X-Git-Url: https://osm.etsi.org/gitweb/?p=osm%2FNBI.git;a=blobdiff_plain;f=osm_nbi%2Fbase_topic.py;h=c953a0502c72176384fc1c5985005390df1ef4f7;hp=095e26511e794d4c4a83c414ddb3ea36fc262fca;hb=f269fa5cd7c46515aab49ad8af6da7e918afa592;hpb=c061f56a0218c562315f563b001a72fbdfa550c6 diff --git a/osm_nbi/base_topic.py b/osm_nbi/base_topic.py index 095e265..c953a05 100644 --- a/osm_nbi/base_topic.py +++ b/osm_nbi/base_topic.py @@ -55,6 +55,7 @@ class BaseTopic: topic_msg = None # to_override schema_new = None # to_override schema_edit = None # to_override + multiproject = True # True if this Topic can be shared by several projects. Then it contains _admin.projects_read # Alternative ID Fields for some Topics alt_id_field = { @@ -70,7 +71,7 @@ class BaseTopic: @staticmethod def id_field(topic, value): - "Returns ID Field for given topic and field value" + """Returns ID Field for given topic and field value""" if topic in ["projects", "users"] and not is_valid_uuid(value): return BaseTopic.alt_id_field[topic] else: @@ -105,58 +106,92 @@ class BaseTopic: return input @staticmethod - def _get_project_filter(session, write=False, show_all=True): + def _get_project_filter(session): """ Generates a filter dictionary for querying database, so that only allowed items for this project can be addressed. Only propietary or public can be used. Allowed projects are at _admin.project_read/write. If it is not present or contains ANY mean public. - :param session: contains "username", if user is "admin" and the working "project_id" - :param write: if operation is for reading (False) or writing (True) - :param show_all: if True it will show public or - :return: - """ - if write: - k = "_admin.projects_write.cont" - else: - k = "_admin.projects_read.cont" - if not show_all: - return {k: session["project_id"]} - elif session["admin"]: # and show_all: # allows all - return {} - else: - return {k: ["ANY", session["project_id"], None]} - - def check_conflict_on_new(self, session, indata, force=False): + :param session: contains: + project_id: project list this session has rights to access. Can be empty, one or several + set_project: items created will contain this project list + force: True or False + public: True, False or None + method: "list", "show", "write", "delete" + admin: True or False + :return: dictionary with project filter + """ + p_filter = {} + project_filter_n = [] + project_filter = list(session["project_id"]) + + if session["method"] not in ("list", "delete"): + if project_filter: + project_filter.append("ANY") + elif session["public"] is not None: + if session["public"]: + project_filter.append("ANY") + else: + project_filter_n.append("ANY") + + if session.get("PROJECT.ne"): + project_filter_n.append(session["PROJECT.ne"]) + + if project_filter: + if session["method"] in ("list", "show", "delete") or session.get("set_project"): + p_filter["_admin.projects_read.cont"] = project_filter + else: + p_filter["_admin.projects_write.cont"] = project_filter + if project_filter_n: + if session["method"] in ("list", "show", "delete") or session.get("set_project"): + p_filter["_admin.projects_read.ncont"] = project_filter_n + else: + p_filter["_admin.projects_write.ncont"] = project_filter_n + + return p_filter + + def check_conflict_on_new(self, session, indata): """ Check that the data to be inserted is valid - :param session: contains "username", if user is "admin" and the working "project_id" + :param session: contains "username", "admin", "force", "public", "project_id", "set_project" :param indata: data to be inserted - :param force: boolean. With force it is more tolerant :return: None or raises EngineException """ pass - def check_conflict_on_edit(self, session, final_content, edit_content, _id, force=False): + def check_conflict_on_edit(self, session, final_content, edit_content, _id): """ Check that the data to be edited/uploaded is valid - :param session: contains "username", if user is "admin" and the working "project_id" - :param final_content: data once modified + :param session: contains "username", "admin", "force", "public", "project_id", "set_project" + :param final_content: data once modified. This methdo may change it. :param edit_content: incremental data that contains the modifications to apply :param _id: internal _id - :param force: boolean. With force it is more tolerant :return: None or raises EngineException """ - pass + if not self.multiproject: + return + # Change public status + if session["public"] is not None: + if session["public"] and "ANY" not in final_content["_admin"]["projects_read"]: + final_content["_admin"]["projects_read"].append("ANY") + final_content["_admin"]["projects_write"].clear() + if not session["public"] and "ANY" in final_content["_admin"]["projects_read"]: + final_content["_admin"]["projects_read"].remove("ANY") + + # Change project status + if session.get("set_project"): + for p in session["set_project"]: + if p not in final_content["_admin"]["projects_read"]: + final_content["_admin"]["projects_read"].append(p) def check_unique_name(self, session, name, _id=None): """ Check that the name is unique for this project - :param session: contains "username", if user is "admin" and the working "project_id" + :param session: contains "username", "admin", "force", "public", "project_id", "set_project" :param name: name to be checked :param _id: If not None, ignore