Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Jkmarx/groups api v2 #3265

Merged
merged 9 commits into from
Mar 21, 2019
Merged

Jkmarx/groups api v2 #3265

Show file tree
Hide file tree
Changes from 8 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
380e510
Add group v2 api.
jkmarx Mar 18, 2019
f7cd97e
Update group api for client.
jkmarx Mar 18, 2019
40f9b0b
Add owner info to data_set api.
jkmarx Mar 18, 2019
3c77cf8
Add user_perms to data_set v2 api.
jkmarx Mar 19, 2019
ca1eca6
Fix unit tests and formatting.
jkmarx Mar 19, 2019
b157414
Add api unit tests.
jkmarx Mar 20, 2019
e2983f4
Resolve merge conflicts.
jkmarx Mar 20, 2019
8ac4b3f
Refactor per style guide and remove unused lookup field.
jkmarx Mar 20, 2019
af1d299
Minor styling fixes.
jkmarx Mar 21, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
42 changes: 40 additions & 2 deletions refinery/core/serializers.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
import logging

from django.conf import settings
from guardian.shortcuts import get_perms
from rest_framework import serializers
from rest_framework.validators import UniqueValidator

from .models import (DataSet, Event, SiteProfile, SiteVideo, User,
from .models import (DataSet, Event, Group, SiteProfile, SiteVideo, User,
UserProfile, Workflow)

logger = logging.getLogger(__name__)
Expand All @@ -21,10 +22,12 @@ class DataSetSerializer(serializers.ModelSerializer):
)
description = serializers.CharField(max_length=5000)
is_owner = serializers.SerializerMethodField()
owner = serializers.SerializerMethodField()
public = serializers.SerializerMethodField()
is_clean = serializers.SerializerMethodField()
file_count = serializers.SerializerMethodField()
analyses = serializers.SerializerMethodField()
user_perms = serializers.SerializerMethodField()

def get_analyses(self, data_set):
return [dict(uuid=analysis.uuid,
Expand All @@ -45,6 +48,9 @@ def get_is_owner(self, data_set):
return False
return user_request == owner

def get_owner(self, data_set):
return UserSerializer(data_set.get_owner()).data

def get_public(self, data_set):
try:
return data_set.public
Expand All @@ -58,11 +64,24 @@ def get_is_clean(self, data_set):
def get_file_count(self, data_set):
return data_set.get_file_count()

def get_user_perms(self, data_set):
try:
request_user = self.context.get('request').user
except AttributeError as e:
logger.error("Request is missing a user: %s", e)
return {'change': False,
'read': False,
'read_meta': False}
user_perms = get_perms(request_user, data_set)
return {'change': 'change_dataset' in user_perms,
'read': 'read_dataset' in user_perms,
'read_meta': 'read_meta_dataset' in user_perms}

class Meta:
model = DataSet
fields = ('title', 'accession', 'analyses', 'summary', 'description',
'slug', 'uuid', 'modification_date', 'id', 'is_owner',
'public', 'is_clean', 'file_count')
'owner', 'public', 'is_clean', 'file_count', 'user_perms')

def partial_update(self, instance, validated_data):
"""
Expand All @@ -83,6 +102,25 @@ def partial_update(self, instance, validated_data):
return instance


class GroupSerializer(serializers.ModelSerializer):
perms = serializers.SerializerMethodField()
uuid = serializers.SerializerMethodField()

def get_perms(self, group):
data_set = self.context.get('data_set')
data_set_perms = get_perms(group, data_set)
return {'change': 'change_dataset' in data_set_perms,
'read': 'read_dataset' in data_set_perms,
'read_meta': 'read_meta_dataset' in data_set_perms}

def get_uuid(self, group):
return group.extendedgroup.uuid

class Meta:
model = Group
fields = ('name', 'id', 'uuid', 'perms')


class SiteVideoSerializer(serializers.ModelSerializer):
class Meta:
model = SiteVideo
Expand Down
120 changes: 118 additions & 2 deletions refinery/core/test_views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,8 +35,9 @@
from .serializers import DataSetSerializer, UserSerializer

from .views import (AnalysesViewSet, DataSetsViewSet, EventViewSet,
ObtainAuthTokenValidSession, SiteProfileViewSet,
UserProfileViewSet, WorkflowViewSet, user)
GroupViewSet, ObtainAuthTokenValidSession,
SiteProfileViewSet, UserProfileViewSet, WorkflowViewSet,
user)

cache = memcache.Client(["127.0.0.1:11211"])

