IT-Naturschutz
/
konova
7
1
Fork 0
Code Issues 3 Pull Requests Actions Projects Releases 21 Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Docker
master
test-actions-runner
1.4.1
1.4.2
1.4.3
1.5
1.6
1.7
1.8
1.9
1.9.1
1.9.2
v0.1
v0.2
v0.3
v0.3.1
v0.4
v0.5
v0.6
v1.0
v1.1
v1.2
v1.3
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '21db8227f8'
${ noResults }
konova/api/views/views.py

355 lines
10 KiB
Python
Raw Normal View History Unescape Escape

#31 API basic implementation * adds new app to project * adds relation between User model and new APIUserToken model * adds first implementation for GET of intervention * adds basic code layout for future extension by having new versions
3 years ago
"""
Author: Michel Peltriaux
Organization: Struktur- und Genehmigungsdirektion Nord, Rhineland-Palatinate, Germany
Contact: michel.peltriaux@sgdnord.rlp.de
Created on: 21.01.22
"""
#31 API Share * adds support for GET and PUT of sharing users for all data types (compensation is shared via intervention)
3 years ago
import json
#31 API basic implementation * adds new app to project * adds relation between User model and new APIUserToken model * adds first implementation for GET of intervention * adds basic code layout for future extension by having new versions
3 years ago
#31 API Share * adds support for GET and PUT of sharing users for all data types (compensation is shared via intervention)
3 years ago
from django.db.models import QuerySet
#31 API WIP * adds support for GET /check on intervention to run checks automatically via API
3 years ago
from django.http import JsonResponse, HttpRequest
#31 API basic implementation * adds new app to project * adds relation between User model and new APIUserToken model * adds first implementation for GET of intervention * adds basic code layout for future extension by having new versions
3 years ago
from django.views import View
#31 API POST Intervention * adds support for proper POST of intervention * makes /<id> optional (required for Post)
3 years ago
from django.views.decorators.csrf import csrf_exempt
#31 API basic implementation * adds new app to project * adds relation between User model and new APIUserToken model * adds first implementation for GET of intervention * adds basic code layout for future extension by having new versions
3 years ago
#31 API basic implementation Token Authentication * adds token checking to AbstractModelAPIView * adds user accessibility filtering for intervention API v1 * extends fetch_and_serialize() method to take a dict for db filtering instead of a single field and value * organizes urlnames into supporting formats like "api:v1:intervention"
3 years ago
from api.models import APIUserToken
#31 API further credential * adds Kspuser as another expected header data to resolve the api user * adds/updates translations
3 years ago
from api.settings import KSP_TOKEN_HEADER_IDENTIFIER, KSP_USER_HEADER_IDENTIFIER
#31 API Share * adds support for GET and PUT of sharing users for all data types (compensation is shared via intervention)
3 years ago
from compensation.models import EcoAccount
from ema.models import Ema
#31 API WIP * adds support for GET /check on intervention to run checks automatically via API
3 years ago
from intervention.models import Intervention
#31 API Share * adds support for GET and PUT of sharing users for all data types (compensation is shared via intervention)
3 years ago
from konova.utils.message_templates import DATA_UNSHARED
#31 API Tests * writes test for sharing using the API * fixes bug on frontend form where an exception occured on generating a new API token if no token existed, yet * adds permission constraint (default group) for using the api in general * fixes default-group-only behaviour for sharing-API, so users can only add new users and not removing them, as long as they do not have any other group membership like registration or conservation office * changes 'ksptoken' to 'Ksptoken' to match CGI standard for http header keys
3 years ago
from konova.utils.user_checks import is_default_group_only
#101 Team sharing tests * adds tests for team sharing * extends the API for team sharing support * adds shared_teams property shortcut for ShareableObjectMixin * adds full support for team-based sharing to all views and functions * simplifies ShareModalForm * adds/updates translations
3 years ago
from user.models import User, Team
