22
33import logging
44from contextlib import suppress
5+ from typing import Literal
56
67from models_library .api_schemas_catalog .services import (
78 LatestServiceGet ,
@@ -226,12 +227,13 @@ async def get_catalog_service(
226227 service_version : ServiceVersion ,
227228) -> ServiceGetV2 :
228229
229- access_rights = await check_catalog_service (
230+ access_rights = await check_catalog_service_permissions (
230231 repo = repo ,
231232 product_name = product_name ,
232233 user_id = user_id ,
233234 service_key = service_key ,
234235 service_version = service_version ,
236+ permission = "read" ,
235237 )
236238
237239 service = await repo .get_service_with_history (
@@ -287,12 +289,13 @@ async def update_catalog_service(
287289 )
288290
289291 # Check access rights first
290- access_rights = await check_catalog_service (
292+ access_rights = await check_catalog_service_permissions (
291293 repo = repo ,
292294 product_name = product_name ,
293295 user_id = user_id ,
294296 service_key = service_key ,
295297 service_version = service_version ,
298+ permission = "write" ,
296299 )
297300
298301 # Updates service_meta_data
@@ -349,18 +352,29 @@ async def update_catalog_service(
349352 )
350353
351354
352- async def check_catalog_service (
355+ async def check_catalog_service_permissions (
353356 repo : ServicesRepository ,
357+ * ,
354358 product_name : ProductName ,
355359 user_id : UserID ,
356360 service_key : ServiceKey ,
357361 service_version : ServiceVersion ,
362+ permission : Literal ["read" , "write" ],
358363) -> list [ServiceAccessRightsAtDB ]:
359- """Raises if the service canot be read
364+ """Raises if the service cannot be accessed with the specified permission level
365+
366+ Args:
367+ repo: Repository for services
368+ product_name: Product name
369+ user_id: User ID
370+ service_key: Service key
371+ service_version: Service version
372+ permission: Permission level to check, either "read" or "write".
373+ Note that write permission implies read permission.
360374
361375 Raises:
362376 CatalogItemNotFoundError: service (key,version) not found
363- CatalogForbiddenError: insufficient access rights to get read accss
377+ CatalogForbiddenError: insufficient access rights to get the requested access
364378 """
365379
366380 access_rights = await repo .get_service_access_rights (
@@ -377,12 +391,23 @@ async def check_catalog_service(
377391 product_name = product_name ,
378392 )
379393
380- if not await repo .can_get_service (
381- product_name = product_name ,
382- user_id = user_id ,
383- key = service_key ,
384- version = service_version ,
385- ):
394+ has_permission = False
395+ if permission == "read" :
396+ has_permission = await repo .can_get_service (
397+ product_name = product_name ,
398+ user_id = user_id ,
399+ key = service_key ,
400+ version = service_version ,
401+ )
402+ elif permission == "write" :
403+ has_permission = await repo .can_update_service (
404+ product_name = product_name ,
405+ user_id = user_id ,
406+ key = service_key ,
407+ version = service_version ,
408+ )
409+
410+ if not has_permission :
386411 raise CatalogForbiddenError (
387412 name = f"{ service_key } { service_version } ,
388413 service_key = service_key ,
@@ -549,12 +574,13 @@ async def get_user_services_ports(
549574 """
550575
551576 # Check access rights first
552- await check_catalog_service (
577+ await check_catalog_service_permissions (
553578 repo = repo ,
554579 product_name = product_name ,
555580 user_id = user_id ,
556581 service_key = service_key ,
557582 service_version = service_version ,
583+ permission = "read" ,
558584 )
559585
560586 # Get service ports from manifest
0 commit comments