feat: return updated access rights

Author: giancarloromeo

api/specs/web-server/_functions.py

@@ -10,8 +10,8 @@
 from _common import as_query
 from fastapi import APIRouter, Depends, status
 from models_library.api_schemas_webserver.functions import (
-    FunctionGroupGet,
-    FunctionGroupUpdate,
+    FunctionGroupAccessRightsGet,
+    FunctionGroupAccessRightsUpdate,
     FunctionToRegister,
     RegisteredFunctionGet,
     RegisteredFunctionUpdate,
@@ -84,11 +84,11 @@ async def delete_function(
 
 @router.put(
     "/functions/{function_id}/groups/{group_id}",
-    response_model=Envelope[FunctionGroupGet],
+    response_model=Envelope[FunctionGroupAccessRightsGet],
 )
 async def update_function_group(
     _path: Annotated[FunctionGroupPathParams, Depends()],
-    _body: FunctionGroupUpdate,
+    _body: FunctionGroupAccessRightsUpdate,
 ): ...
 
 

packages/models-library/src/models_library/api_schemas_webserver/functions.py

@@ -151,13 +151,13 @@ class ProjectFunctionToRegister(ProjectFunction, InputSchema): ...
 class RegisteredFunctionUpdate(FunctionUpdate, InputSchema): ...
 
 
-class FunctionGroupGet(OutputSchema):
+class FunctionGroupAccessRightsGet(OutputSchema):
     read: bool
     write: bool
     execute: bool
 
 
-class FunctionGroupUpdate(InputSchema):
+class FunctionGroupAccessRightsUpdate(InputSchema):
     read: bool
     write: bool
     execute: bool

services/web/server/src/simcore_service_webserver/functions/_controller/_functions_rest.py

@@ -3,7 +3,8 @@
 from aiohttp import web
 from models_library.api_schemas_webserver.functions import (
     Function,
-    FunctionGroupUpdate,
+    FunctionGroupAccessRightsGet,
+    FunctionGroupAccessRightsUpdate,
     FunctionToRegister,
     RegisteredFunction,
     RegisteredFunctionGet,
@@ -378,24 +379,32 @@ async def update_function_group(request: web.Request) -> web.Response:
 
     req_ctx = AuthenticatedRequestContext.model_validate(request)
 
-    function_group_update = FunctionGroupUpdate.model_validate(await request.json())
-
-    await _functions_service.set_function_group_permissions(
-        request.app,
-        user_id=req_ctx.user_id,
-        product_name=req_ctx.product_name,
-        function_id=function_id,
-        permissions=FunctionGroupAccessRights(
-            group_id=group_id,
-            read=function_group_update.read,
-            write=function_group_update.write,
-            execute=function_group_update.execute,
-        ),
+    function_group_update = FunctionGroupAccessRightsUpdate.model_validate(
+        await request.json()
     )
 
-    # TODO: return updated permissions
+    updated_function_access_rights = (
+        await _functions_service.set_function_group_permissions(
+            request.app,
+            user_id=req_ctx.user_id,
+            product_name=req_ctx.product_name,
+            function_id=function_id,
+            permissions=FunctionGroupAccessRights(
+                group_id=group_id,
+                read=function_group_update.read,
+                write=function_group_update.write,
+                execute=function_group_update.execute,
+            ),
+        )
+    )
 
-    return web.json_response(status=status.HTTP_202_ACCEPTED)
+    return envelope_json_response(
+        FunctionGroupAccessRightsGet(
+            read=updated_function_access_rights.read,
+            write=updated_function_access_rights.write,
+            execute=updated_function_access_rights.execute,
+        )
+    )
 
 
 @routes.delete(

services/web/server/src/simcore_service_webserver/functions/_functions_exceptions.py

@@ -0,0 +1,5 @@
+from common_library.errors_classes import OsparcErrorMixin
+
+
+class FunctionGroupAccessRightsNotFoundError(OsparcErrorMixin, Exception):
+    msg_template = "Group '{group_id}' does not have access rights to {object_type} '{object_id}' in product '{product_name}'"

services/web/server/src/simcore_service_webserver/functions/_functions_repository.py

@@ -10,6 +10,7 @@
 from models_library.functions import (
     FunctionAccessRightsDB,
     FunctionClass,
+    FunctionGroupAccessRights,
     FunctionID,
     FunctionInputs,
     FunctionInputSchema,
@@ -1075,7 +1076,7 @@ async def set_group_permissions(
     read: bool | None = None,
     write: bool | None = None,
     execute: bool | None = None,
-) -> None:
+) -> list[tuple[UUID, FunctionGroupAccessRights]]:
     async with pass_or_acquire_connection(get_asyncpg_engine(app), connection) as conn:
         for object_id in object_ids:
             await check_user_permissions(
@@ -1088,7 +1089,7 @@ async def set_group_permissions(
                 permissions=["write"],
             )
 