#31 API basic implementation Token Authentication * adds token checking to AbstractModelAPIView * adds user accessibility filtering for intervention API v1 * extends fetch_and_serialize() method to take a dict for db filtering instead of a single field and value * organizes urlnames into supporting formats like "api:v1:intervention"
3 years ago
#31 API basic implementation * adds new app to project * adds relation between User model and new APIUserToken model * adds first implementation for GET of intervention * adds basic code layout for future extension by having new versions
3 years ago
#31 API WIP * adds support for GET /check on intervention to run checks automatically via API
3 years ago
class AbstractAPIView(View):
#31 API basic implementation * adds new app to project * adds relation between User model and new APIUserToken model * adds first implementation for GET of intervention * adds basic code layout for future extension by having new versions
3 years ago
""" Base class for API views
The API must follow the GeoJSON Specification RFC 7946
https://geojson.org/
https://datatracker.ietf.org/doc/html/rfc7946
"""
#31 API basic implementation Token Authentication * adds token checking to AbstractModelAPIView * adds user accessibility filtering for intervention API v1 * extends fetch_and_serialize() method to take a dict for db filtering instead of a single field and value * organizes urlnames into supporting formats like "api:v1:intervention"
3 years ago
user = None
#118 API pagination * adds pagination and related parameters to GET apis * updates api GET test
3 years ago
serializer = None
rpp = 5 # Results per page default
page_number = 1 # Page number default
#31 API basic implementation * adds new app to project * adds relation between User model and new APIUserToken model * adds first implementation for GET of intervention * adds basic code layout for future extension by having new versions
3 years ago
class Meta:
abstract = True
#118 API pagination * adds pagination and related parameters to GET apis * updates api GET test
3 years ago
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
self.response_body_base = {
"rpp": None,
"p": None,
"next": None,
"results": None
}
#31 API POST Intervention * adds support for proper POST of intervention * makes /<id> optional (required for Post)
3 years ago
@csrf_exempt
#31 API basic implementation Token Authentication * adds token checking to AbstractModelAPIView * adds user accessibility filtering for intervention API v1 * extends fetch_and_serialize() method to take a dict for db filtering instead of a single field and value * organizes urlnames into supporting formats like "api:v1:intervention"
3 years ago
def dispatch(self, request, *args, **kwargs):
try:
#31 API basic implementation Refactor * reorganizes code into proper api/utils/serializer subclasses to keep serialization logic away from regular view logic
3 years ago
# Fetch the proper user from the given request header token
#31 API further credential * adds Kspuser as another expected header data to resolve the api user * adds/updates translations
3 years ago
ksp_token = request.headers.get(KSP_TOKEN_HEADER_IDENTIFIER, None)
ksp_user = request.headers.get(KSP_USER_HEADER_IDENTIFIER, None)
Unit test api * adds unit test for APIUserToken * enhances handling of token fetching for API
1 year ago
token_user = APIUserToken.get_user_from_token(ksp_token)
if ksp_user != token_user.username:
raise PermissionError(f"Invalid token for {ksp_user}")
else:
self.user = token_user
#118 API pagination * adds pagination and related parameters to GET apis * updates api GET test
3 years ago
request.user = self.user
#31 API Tests * writes test for sharing using the API * fixes bug on frontend form where an exception occured on generating a new API token if no token existed, yet * adds permission constraint (default group) for using the api in general * fixes default-group-only behaviour for sharing-API, so users can only add new users and not removing them, as long as they do not have any other group membership like registration or conservation office * changes 'ksptoken' to 'Ksptoken' to match CGI standard for http header keys
3 years ago
if not self.user.is_default_user():
raise PermissionError("Default permissions required")
#31 API basic implementation Token Authentication * adds token checking to AbstractModelAPIView * adds user accessibility filtering for intervention API v1 * extends fetch_and_serialize() method to take a dict for db filtering instead of a single field and value * organizes urlnames into supporting formats like "api:v1:intervention"