this entry that are going to change :return: None or raises EngineException """ - _filter = self._get_project_filter(session, write=False, show_all=False) + _filter = self._get_project_filter(session) _filter["name"] = name if _id: _filter["_id.neq"] = _id @@ -168,7 +203,7 @@ class BaseTopic: """ Modifies content descriptor to include _admin :param content: descriptor to be modified - :param project_id: if included, it add project read/write permissions + :param project_id: if included, it add project read/write permissions. Can be None or a list :param make_public: if included it is generated as public for reading. :return: None, but content is modified """ @@ -180,13 +215,13 @@ class BaseTopic: content["_admin"]["modified"] = now if not content.get("_id"): content["_id"] = str(uuid4()) - if project_id: + if project_id is not None: if not content["_admin"].get("projects_read"): - content["_admin"]["projects_read"] = [project_id] + content["_admin"]["projects_read"] = list(project_id) if make_public: content["_admin"]["projects_read"].append("ANY") if not content["_admin"].get("projects_write"): - content["_admin"]["projects_write"] = [project_id] + content["_admin"]["projects_write"] = list(project_id) @staticmethod def format_on_edit(final_content, edit_content): @@ -199,12 +234,12 @@ class BaseTopic: content.pop("_admin", None) self.msg.write(self.topic_msg, action, content) - def check_conflict_on_del(self, session, _id, force=False): + def check_conflict_on_del(self, session, _id, db_content): """ Check if deletion can be done because of dependencies if it is not force. To override - :param session: contains "username", if user is "admin" and the working "project_id" - :param _id: itnernal _id - :param force: Avoid this checking + :param session: contains "username", "admin", "force", "public", "project_id", "set_project" + :param _id: internal _id + :param db_content: The database content of this item _id :return: None if ok or raises EngineException with the conflict """ pass @@ -248,11 +283,11 @@ class BaseTopic: def show(self, session, _id): """ Get complete information on an topic - :param session: contains the used login username and working project + :param session: contains "username", "admin", "force", "public", "project_id", "set_project" :param _id: server internal id :return: dictionary, raise exception if not found. """ - filter_db = self._get_project_filter(session, write=False, show_all=True) + filter_db = self._get_project_filter(session) # To allow project&user addressing by name AS WELL AS _id filter_db[BaseTopic.id_field(self.topic, _id)] = _id return self.db.get_one(self.topic, filter_db) @@ -262,7 +297,7 @@ class BaseTopic: def get_file(self, session, _id, path=None, accept_header=None): """ Only implemented for descriptor topics. Return the file content of a descriptor - :param session: contains the used login username and working project + :param session: contains "username", "admin", "force", "public", "project_id", "set_project" :param _id: Identity of the item to get content :param path: artifact path or "$DESCRIPTOR" or None :param accept_header: Content of Accept header. Must contain applition/zip or/and text/plain @@ -280,22 +315,20 @@ class BaseTopic: if not filter_q: filter_q = {} - filter_q.update(self._get_project_filter(session, write=False, show_all=True)) + filter_q.update(self._get_project_filter(session)) # TODO transform data for SOL005 URL requests. Transform filtering # TODO implement "field-type" query string SOL005 return self.db.get_list(self.topic, filter_q) - def new(self, rollback, session, indata=None, kwargs=None, headers=None, force=False, make_public=False): + def new(self, rollback, session, indata=None, kwargs=None, headers=None): """ Creates a new entry into database. :param rollback: list to append created items at database in case a rollback may to be done - :param session: contains the used login username and working project + :param session: contains "username", "admin", "force", "public", "project_id", "set_project" :param indata: data to be inserted :param kwargs: used to override the indata descriptor :param headers: http request headers - :param force: If True avoid some dependence checks - :param make_public: Make the created item public to all projects :return: _id: identity of the inserted data. """ try: @@ -303,9 +336,9 @@ class BaseTopic: # Override descriptor with query string kwargs self._update_input_with_kwargs(content, kwargs) - content = self._validate_input_new(content, force=force) - self.check_conflict_on_new(session, content, force=force) - self.format_on_new(content, project_id=session["project_id"], make_public=make_public) + content = self._validate_input_new(content, force=session["force"]) + self.check_conflict_on_new(session, content) + self.format_on_new(content, project_id=session["project_id"], make_public=session["public"]) _id = self.db.create(self.topic, content) rollback.append({"topic": self.topic, "_id": _id}) self._send_msg("create", content) @@ -313,16 +346,15 @@ class BaseTopic: except ValidationError as e: raise EngineException(e, HTTPStatus.UNPROCESSABLE_ENTITY) - def upload_content(self, session, _id, indata, kwargs, headers, force=False): + def upload_content(self, session, _id, indata, kwargs, headers): """ Only implemented for descriptor topics. Used for receiving content by