-        await _internal_set_group_permissions(
+        return await _internal_set_group_permissions(
             app,
             connection=connection,
             permission_group_id=permission_group_id,
@@ -1180,7 +1181,7 @@ async def _internal_set_group_permissions(
     read: bool | None = None,
     write: bool | None = None,
     execute: bool | None = None,
-) -> None:
+) -> list[tuple[UUID, FunctionGroupAccessRights]]:
     access_rights_table = None
     field_name = None
     if object_type == "function":
@@ -1196,6 +1197,7 @@ async def _internal_set_group_permissions(
     assert access_rights_table is not None  # nosec
     assert field_name is not None  # nosec
 
+    access_rights_list: list[tuple[UUID, FunctionGroupAccessRights]] = []
     async with transaction_context(get_asyncpg_engine(app), connection) as transaction:
         for object_id in object_ids:
             # Check if the group already has access rights for the function
@@ -1209,16 +1211,25 @@ async def _internal_set_group_permissions(
 
             if row is None:
                 # Insert new access rights if the group does not have any
-                await transaction.execute(
-                    access_rights_table.insert().values(
+                result = await transaction.execute(
+                    access_rights_table.insert()
+                    .values(
                         **{field_name: object_id},
                         group_id=permission_group_id,
                         product_name=product_name,
                         read=read if read is not None else False,
                         write=write if write is not None else False,
                         execute=execute if execute is not None else False,
                     )
+                    .returning(
+                        access_rights_table.c.group_id,
+                        access_rights_table.c.read,
+                        access_rights_table.c.write,
+                        access_rights_table.c.execute,
+                    )
                 )
+                row = result.one()
+                access_rights_list.append((object_id, FunctionGroupAccessRights(**row)))
             else:
                 # Update existing access rights only for non-None values
                 update_values = {
@@ -1234,7 +1245,17 @@ async def _internal_set_group_permissions(
                         access_rights_table.c.group_id == permission_group_id,
                     )
                     .values(**update_values)
+                    .returning(
+                        access_rights_table.c.group_id,
+                        access_rights_table.c.read,
+                        access_rights_table.c.write,
+                        access_rights_table.c.execute,
+                    )
                 )
+                row = result.one()
+                access_rights_list.append((object_id, FunctionGroupAccessRights(**row)))
+
+        return access_rights_list
 
 
 async def get_user_api_access_rights(

services/web/server/src/simcore_service_webserver/functions/_functions_service.py

@@ -44,6 +44,7 @@
 from servicelib.rabbitmq import RPCRouter
 
 from . import _functions_repository
+from ._functions_exceptions import FunctionGroupAccessRightsNotFoundError
 
 router = RPCRouter()
 
@@ -464,8 +465,8 @@ async def set_function_group_permissions(
     product_name: ProductName,
     function_id: FunctionID,
     permissions: FunctionGroupAccessRights,
-) -> None:
-    await _functions_repository.set_group_permissions(
+) -> FunctionGroupAccessRights:
+    access_rights_list = await _functions_repository.set_group_permissions(
         app=app,
         user_id=user_id,
         product_name=product_name,
@@ -476,6 +477,16 @@ async def set_function_group_permissions(
         write=permissions.write,
         execute=permissions.execute,
     )
+    for object_id, access_rights in access_rights_list:
+        if object_id == function_id:
+            return access_rights
+
+    raise FunctionGroupAccessRightsNotFoundError(
+        group_id=permissions.group_id,
+        product_name=product_name,
+        object_id=function_id,
+        object_type="function",
+    )
 
 
 async def remove_function_group_permissions(

services/web/server/tests/unit/with_dbs/04/functions/test_functions_service.py

@@ -53,20 +53,24 @@ async def test_set_and_remove_group_permissions(
             function_id=registered_function.uid,
         )
 
+    group_permissions = FunctionGroupAccessRights(
+        group_id=int(other_logged_user["primary_gid"]),
+        read=True,
+        write=True,
+        execute=False,
+    )
+
     # Give non-registering user group access
-    await _functions_service.set_function_group_permissions(
+    updated_group_permissions = await _functions_service.set_function_group_permissions(
         app=client.app,
         user_id=logged_user["id"],
         product_name=osparc_product_name,
         function_id=registered_function.uid,
-        permissions=FunctionGroupAccessRights(
-            group_id=int(other_logged_user["primary_gid"]),
-            read=True,
-            write=True,
-            execute=False,
-        ),
+        permissions=group_permissions,
     )
 
+    assert updated_group_permissions == group_permissions
+
     # Test if non-registering user can access the function
     returned_function = await _functions_service.get_function(
         app=client.app,