3 years ago
except PermissionError as e:
#118 API pagination * adds pagination and related parameters to GET apis * updates api GET test
3 years ago
return self._return_error_response(e, 403)
#31 API basic implementation Token Authentication * adds token checking to AbstractModelAPIView * adds user accessibility filtering for intervention API v1 * extends fetch_and_serialize() method to take a dict for db filtering instead of a single field and value * organizes urlnames into supporting formats like "api:v1:intervention"
3 years ago
return super().dispatch(request, *args, **kwargs)
#31 API basic implementation Cleanup * cleans code * reworks many code fragments into smaller methods and split into super class
3 years ago
#118 API pagination * adds pagination and related parameters to GET apis * updates api GET test
3 years ago
def _return_error_response(self, error, status_code=500):
#31 API basic implementation Cleanup * cleans code * reworks many code fragments into smaller methods and split into super class
3 years ago
""" Returns an error as JsonReponse
Args:
error (): The error/exception
status_code (): The desired status code
Returns:
"""
content = [error.__str__()]
if hasattr(error, "messages"):
content = error.messages
return JsonResponse(
{
"errors": content
},
status=status_code
)
#31 API WIP * adds support for GET /check on intervention to run checks automatically via API
3 years ago
#118 API pagination * adds pagination and related parameters to GET apis * updates api GET test
3 years ago
def _return_response(self, request: HttpRequest, data):
""" Returns all important data into a response object
Args:
request (HttpRequest): The incoming request
data (dict): The serialized data
Returns:
response (JsonResponse): The response to be returned
"""
response = self.response_body_base
next_page = self.page_number + 1
next_page = next_page if next_page in self.serializer.paginator.page_range else None
if next_page is not None:
next_url = request.build_absolute_uri(
request.path + f"?rpp={self.rpp}&p={next_page}"
)
else:
next_url = None
response["rpp"] = self.rpp
response["p"] = self.page_number
response["next"] = next_url
response["results"] = data
return JsonResponse(response)
#31 API WIP * adds support for GET /check on intervention to run checks automatically via API
3 years ago
class InterventionCheckAPIView(AbstractAPIView):
def get(self, request: HttpRequest, id):
""" Takes the GET request
Args:
request (HttpRequest): The incoming request
id (str): The intervention's id
Returns:
response (JsonResponse)
"""
if not self.user.is_zb_user():
#118 API pagination * adds pagination and related parameters to GET apis * updates api GET test
3 years ago
return self._return_error_response("Permission not granted", 403)
#31 API WIP * adds support for GET /check on intervention to run checks automatically via API
3 years ago
try:
obj = Intervention.objects.get(
id=id,
users__in=[self.user]
)
except Exception as e:
#118 API pagination * adds pagination and related parameters to GET apis * updates api GET test
3 years ago
return self._return_error_response(e)
#31 API WIP * adds support for GET /check on intervention to run checks automatically via API
3 years ago
all_valid, check_details = self.run_quality_checks(obj)
if all_valid:
log_entry = obj.set_checked(self.user)
obj.log.add(log_entry)
data = {
"success": all_valid,
"details": check_details
}
return JsonResponse(data)
def run_quality_checks(self, obj: Intervention) -> (bool, dict):
""" Performs a check for intervention and related compensations
Args:
obj (Intervention): The intervention
Returns:
all_valid (boold): Whether an error occured or not
check_details (dict): A dict containg details on which elements have errors
"""
# Run quality check for Intervention
all_valid = True
intervention_checker = obj.quality_check()
all_valid = intervention_checker.valid and all_valid
# Run quality checks for linked compensations
comps = obj.compensations.all()
comp_checkers = []
for comp in comps:
comp_checker = comp.quality_check()
comp_checkers.append(comp_checker)
all_valid = comp_checker.valid and all_valid
check_details = {
"intervention": {
"id": obj.id,
"errors": intervention_checker.messages
},
"compensations": [
{
"id": comp_checker.obj.id,
"errors": comp_checker.messages
}
for comp_checker in comp_checkers
]
}
return all_valid, check_details
