Merge pull request #139 from scaleoutsystems/feature/STACKN-120

Feature/stackn 120
scaleoutsystems · Aug 25, 2020 · d34688f · d34688f
2 parents cb1d755 + 390d97f
commit d34688f
Show file tree

Hide file tree

Showing 3 changed files with 74 additions and 39 deletions.
diff --git a/components/studio/api/APIpermissions.py b/components/studio/api/APIpermissions.py
@@ -0,0 +1,31 @@
+from rest_framework.permissions import BasePermission
+from django.http import QueryDict
+from .serializers import Model, MLModelSerializer, Report, ReportSerializer, \
+    ReportGenerator, ReportGeneratorSerializer, Project, ProjectSerializer, \
+    DeploymentInstance, DeploymentInstanceSerializer, DeploymentDefinition, \
+    DeploymentDefinitionSerializer
+import modules.keycloak_lib as keylib
+
+
+class ProjectPermission(BasePermission):
+
+    def has_permission(self, request, view):
+        """
+        Should simply return, or raise a 403 response.
+        """
+
+        project = Project.objects.get(pk=view.kwargs['project_pk'])
+
+        project_rules = {
+            'GET': ['guest', 'member', 'admin'],
+            'POST': ['member', 'admin'],
+            'PUT': ['member', 'admin'],
+            'DELETE': ['admin']
+        }
+
+        is_authorized = False
+        if request.method in project_rules:
+            is_authorized = keylib.keycloak_verify_user_role(request, project.slug, project_rules[request.method])
+
+        print('Is authorized: {}'.format(is_authorized))
+        return is_authorized
diff --git a/components/studio/api/urls.py b/components/studio/api/urls.py
@@ -1,20 +1,32 @@
 from django.conf.urls import include
 from django.urls import path
-from rest_framework import routers
+import rest_framework.routers as drfrouters
 from .views import ModelList, ReportList, ReportGeneratorList, ProjectList, DeploymentInstanceList, DeploymentDefinitionList
 from rest_framework.authtoken.views import obtain_auth_token
+from rest_framework_nested import routers
 
 app_name = 'api'
 
-router = routers.DefaultRouter()
-router.register(r'models', ModelList, basename='model')
-router.register(r'reports', ReportList, basename='report')
-router.register(r'generators', ReportGeneratorList, basename='report_generator')
-router.register(r'projects', ProjectList, basename='project')
-router.register(r'deploymentInstances', DeploymentInstanceList, basename='deploymentInstance')
-router.register(r'deploymentDefinitions', DeploymentDefinitionList, basename='deploymentDefinition')
+router_drf = drfrouters.DefaultRouter()
+# router = routers.DefaultRouter()
+router = routers.SimpleRouter()
 
+router.register(r'reports', ReportList, base_name='report')
+router.register(r'generators', ReportGeneratorList, base_name='report_generator')
+router.register(r'projects', ProjectList, base_name='project')
+
+models_router = routers.NestedSimpleRouter(router, r'projects', lookup='project')
+models_router.register(r'models', ModelList, base_name='model')
+# router.register(r'models', ModelList, basename='model')
+router.register(r'deploymentInstances', DeploymentInstanceList, base_name='deploymentInstance')
+router.register(r'deploymentDefinitions', DeploymentDefinitionList, base_name='deploymentDefinition')
+# print(router.urls)
+print(models_router.urls)
 urlpatterns = [
+    path('', include(router_drf.urls)),
     path('', include(router.urls)),
+    path('', include(models_router.urls)),
     path('api-token-auth', obtain_auth_token, name='api_token_auth'),
 ]
+
+print(urlpatterns)
diff --git a/components/studio/api/views.py b/components/studio/api/views.py
@@ -6,63 +6,55 @@
 from django.db.models import Q
 from rest_framework.mixins import CreateModelMixin, ListModelMixin, RetrieveModelMixin, UpdateModelMixin
 from rest_framework.viewsets import GenericViewSet
-from rest_framework.decorators import action
+from rest_framework.decorators import action, api_view
 from rest_framework.permissions import IsAuthenticated
 from rest_framework import generics
+from .APIpermissions import ProjectPermission
 from deployments.helpers import build_definition
 from projects.helpers import create_project_resources
+import modules.keycloak_lib as keylib
 
 from .serializers import Model, MLModelSerializer, Report, ReportSerializer, \
     ReportGenerator, ReportGeneratorSerializer, Project, ProjectSerializer, \
     DeploymentInstance, DeploymentInstanceSerializer, DeploymentDefinition, \
     DeploymentDefinitionSerializer
 
 class ModelList(GenericViewSet, CreateModelMixin, RetrieveModelMixin, UpdateModelMixin, ListModelMixin):
-    permission_classes = (IsAuthenticated,)
+    permission_classes = (IsAuthenticated, ProjectPermission,)
     serializer_class = MLModelSerializer
     filter_backends = [DjangoFilterBackend]
-    filterset_fields = ['id','name', 'version', 'project']
+    filterset_fields = ['id','name', 'version']
 
     def get_queryset(self):
         """
         This view should return a list of all the models
         for the currently authenticated user.
         """
-        current_user = self.request.user
-        return Model.objects.filter(project__owner__username=current_user)
+        return Model.objects.filter(project__pk=self.kwargs['project_pk'])
+
+    def destroy(self, request, *args, **kwargs):
+        model = self.get_object()
+        model.delete()
+        return HttpResponse('ok', 200)
 
+    def create(self, request, *args, **kwargs):
+        project = Project.objects.get(id=self.kwargs['project_pk'])
 
-    @action(detail=False, methods=['post'], permission_classes=[IsAuthenticated])
-    def release(self, request):
-        # Could we get the token here for authorization?
-        # We should check that the authenticated user also has
-        # the correct role in Keycloak.
-        project = Project.objects.get(id=request.data['project'])
-        current_user = self.request.user
-        if current_user == project.owner:
-            # project = model.project
+        try:
             model_name = request.data['name']
             release_type = request.data['release_type']
             description = request.data['description']
             model_uid = request.data['uid']
-            # project_id = request.data['project']
-            new_model = Model(name=model_name,
-                              release_type=release_type,
-                              description=description,
-                              uid=model_uid,
-                              project=project)
-            new_model.save()
-            return HttpResponse('ok', 200)
-
+        except:
+            return HttpResponse('Failed to create model.', 400)
 
-    def destroy(self, request, *args, **kwargs):
-        model = self.get_object()
-        current_user = self.request.user
-        if current_user == model.project.owner:
-            model.delete()
-            return HttpResponse('ok', 200)
-        else:
-            return HttpResponse('Not Allowed', 400)
+        new_model = Model(name=model_name,
+                          release_type=release_type,
+                          description=description,
+                          uid=model_uid,
+                          project=project)
+        new_model.save()
+        return HttpResponse('ok', 200)
 
 class DeploymentDefinitionList(GenericViewSet, CreateModelMixin, RetrieveModelMixin, UpdateModelMixin, ListModelMixin):
     permission_classes = (IsAuthenticated,)