Added filters and pagination for instance endpoint (only for admins).

cerndb · Jul 26, 2018 · 329814f · 329814f
1 parent bcf845a
commit 329814f
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 7 deletions.
diff --git a/apiato/api/instance.py b/apiato/api/instance.py
@@ -232,6 +232,7 @@ class Instance_filter(tornado.web.RequestHandler):
     """
 
     get_instances_url = config.get('postgrest', 'get_instances_url')
+    instance_url = config.get('postgrest', 'instance_url')
 
     def get(self, *args):
 
@@ -251,8 +252,16 @@ def get(self, *args):
         except:
             raise tornado.web.HTTPError(BAD_REQUEST, "Error parsing JSON 'auth' header.")
 
-        logging.debug("RPC Url : %s" % (self.get_instances_url))
-        response = make_full_post_request(self.get_instances_url, self.request, dict(), auth)
+        # Check if the header contains the 3 required parameters
+        if "admin" not in auth or "groups" not in auth or "owner" not in auth:
+            raise tornado.web.HTTPError(BAD_REQUEST, "Missing parameters in 'auth' header.")
+
+        if "admin" in auth and auth["admin"] == True:
+            logging.debug("Url : %s" % (self.instance_url))
+            response = make_full_get_request(self.instance_url, self.request, dict())
+        else:
+            logging.debug("RPC Url : %s" % (self.get_instances_url))
+            response = make_full_post_request(self.get_instances_url, self.request, dict(), auth)
 
         if response.ok:
             logging.debug(response.text)

diff --git a/apiato/tests/auth_test.py b/apiato/tests/auth_test.py
@@ -151,16 +151,16 @@ def test_list_instances_only_owner(self):
         self.assertEquals(response.code, 400)
 
     @timeout(5)
-    def test_list_instances_only_egroup(self):
-        """Get the list of instances if only egroup param was specified"""
-        auth_header = '{"egroup": ["testgroupB"]}'
+    def test_list_instances_only_groups(self):
+        """Get the list of instances if only groups param was specified"""
+        auth_header = '{"groups": ["testgroupB"]}'
 
         response = self.fetch("/api/v1/instance", headers={'Authorization': self.authentication, 'Auth':auth_header })
         self.assertEquals(response.code, 400)
 
     @timeout(5)
     def test_list_instances_only_admin(self):
-        """Get the list of instances if only egroup param was specified"""
+        """Get the list of instances if only admin param was specified"""
         auth_header = '{"admin": true}'
 
         response = self.fetch("/api/v1/instance", headers={'Authorization': self.authentication, 'Auth':auth_header })

diff --git a/setup.py b/setup.py
@@ -15,7 +15,7 @@
 from setuptools import setup, find_packages
 
 setup(name='apiato',
-      version='0.11.1',
+      version='0.11.2',
       description='CERN Apiato REST API',
       author='CERN',
       author_email='icot@cern.ch',