#31 API Share * adds support for GET and PUT of sharing users for all data types (compensation is shared via intervention)
3 years ago
class AbstractModelShareAPIView(AbstractAPIView):
model = None
class Meta:
abstract = True
def get(self, request: HttpRequest, id):
""" Performs the GET request handling
Args:
request (HttpRequest): The incoming request
id (str): The object's id
Returns:
"""
try:
users = self._get_shared_users_of_object(id)
#101 Team sharing tests * adds tests for team sharing * extends the API for team sharing support * adds shared_teams property shortcut for ShareableObjectMixin * adds full support for team-based sharing to all views and functions * simplifies ShareModalForm * adds/updates translations
3 years ago
teams = self._get_shared_teams_of_object(id)
#31 API Share * adds support for GET and PUT of sharing users for all data types (compensation is shared via intervention)
3 years ago
except Exception as e:
#118 API pagination * adds pagination and related parameters to GET apis * updates api GET test
3 years ago
return self._return_error_response(e)
#31 API Share * adds support for GET and PUT of sharing users for all data types (compensation is shared via intervention)
3 years ago
data = {
"users": [
user.username for user in users
#101 Team sharing tests * adds tests for team sharing * extends the API for team sharing support * adds shared_teams property shortcut for ShareableObjectMixin * adds full support for team-based sharing to all views and functions * simplifies ShareModalForm * adds/updates translations
3 years ago
],
"teams": [
{
"id": team.id,
"name": team.name,
}
for team in teams
],
#31 API Share * adds support for GET and PUT of sharing users for all data types (compensation is shared via intervention)
3 years ago
}
return JsonResponse(data)
def put(self, request: HttpRequest, id):
""" Performs the PUT request handling
Args:
request (HttpRequest): The incoming request
id (str): The object's id
Returns:
"""
try:
success = self._process_put_body(request.body, id)
except Exception as e:
#118 API pagination * adds pagination and related parameters to GET apis * updates api GET test
3 years ago
return self._return_error_response(e)
#31 API Share * adds support for GET and PUT of sharing users for all data types (compensation is shared via intervention)
3 years ago
data = {
"success": success,
}
return JsonResponse(data)
def _check_user_has_shared_access(self, obj):
""" Raises a PermissionError if user has no shared access
Args:
obj (BaseObject): The object
Returns:
"""
is_shared = obj.is_shared_with(self.user)
if not is_shared:
raise PermissionError(DATA_UNSHARED)
def _get_shared_users_of_object(self, id) -> QuerySet:
""" Check permissions and get the users
Args:
id (str): The object's id
Returns:
users (QuerySet)
"""
obj = self.model.objects.get(
id=id
)
self._check_user_has_shared_access(obj)
users = obj.shared_users
return users
#101 Team sharing tests * adds tests for team sharing * extends the API for team sharing support * adds shared_teams property shortcut for ShareableObjectMixin * adds full support for team-based sharing to all views and functions * simplifies ShareModalForm * adds/updates translations
3 years ago
def _get_shared_teams_of_object(self, id) -> QuerySet:
""" Check permissions and get the teams
Args:
id (str): The object's id
Returns:
users (QuerySet)
"""
obj = self.model.objects.get(
id=id
)
self._check_user_has_shared_access(obj)
teams = obj.shared_teams
return teams
#31 API Share * adds support for GET and PUT of sharing users for all data types (compensation is shared via intervention)
3 years ago
def _process_put_body(self, body: bytes, id: str):
""" Reads the body data, performs validity checks and sets the new users
Args:
body (bytes): The request.body
id (str): The object's id
Returns:
success (bool)
"""
obj = self.model.objects.get(id=id)
self._check_user_has_shared_access(obj)
#101 Team sharing tests * adds tests for team sharing * extends the API for team sharing support * adds shared_teams property shortcut for ShareableObjectMixin * adds full support for team-based sharing to all views and functions * simplifies ShareModalForm * adds/updates translations
3 years ago
content = json.loads(body.decode("utf-8"))
new_users = content.get("users", [])
#31 API Share * adds support for GET and PUT of sharing users for all data types (compensation is shared via intervention)
3 years ago
if len(new_users) == 0:
raise ValueError("Shared user list must not be empty!")