chunks (with a transaction_id header and/or gzip file. It will store and extract) - :param session: session + :param session: contains "username", "admin", "force", "public", "project_id", "set_project" :param _id : the database id of entry to be updated :param indata: http body request :param kwargs: user query string to override parameters. NOT USED :param headers: http request headers - :param force: to be more tolerant with validation :return: True package has is completely uploaded or False if partial content has been uplodaed. Raise exception on error """ @@ -331,51 +363,89 @@ class BaseTopic: def delete_list(self, session, filter_q=None): """ Delete a several entries of a topic. This is for internal usage and test only, not exposed to NBI API - :param session: contains the used login username and working project + :param session: contains "username", "admin", "force", "public", "project_id", "set_project" :param filter_q: filter of data to be applied :return: The deleted list, it can be empty if no one match the filter. """ # TODO add admin to filter, validate rights if not filter_q: filter_q = {} - filter_q.update(self._get_project_filter(session, write=True, show_all=True)) + filter_q.update(self._get_project_filter(session)) return self.db.del_list(self.topic, filter_q) - def delete(self, session, _id, force=False, dry_run=False): + def delete_extra(self, session, _id, db_content): + """ + Delete other things apart from database entry of a item _id. + e.g.: other associated elements at database and other file system storage + :param session: contains "username", "admin", "force", "public", "project_id", "set_project" + :param _id: server internal id + :param db_content: The database content of the _id. It is already deleted when reached this method, but the + content is needed in same cases + :return: None if ok or raises EngineException with the problem + """ + pass + + def delete(self, session, _id, dry_run=False): """ Delete item by its internal _id - :param session: contains the used login username, working project, and admin rights + :param session: contains "username", "admin", "force", "public", "project_id", "set_project" :param _id: server internal id - :param force: indicates if deletion must be forced in case of conflict :param dry_run: make checking but do not delete :return: dictionary with deleted item _id. It raises EngineException on error: not found, conflict, ... """ + + # To allow addressing projects and users by name AS WELL AS by _id + filter_q = {BaseTopic.id_field(self.topic, _id): _id} + item_content = self.db.get_one(self.topic, filter_q) + # TODO add admin to filter, validate rights # data = self.get_item(topic, _id) - self.check_conflict_on_del(session, _id, force) - filter_q = self._get_project_filter(session, write=True, show_all=True) - # To allow project addressing by name AS WELL AS _id - filter_q[BaseTopic.id_field(self.topic, _id)] = _id - if not dry_run: + self.check_conflict_on_del(session, _id, item_content) + if dry_run: + return None + + filter_q.update(self._get_project_filter(session)) + if self.multiproject and session["project_id"]: + # remove reference from project_read. If not last delete + self.db.set_one(self.topic, filter_q, update_dict=None, + pull={"_admin.projects_read": {"$in": session["project_id"]}}) + # try to delete if there is not any more reference from projects. Ignore if it is not deleted + filter_q = {'_id': _id, '_admin.projects_read': [[], ["ANY"]]} + v = self.db.del_one(self.topic, filter_q, fail_on_empty=False) + if not v or not v["deleted"]: + return v + else: v = self.db.del_one(self.topic, filter_q) - self._send_msg("deleted", {"_id": _id}) - return v - return None + self.delete_extra(session, _id, item_content) + self._send_msg("deleted", {"_id": _id}) + return v - def edit(self, session, _id, indata=None, kwargs=None, force=False, content=None): + def edit(self, session, _id, indata=None, kwargs=None, content=None): + """ + Change the content of an item + :param session: contains "username", "admin", "force", "public", "project_id", "set_project" + :param _id: server internal id + :param indata: contains the changes to apply + :param kwargs: modifies indata + :param content: original content of the item + :return: + """ indata = self._remove_envelop(indata) # Override descriptor with query string kwargs if kwargs: self._update_input_with_kwargs(indata, kwargs) try: - indata = self._validate_input_edit(indata, force=force) + if indata and session.get("set_project"): + raise EngineException("Cannot edit content and set to project (query string SET_PROJECT) at same time", + HTTPStatus.UNPROCESSABLE_ENTITY) + indata = self._validate_input_edit(indata, force=session["force"]) # TODO self._check_edition(session, indata, _id, force) if not content: content = self.show(session, _id) deep_update_rfc7396(content, indata) - self.check_conflict_on_edit(session, content, indata, _id=_id, force=force) + self.check_conflict_on_edit(session, content, indata, _id=_id) self.format_on_edit(content, indata) # To allow project addressing by name AS WELL AS _id # self.db.replace(self.topic, _id, content) @@ -385,6 +455,6 @@ class BaseTopic: indata.pop("_admin", None) indata["_id"] = _id self._send_msg("edit", indata) - return id + return _id except ValidationError as e: raise EngineException(e, HTTPStatus.UNPROCESSABLE_ENTITY)