/[Publications](doc/rest.md#get-publications) - All changes from [v1.22.1](#v1221) and [v1.22.2](#v1222). - [#960](https://github.com/LayerManager/layman/issues/960) Handle WMS requests with HTTP error more efficiently in timgen. - [#962](https://github.com/LayerManager/layman/issues/962) Make values of `layman_metadata.publication_status` and `status` key(s) more consistent in responses of PATCH Workspace [Layer](doc/rest.md#patch-workspace-layer)/[Map](doc/rest.md#patch-workspace-map) and GET Workspace [Layer](doc/rest.md#get-workspace-layer)/[Map](doc/rest.md#get-workspace-map). diff --git a/src/layman/common/prime_db_schema/publications.py b/src/layman/common/prime_db_schema/publications.py index 4bd8e8e37..f5af7f103 100644 --- a/src/layman/common/prime_db_schema/publications.py +++ b/src/layman/common/prime_db_schema/publications.py @@ -150,20 +150,20 @@ def get_publication_infos_with_metainfo(workspace_name=None, pub_type=None, styl p.srid as srid, PGP_SYM_DECRYPT(p.external_table_uri, p.uuid::text)::json external_table_uri, (select rtrim(concat(case when u.id is not null then w.name || ',' end, - string_agg(w2.name, ',') || ',', + string_agg(COALESCE(w2.name, r.role_name), ',') || ',', case when p.everyone_can_read then %s || ',' end ), ',') - from {DB_SCHEMA}.rights r inner join - {DB_SCHEMA}.users u2 on r.id_user = u2.id inner join + from {DB_SCHEMA}.rights r left join + {DB_SCHEMA}.users u2 on r.id_user = u2.id left join {DB_SCHEMA}.workspaces w2 on w2.id = u2.id_workspace where r.id_publication = p.id and r.type = 'read') can_read_users, (select rtrim(concat(case when u.id is not null then w.name || ',' end, - string_agg(w2.name, ',') || ',', + string_agg(COALESCE(w2.name, r.role_name), ',') || ',', case when p.everyone_can_write then %s || ',' end ), ',') - from {DB_SCHEMA}.rights r inner join - {DB_SCHEMA}.users u2 on r.id_user = u2.id inner join + from {DB_SCHEMA}.rights r left join + {DB_SCHEMA}.users u2 on r.id_user = u2.id left join {DB_SCHEMA}.workspaces w2 on w2.id = u2.id_workspace where r.id_publication = p.id and r.type = 'write') can_write_users, diff --git a/test_tools/process.py b/test_tools/process.py index 300f686d9..10d0d7230 100644 --- a/test_tools/process.py +++ b/test_tools/process.py @@ -74,6 +74,7 @@ def oauth2_provider_mock(): 'wrong_input_editor': None, 'test_adjust_db_for_roles_ws': None, 'test_adjust_db_for_roles_ws2': None, + 'test_access_rights_role_user1': None, }, }, 'host': '0.0.0.0', diff --git a/tests/dynamic_data/publications/access_rights/test_role.py b/tests/dynamic_data/publications/access_rights/test_role.py index fea8e1447..97cd851fa 100644 --- a/tests/dynamic_data/publications/access_rights/test_role.py +++ b/tests/dynamic_data/publications/access_rights/test_role.py @@ -1,3 +1,6 @@ +import pytest + +from test_tools import process_client from tests import EnumTestTypes, Publication from tests.asserts.final.publication import util as assert_util from tests.dynamic_data import base_test, base_test_classes @@ -11,6 +14,11 @@ class PublicationTypes(base_test_classes.PublicationByDefinitionBase): MAP = (common_publications.MAP_EMPTY, 'map') +USERNAME = 'test_access_rights_role_user1' +USERS_AND_ROLES = {USERNAME, 'ROLE1', 'EVERYONE'} + + +@pytest.mark.usefixtures('oauth2_provider_mock') class TestPublication(base_test.TestSingleRestPublication): workspace = 'test_access_rights_role' publication_type = None @@ -19,13 +27,17 @@ class TestPublication(base_test.TestSingleRestPublication): PublicationTypes, ] + usernames_to_reserve = [ + USERNAME, + ] + test_cases = [base_test.TestCaseType(key='role_test', publication=lambda publ_def, cls: Publication(cls.workspace, publ_def.type, None), rest_args={ 'access_rights': { - 'read': 'EVERYONE,ROLE1' + 'read': ','.join(USERS_AND_ROLES), } }, type=EnumTestTypes.MANDATORY, @@ -34,3 +46,5 @@ class TestPublication(base_test.TestSingleRestPublication): def test_publication(self, publication, rest_method, rest_args): rest_method.fn(publication, args=rest_args) assert_util.is_publication_valid_and_complete(publication) + info = process_client.get_workspace_publication(publication.type, publication.workspace, publication.name) + assert set(info['access_rights']['read']) == USERS_AND_ROLES