#101 Team sharing tests * adds tests for team sharing * extends the API for team sharing support * adds shared_teams property shortcut for ShareableObjectMixin * adds full support for team-based sharing to all views and functions * simplifies ShareModalForm * adds/updates translations
3 years ago
new_teams = content.get("teams", [])
#31 API Share * adds support for GET and PUT of sharing users for all data types (compensation is shared via intervention)
3 years ago
# Eliminate duplicates
new_users = list(dict.fromkeys(new_users))
#101 Team sharing tests * adds tests for team sharing * extends the API for team sharing support * adds shared_teams property shortcut for ShareableObjectMixin * adds full support for team-based sharing to all views and functions * simplifies ShareModalForm * adds/updates translations
3 years ago
new_teams = list(dict.fromkeys(new_teams))
#31 API Share * adds support for GET and PUT of sharing users for all data types (compensation is shared via intervention)
3 years ago
# Make sure each of these names exist as a user
new_users_objs = []
for user in new_users:
new_users_objs.append(User.objects.get(username=user))
#31 API Tests * writes test for sharing using the API * fixes bug on frontend form where an exception occured on generating a new API token if no token existed, yet * adds permission constraint (default group) for using the api in general * fixes default-group-only behaviour for sharing-API, so users can only add new users and not removing them, as long as they do not have any other group membership like registration or conservation office * changes 'ksptoken' to 'Ksptoken' to match CGI standard for http header keys
3 years ago
#101 Team sharing tests * adds tests for team sharing * extends the API for team sharing support * adds shared_teams property shortcut for ShareableObjectMixin * adds full support for team-based sharing to all views and functions * simplifies ShareModalForm * adds/updates translations
3 years ago
# Make sure each of these names exist as a user
new_teams_objs = []
for team_name in new_teams:
new_teams_objs.append(Team.objects.get(name=team_name))
#31 API Tests * writes test for sharing using the API * fixes bug on frontend form where an exception occured on generating a new API token if no token existed, yet * adds permission constraint (default group) for using the api in general * fixes default-group-only behaviour for sharing-API, so users can only add new users and not removing them, as long as they do not have any other group membership like registration or conservation office * changes 'ksptoken' to 'Ksptoken' to match CGI standard for http header keys
3 years ago
if is_default_group_only(self.user):
# Default only users are not allowed to remove other users from having access. They can only add new ones!
new_users_to_be_added = User.objects.filter(
username__in=new_users
).exclude(
id__in=obj.shared_users
)
new_users_objs = obj.shared_users.union(new_users_to_be_added)
#101 Team sharing tests * adds tests for team sharing * extends the API for team sharing support * adds shared_teams property shortcut for ShareableObjectMixin * adds full support for team-based sharing to all views and functions * simplifies ShareModalForm * adds/updates translations
3 years ago
new_teams_to_be_added = Team.objects.filter(
name__in=new_teams
).exclude(
id__in=obj.shared_teams
)
new_teams_objs = obj.shared_teams.union(new_teams_to_be_added)
#101 Team sharing form * adds team sharing field to share form * splits sharing logic into user based and teams based * adds TeamAdmin for admin backend * adds validity check on Team name -> only unused names shall be valid
3 years ago
obj.share_with_user_list(new_users_objs)
#101 Team sharing tests * adds tests for team sharing * extends the API for team sharing support * adds shared_teams property shortcut for ShareableObjectMixin * adds full support for team-based sharing to all views and functions * simplifies ShareModalForm * adds/updates translations
3 years ago
obj.share_with_team_list(new_teams_objs)
#31 API Share * adds support for GET and PUT of sharing users for all data types (compensation is shared via intervention)
3 years ago
return True
class InterventionAPIShareView(AbstractModelShareAPIView):
model = Intervention
class EcoAccountAPIShareView(AbstractModelShareAPIView):
model = EcoAccount
class EmaAPIShareView(AbstractModelShareAPIView):
#31 API Frontend token generating * adds frontend settings for users to create API tokens on their user settings
3 years ago
model = Ema