Expand Down Expand Up @@ -305,6 +306,36 @@ def test_get_data_set_returns_file_count(self):
self.assertEqual(get_ds_response.data.get('file_count'),
self.data_set.get_file_count())

def test_get_data_set_returns_owner(self):
get_request = self.factory.get(urljoin(self.url_root,
self.data_set.uuid))
get_request.user = self.user
get_ds_response = self.get_ds_view(get_request, self.data_set.uuid)
self.assertEqual(
get_ds_response.data.get('owner').get('profile').get('uuid'),
self.user.profile.uuid
)

def test_get_data_set_returns_user_perms_for_owner(self):
get_request = self.factory.get(urljoin(self.url_root,
self.data_set.uuid))
get_request.user = self.user
get_ds_response = self.get_ds_view(get_request, self.data_set.uuid)
response_perms = get_ds_response.data.get('user_perms')
self.assertEqual(True, response_perms.get('change'))
self.assertEqual(True, response_perms.get('read'))
self.assertEqual(True, response_perms.get('read_meta'))

def test_get_public_data_set_returns_user_perms_for_anon(self):
self.data_set.share(ExtendedGroup.objects.public_group())
get_request = self.factory.get(urljoin(self.url_root,
self.data_set.uuid))
get_ds_response = self.get_ds_view(get_request, self.data_set.uuid)
response_perms = get_ds_response.data.get('user_perms')
self.assertEqual(False, response_perms.get('change'))
self.assertEqual(True, response_perms.get('read'))
self.assertEqual(True, response_perms.get('read_meta'))

def test_dataset_delete_successful(self):
delete_view = DataSetsViewSet.as_view({'delete': 'destroy'})
self.assertEqual(DataSet.objects.all().count(), 4)
Expand Down Expand Up @@ -816,6 +847,91 @@ def test_is_owner_reflects_actual_owner_with_admin_requester(self):
self.assertFalse(data_set["is_owner"])


class GroupApiV2Tests(APIV2TestCase):
def setUp(self):
super(GroupApiV2Tests, self).setUp(
api_base_name="groups/",
view=GroupViewSet.as_view({'get': 'list'})
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These two could fit on one line?

)
self.data_set = create_dataset_with_necessary_models(user=self.user)
self.group = ExtendedGroup.objects.create(name="Test Group")
self.group_2 = ExtendedGroup.objects.create(name="Test Group 2")
self.group.user_set.add(self.user)
self.group_2.user_set.add(self.user)
self.data_set.share(self.group)
self.data_set.share(self.group_2)

def test_get_groups_with_ds_uuid_returns_401_for_anon(self):
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd expand ds to dataset to make it more explicit (here and below).

get_request = self.factory.get(self.url_root,
{'dataSetUuid': self.data_set.uuid})
get_response = self.view(get_request)
self.assertEqual(get_response.status_code, 401)

def test_get_groups_invalid_ds_uuid_returns_404(self):
get_request = self.factory.get(self.url_root,
{'dataSetUuid': 'xxx2'})
get_response = self.view(get_request)
self.assertEqual(get_response.status_code, 404)

def test_get_groups_with_ds_uuid_returns_correct_groups(self):
get_request = self.factory.get(self.url_root,
{'dataSetUuid': self.data_set.uuid})
get_request.user = self.user
get_response = self.view(get_request)
self.assertEqual(len(get_response.data), 2)
group_uuid_list = [self.group.uuid, self.group_2.uuid]
self.assertIn(get_response.data[0].get('uuid'), group_uuid_list)
self.assertIn(get_response.data[1].get('uuid'), group_uuid_list)

def test_get_groups_with_ds_uuid_returns_public_group(self):
public_group = ExtendedGroup.objects.public_group()
self.data_set.share(public_group)
get_request = self.factory.get(self.url_root,
{'dataSetUuid': self.data_set.uuid})
get_request.user = self.user
get_response = self.view(get_request)
self.assertEqual(len(get_response.data), 3)
group_uuid_list = [get_response.data[0].get('id'),
get_response.data[1].get('id'),
get_response.data[2].get('id')]
self.assertIn(public_group.id, group_uuid_list)

def test_get_groups_with_ds_uuid_has_name_field(self):
self.data_set.unshare(self.group_2)
get_request = self.factory.get(self.url_root,
{'dataSetUuid': self.data_set.uuid})
get_request.user = self.user
get_response = self.view(get_request)
self.assertEqual(self.group.name, get_response.data[0].get('name'))

def test_get_groups_with_ds_uuid_has_id_field(self):
self.data_set.unshare(self.group_2)
get_request = self.factory.get(self.url_root,
{'dataSetUuid': self.data_set.uuid})
get_request.user = self.user
get_response = self.view(get_request)
self.assertEqual(self.group.id, get_response.data[0].get('id'))

