drafted sharing

Author: pcrespov

packages/postgres-database/src/simcore_postgres_database/utils_tags.py

@@ -10,14 +10,14 @@
 from .utils_tags_sql import (
     count_groups_with_given_access_rights_stmt,
     create_tag_stmt,
-    delete_tag_sharing_stmt,
+    delete_tag_access_rights_stmt,
     delete_tag_stmt,
     get_tag_stmt,
     has_access_rights_stmt,
     list_tag_group_access_stmt,
     list_tags_stmt,
-    share_tag_stmt,
     update_tag_stmt,
+    upsert_tags_access_rights_stmt,
 )
 
 
@@ -112,7 +112,7 @@ async def create(
             assert tag  # nosec
 
             # take tag ownership
-            access_stmt = share_tag_stmt(
+            access_stmt = upsert_tags_access_rights_stmt(
                 tag_id=tag.id,
                 user_id=user_id,
                 read=read,
@@ -255,7 +255,7 @@ async def _has_access_rights(
         )
         return result.fetchone() is not None
 
-    async def list_tag_group_access(
+    async def list_access_rights(
         self,
         connection: AsyncConnection | None = None,
         *,
@@ -299,7 +299,7 @@ async def create_or_update_access_rights(
                 )
 
             result = await conn.execute(
-                share_tag_stmt(
+                upsert_tags_access_rights_stmt(
                     tag_id=tag_id,
                     group_id=group_id,
                     read=read,
@@ -328,6 +328,6 @@ async def delete_access_rights(
                 )
 
             deleted: bool = await conn.scalar(
-                delete_tag_sharing_stmt(tag_id=tag_id, group_id=group_id)
+                delete_tag_access_rights_stmt(tag_id=tag_id, group_id=group_id)
             )
             return deleted

packages/postgres-database/src/simcore_postgres_database/utils_tags_sql.py

@@ -164,17 +164,60 @@ def delete_tag_stmt(*, user_id: int, tag_id: int):
 
 
 #
-# ACCESS RIGHTS AND SHARING: GROUP<--> TAGS
+# ACCESS RIGHTS
 #
 
 
-def list_tag_group_access_stmt(*, tag_id: int):
-    return sa.select(tags_access_rights.c.group_id, *_ACCESS_RIGHTS_COLUMNS).where(
-        tags_access_rights.c.tag_id == tag_id
+def has_access_rights_stmt(
+    *,
+    tag_id: int,
+    caller_user_id: int | None = None,
+    caller_group_id: int | None = None,
+    read: bool = False,
+    write: bool = False,
+    delete: bool = False,
+):
+    conditions = []
+
+    # caller
+    if caller_user_id is not None:
+        group_condition = (
+            tags_access_rights.c.group_id
+            == sa.select(users.c.primary_gid)
+            .where(users.c.id == caller_user_id)
+            .scalar_subquery()
+        )
+    elif caller_group_id is not None:
+        group_condition = tags_access_rights.c.group_id == caller_group_id
+    else:
+        msg = "Either caller_user_id or caller_group_id must be provided."
+        raise ValueError(msg)
+
+    conditions.append(group_condition)
+    if read:
+        conditions.append(tags_access_rights.c.read.is_(True))
+    if write:
+        conditions.append(tags_access_rights.c.write.is_(True))
+    if delete:
+        conditions.append(tags_access_rights.c.delete.is_(True))
+
+    return sa.select(tags_access_rights).where(
+        sa.and_(
+            tags_access_rights.c.tag_id == tag_id,
+            *conditions,
+        )
     )
 
 
-def share_tag_stmt(
+def list_tag_group_access_stmt(*, tag_id: int):
+    return sa.select(
+        tags_access_rights.c.tag_id,
+        tags_access_rights.c.group_id,
+        *_ACCESS_RIGHTS_COLUMNS,
+    ).where(tags_access_rights.c.tag_id == tag_id)
+
+
+def upsert_tags_access_rights_stmt(
     *,
     tag_id: int,
     group_id: int | None = None,
@@ -209,11 +252,15 @@ def share_tag_stmt(
             index_elements=["tag_id", "group_id"],
             set_={"read": read, "write": write, "delete": delete},
         )
-        .returning(tags_access_rights.c.group_id, *_ACCESS_RIGHTS_COLUMNS)
+        .returning(
+            tags_access_rights.c.tag_id,
+            tags_access_rights.c.group_id,
+            *_ACCESS_RIGHTS_COLUMNS,
+        )
     )
 
 
-def delete_tag_sharing_stmt(*, tag_id: int, group_id: int):
+def delete_tag_access_rights_stmt(*, tag_id: int, group_id: int):
     return (
         sa.delete(tags_access_rights)
         .where(
@@ -224,47 +271,6 @@ def delete_tag_sharing_stmt(*, tag_id: int, group_id: int):
     )
 
 
-def has_access_rights_stmt(
-    *,
-    tag_id: int,
-    caller_user_id: int | None = None,
-    caller_group_id: int | None = None,
-    read: bool = False,
-    write: bool = False,
-    delete: bool = False,
-):
-    conditions = []
-
-    # caller
-    if caller_user_id is not None:
-        group_condition = (
-            tags_access_rights.c.group_id
-            == sa.select(users.c.primary_gid)
-            .where(users.c.id == caller_user_id)
-            .scalar_subquery()
-        )
-    elif caller_group_id is not None:
-        group_condition = tags_access_rights.c.group_id == caller_group_id
-    else:
-        msg = "Either caller_user_id or caller_group_id must be provided."
-        raise ValueError(msg)
-
-    conditions.append(group_condition)
-    if read:
-        conditions.append(tags_access_rights.c.read.is_(True))
-    if write:
-        conditions.append(tags_access_rights.c.write.is_(True))
-    if delete:
-        conditions.append(tags_access_rights.c.delete.is_(True))
-
-    return sa.select(tags_access_rights).where(
-        sa.and_(
-            tags_access_rights.c.tag_id == tag_id,
-            *conditions,
-        )
-    )
-
-
 #
 # PROJECT TAGS
 #

packages/postgres-database/tests/test_utils_tags.py

@@ -28,8 +28,8 @@
     get_tags_for_project_stmt,
     get_tags_for_services_stmt,
     list_tags_stmt,
-    share_tag_stmt,
     update_tag_stmt,
+    upsert_tags_access_rights_stmt,
 )
 from sqlalchemy.ext.asyncio import AsyncEngine
 
@@ -690,7 +690,7 @@ def _check(func_smt, **kwargs):
     )
 
     _check(
-        share_tag_stmt,
+        upsert_tags_access_rights_stmt,
         tag_id=tag_id,
         user_id=user_id,
         read=True,