Split journal basic api and entity api endpoints, added handlers

bugout-dev · Jul 19, 2023 · cabeef5 · cabeef5
1 parent 6fb1ecd
commit cabeef5
Show file tree

Hide file tree

Showing 9 changed files with 1,094 additions and 630 deletions.
diff --git a/sample.env b/sample.env
@@ -37,7 +37,7 @@ export BUGOUT_BOT_INSTALLATION_TOKEN="<installation user token from brood>"
 export BUGOUT_BOT_INSTALLATION_TOKEN_HEADER="<bugout installation token header>"
 export BUGOUT_DRONES_TOKEN="<auth internal drones token>"
 export BUGOUT_DRONES_TOKEN_HEADER="<auth internal drones token header>"
-export SPIRE_OPENAPI_LIST="journals,humbug,preferences,public,go"
+export SPIRE_OPENAPI_LIST="journals,collections,humbug,preferences,public,go"
 export BUGOUT_REDIS_URL="http://127.0.0.1:6379"
 export BUGOUT_REDIS_PASSWORD="mypassword"
 export REDIS_REPORTS_QUEUE="<redis key to humbug reports queue>"

diff --git a/spire/api.py b/spire/api.py
@@ -11,7 +11,8 @@
 from .github.api import app as github_api
 from .go.api import app as go_api
 from .humbug.api import app as humbug_app
-from .journal.api import app as journal_api
+from .journal.api_journals import app as journals_api
+from .journal.api_collections import app as collections_api
 from .preferences.api import app as preferences_api
 from .public.api import app_public as public_api
 from .slack.api import app as slack_api
@@ -48,8 +49,8 @@ async def version() -> VersionResponse:
 
 app.mount("/go", go_api)
 app.mount("/slack", slack_api)
-app.mount("/journals", journal_api)
-app.mount("/collections", journal_api)
+app.mount("/journals", journals_api)
+app.mount("/collections", collections_api)
 app.mount("/public", public_api)
 app.mount("/github", github_api)
 app.mount("/preferences", preferences_api)

diff --git a/spire/journal/actions.py b/spire/journal/actions.py
@@ -11,7 +11,7 @@
 from uuid import UUID, uuid4
 
 import boto3
-
+from fastapi import Request, HTTPException
 from sqlalchemy.orm import Session, Query
 from sqlalchemy import or_, func, text, and_, select
 from sqlalchemy.dialects import postgresql
@@ -54,6 +54,7 @@
 )
 from .representations import journal_representation_parsers, parse_entity_to_entry
 from ..utils.confparse import scope_conf
+from ..utils.settings import BUGOUT_CLIENT_ID_HEADER
 from ..broodusers import bugout_api
 
 logger = logging.getLogger(__name__)
@@ -118,6 +119,18 @@ class CommitFailed(Exception):
     """
 
 
+def bugout_client_id_from_request(request: Request) -> Optional[str]:
+    """
+    Returns Bugout search client ID from request if it has been passed.
+    """
+    bugout_client_id: Optional[str] = request.headers.get(BUGOUT_CLIENT_ID_HEADER)
+    # We are deprecating the SIMIOTICS_CLIENT_ID_HEADER header in favor of BUGOUT_CLIENT_ID_HEADER, but
+    # this needs to be here for legacy support.
+    if bugout_client_id is None:
+        bugout_client_id = request.headers.get("x-simiotics-client-id")
+    return bugout_client_id
+
+
 def acl_auth(
     db_session: Session, user_id: str, user_group_id_list: List[str], journal_id: UUID
 ) -> Tuple[Journal, Dict[HolderType, List[str]]]:
@@ -201,6 +214,38 @@ def acl_check(
         raise PermissionsNotFound("No permissions for requested information")
 
 
+def ensure_journal_permission(
+    db_session: Session,
+    user_id: str,
+    user_group_ids: List[str],
+    journal_id: UUID,
+    required_scopes: Set[Union[JournalScopes, JournalEntryScopes]],
+) -> Journal:
+    """
+    Checks if the given user (who is a member of the groups specified by user_group_ids) holds the
+    given scope on the journal specified by journal_id.
+
+    Returns: None if the user is a holder of that scope, and raises the appropriate HTTPException
+    otherwise.
+    """
+    try:
+        journal, acl = acl_auth(db_session, user_id, user_group_ids, journal_id)
+        acl_check(acl, required_scopes)
+    except PermissionsNotFound:
+        logger.error(
+            f"User (id={user_id}) does not have the appropriate permissions (scopes={required_scopes}) "
+            f"for journal (id={journal_id})"
+        )
+        raise HTTPException(status_code=404)
+    except Exception:
+        logger.error(
+            f"Error checking permissions for user (id={user_id}) in journal (id={journal_id})"
+        )
+        raise HTTPException(status_code=500)
+
+    return journal
+
+
 async def find_journals(
     db_session: Session, user_id: UUID, user_group_id_list: Optional[List[str]] = None
 ) -> List[Journal]: