#31 API Share

* adds support for GET and PUT of sharing users for all data types (compensation is shared via intervention)

api/views/views.py

@@ -5,14 +5,20 @@ Contact: michel.peltriaux@sgdnord.rlp.de
 Created on: 21.01.22
 
 """
+import json
 
+from django.db.models import QuerySet
 from django.http import JsonResponse, HttpRequest
 from django.views import View
 from django.views.decorators.csrf import csrf_exempt
 
 from api.models import APIUserToken
 from api.settings import KSP_TOKEN_HEADER_IDENTIFIER
+from compensation.models import EcoAccount
+from ema.models import Ema
 from intervention.models import Intervention
+from konova.utils.message_templates import DATA_UNSHARED
+from user.models import User
 
 
 class AbstractAPIView(View):
@@ -129,3 +135,122 @@ class InterventionCheckAPIView(AbstractAPIView):
             ]
         }
         return all_valid, check_details
+
+
+class AbstractModelShareAPIView(AbstractAPIView):
+    model = None
+
+    class Meta:
+        abstract = True
+
+    def get(self, request: HttpRequest, id):
+        """ Performs the GET request handling
+
+        Args:
+            request (HttpRequest): The incoming request
+            id (str): The object's id
+
+        Returns:
+
+        """
+        try:
+            users = self._get_shared_users_of_object(id)
+        except Exception as e:
+            return self.return_error_response(e)
+
+        data = {
+            "users": [
+                user.username for user in users
+            ]
+        }
+
+        return JsonResponse(data)
+
+    def put(self, request: HttpRequest, id):
+        """ Performs the PUT request handling
+
+        Args:
+            request (HttpRequest): The incoming request
+            id (str): The object's id
+
+        Returns:
+
+        """
+
+        try:
+            success = self._process_put_body(request.body, id)
+        except Exception as e:
+            return self.return_error_response(e)
+        data = {
+            "success": success,
+        }
+        return JsonResponse(data)
+
+    def _check_user_has_shared_access(self, obj):
+        """ Raises a PermissionError if user has no shared access
+
+        Args:
+            obj (BaseObject): The object
+
+        Returns:
+
+        """
+        is_shared = obj.is_shared_with(self.user)
+        if not is_shared:
+            raise PermissionError(DATA_UNSHARED)
+
+    def _get_shared_users_of_object(self, id) -> QuerySet:
+        """ Check permissions and get the users
+
+        Args:
+            id (str): The object's id
+
+        Returns:
+            users (QuerySet)
+        """
+        obj = self.model.objects.get(
+            id=id
+        )
+        self._check_user_has_shared_access(obj)
+        users = obj.shared_users
+        return users
+
+    def _process_put_body(self, body: bytes, id: str):
+        """ Reads the body data, performs validity checks and sets the new users
+
+        Args:
+            body (bytes): The request.body
+            id (str): The object's id
+
+        Returns:
+            success (bool)
+        """
+        obj = self.model.objects.get(id=id)
+        self._check_user_has_shared_access(obj)
+
+        new_users = json.loads(body.decode("utf-8"))
+        new_users = new_users.get("users", [])
+        if len(new_users) == 0:
+            raise ValueError("Shared user list must not be empty!")
+
+        # Eliminate duplicates
+        new_users = list(dict.fromkeys(new_users))
+
+        # Make sure each of these names exist as a user
+        new_users_objs = []
+        for user in new_users:
+            new_users_objs.append(User.objects.get(username=user))
+        obj.share_with_list(new_users_objs)
+        return True
+
+
+class InterventionAPIShareView(AbstractModelShareAPIView):
+    model = Intervention
+
+
+class EcoAccountAPIShareView(AbstractModelShareAPIView):
+    model = EcoAccount
+
+
+class EmaAPIShareView(AbstractModelShareAPIView):
+    model = Ema