def test_get_groups_with_ds_uuid_has_uuid(self):
self.data_set.unshare(self.group_2)
get_request = self.factory.get(self.url_root,
{'dataSetUuid': self.data_set.uuid})
get_request.user = self.user
get_response = self.view(get_request)
self.assertEqual(self.group.uuid, get_response.data[0].get('uuid'))

def test_get_groups_with_ds_uuid_has_correct_perms_field(self):
self.data_set.unshare(self.group_2)
get_request = self.factory.get(self.url_root,
{'dataSetUuid': self.data_set.uuid})
get_request.user = self.user
get_response = self.view(get_request)
response_perms = get_response.data[0].get('perms')
self.assertEqual(False, response_perms.get('change'))
self.assertEqual(True, response_perms.get('read'))
self.assertEqual(True, response_perms.get('read_meta'))


class AnalysisApiV2Tests(APIV2TestCase):

def setUp(self):
Expand Down
3 changes: 2 additions & 1 deletion refinery/core/urls.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
from rest_framework.routers import DefaultRouter

from .views import (AnalysesViewSet, DataSetsViewSet, EventViewSet,
ObtainAuthTokenValidSession, OpenIDToken,
GroupViewSet, ObtainAuthTokenValidSession, OpenIDToken,
SiteProfileViewSet, UserProfileViewSet, WorkflowViewSet,
site_statistics)

Expand Down Expand Up @@ -63,6 +63,7 @@
core_router = DefaultRouter()
core_router.register(r'workflows', WorkflowViewSet)
core_router.register(r'data_sets', DataSetsViewSet, 'data_sets')
core_router.register(r'groups', GroupViewSet, 'groups')
core_router.urls.extend([
url(r'^events/$', EventViewSet.as_view()),
url(r'^user_profile/(?P<uuid>' + UUID_RE + r')/$',
Expand Down
36 changes: 35 additions & 1 deletion refinery/core/views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@
from .models import (Analysis, CustomRegistrationProfile, DataSet, Event,
ExtendedGroup, Invitation, SiteProfile,
SiteStatistics, SiteVideo, UserProfile, Workflow)
from .serializers import (DataSetSerializer, EventSerializer,
from .serializers import (DataSetSerializer, EventSerializer, GroupSerializer,
SiteProfileSerializer, SiteVideoSerializer,
UserProfileSerializer, WorkflowSerializer)
from .utils import (api_error_response, get_data_sets_annotations,
Expand Down Expand Up @@ -855,6 +855,40 @@ def update_group_perms(self, new_owner):
"groups_without_access": groups_without_access}


class GroupViewSet(viewsets.ViewSet):
"""API endpoint for viewing groups."""
http_method_names = ['get']

def list(self, request):
data_set_uuid = request.query_params.get('dataSetUuid')
try:
data_set = DataSet.objects.get(uuid=data_set_uuid)
except DataSet.DoesNotExist as e:
logger.error(e)
return HttpResponseNotFound(
content="DataSet with UUID: {} not found.".format(
data_set_uuid
)
)
except DataSet.MultipleObjectsReturned as e:
logger.error(e)
return HttpResponseServerError(
content="Multiple dataSets returned for this request"
)

public_group = ExtendedGroup.objects.public_group()
if not ('read_meta_dataset' in get_perms(public_group, data_set) or
request.user.has_perm('core.read_meta_dataset', data_set)):
return Response(data_set_uuid, status=status.HTTP_401_UNAUTHORIZED)

groups_with_perms = get_groups_with_perms(data_set)

serializer = GroupSerializer(groups_with_perms, many=True,
context={'data_set': data_set})

return Response(serializer.data)


class AnalysesViewSet(APIView):
"""API endpoint that allows for Analyses to be deleted"""
http_method_names = ['delete']
Expand Down
45 changes: 27 additions & 18 deletions refinery/ui/source/js/commons/services/group.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,21 +1,30 @@
'use strict';
/**
* Group V2 Service
* @namespace groupV2Service
* @desc Service to query groups API with a data set uuid
* @memberOf refineryApp
*/
(function () {
'use strict';

function GroupFactory ($resource, settings) {
return $resource(
settings.appRoot + settings.refineryApi + '/groups/:uuid/',
{
uuid: '@uuid',
format: 'json'
},
{
query: {
method: 'GET',
isArray: false
angular
.module('refineryApp')
.factory('groupService', groupService);

groupService.$inject = ['$resource', 'settings'];

function groupService ($resource, settings) {
var groups = $resource(
settings.appRoot + settings.refineryApiV2 + '/groups/',
{},
{
query: {
method: 'GET',
isArray: true,
}
}
}
);
}
);

angular
.module('refineryApp')
.factory('groupService', ['$resource', 'settings', GroupFactory]);
return groups;
}
})();