drafted service and rest

pcrespov · pcrespov · commit ee1efc7c3d60 · 2025-01-06T14:21:28.000+01:00
diff --git a/packages/common-library/src/common_library/groups_dicts.py b/packages/common-library/src/common_library/groups_dicts.py
@@ -0,0 +1,7 @@
+from typing_extensions import TypedDict
+
+
+class AccessRightsDict(TypedDict):
+    read: bool
+    write: bool
+    delete: bool
diff --git a/packages/postgres-database/src/simcore_postgres_database/utils_tags.py b/packages/postgres-database/src/simcore_postgres_database/utils_tags.py
@@ -234,54 +234,43 @@ async def delete(
     # ACCESS RIGHTS
     #
 
-    async def _has_access_rights(
+    async def has_access_rights(
         self,
-        connection: AsyncConnection,
+        connection: AsyncConnection | None = None,
         *,
         caller_id: int,
         tag_id: int,
         read: bool = False,
         write: bool = False,
         delete: bool = False,
     ) -> bool:
-        result = await connection.execute(
-            has_access_rights_stmt(
-                tag_id=tag_id,
-                caller_user_id=caller_id,
-                read=read,
-                write=write,
-                delete=delete,
+        async with pass_or_acquire_connection(self.engine, connection) as conn:
+            result = await conn.execute(
+                has_access_rights_stmt(
+                    tag_id=tag_id,
+                    caller_user_id=caller_id,
+                    read=read,
+                    write=write,
+                    delete=delete,
+                )
             )
-        )
-        return result.fetchone() is not None
+            return result.fetchone() is not None
 
     async def list_access_rights(
         self,
         connection: AsyncConnection | None = None,
         *,
-        # caller
-        user_id: int,
         # target
         tag_id: int,
     ):
         async with pass_or_acquire_connection(self.engine, connection) as conn:
-            if not await self._has_access_rights(
-                conn, caller_id=user_id, tag_id=tag_id, read=True
-            ):
-                # TODO: empyt list or error?
-                raise TagOperationNotAllowedError(
-                    operation="share.list", user_id=user_id, tag_id=tag_id
-                )
-
             result = await conn.execute(list_tag_group_access_stmt(tag_id=tag_id))
             return [dict(row) for row in result.fetchall()]
 
     async def create_or_update_access_rights(
         self,
         connection: AsyncConnection | None = None,
         *,
-        # caller
-        user_id: int,
         # target
         tag_id: int,
         group_id: int,
@@ -291,13 +280,6 @@ async def create_or_update_access_rights(
         delete: bool,
     ):
         async with transaction_context(self.engine, connection) as conn:
-            if not await self._has_access_rights(
-                conn, caller_id=user_id, tag_id=tag_id, write=True
-            ):
-                raise TagOperationNotAllowedError(
-                    operation="share.write", user_id=user_id, tag_id=tag_id
-                )
-
             result = await conn.execute(
                 upsert_tags_access_rights_stmt(
                     tag_id=tag_id,
@@ -314,19 +296,11 @@ async def delete_access_rights(
         self,
         connection: AsyncConnection | None = None,
         *,
-        user_id: int,
         # target
         tag_id: int,
         group_id: int,
     ) -> bool:
         async with transaction_context(self.engine, connection) as conn:
-            if not await self._has_access_rights(
-                conn, caller_id=user_id, tag_id=tag_id, write=True
-            ):
-                raise TagOperationNotAllowedError(
-                    operation="share.delete", user_id=user_id, tag_id=tag_id
-                )
-
             deleted: bool = await conn.scalar(
                 delete_tag_access_rights_stmt(tag_id=tag_id, group_id=group_id)
             )
diff --git a/services/web/server/src/simcore_service_webserver/tags/_rest.py b/services/web/server/src/simcore_service_webserver/tags/_rest.py
@@ -1,11 +1,9 @@
 from aiohttp import web
-from pydantic import TypeAdapter
 from servicelib.aiohttp import status
 from servicelib.aiohttp.requests_validation import (
     parse_request_body_as,
     parse_request_path_parameters_as,
 )
-from servicelib.mimetype_constants import MIMETYPE_APPLICATION_JSON
 from simcore_postgres_database.utils_tags import (
     TagNotFoundError,
     TagOperationNotAllowedError,
@@ -123,49 +121,72 @@ async def delete_tag(request: web.Request):
 @permission_required("tag.crud.*")
 @_handle_tags_exceptions
 async def list_tag_groups(request: web.Request):
+    req_ctx = TagRequestContext.model_validate(request)
     path_params = parse_request_path_parameters_as(TagPathParams, request)
 
-    assert path_params  # nosec
-    assert envelope_json_response(TypeAdapter(list[TagGroupGet]).validate_python([]))
-
-    raise NotImplementedError
+    got = await _service.list_tag_groups(
+        request.app,
+        caller_user_id=req_ctx.user_id,
+        tag_id=path_params.tag_id,
+    )
+    return envelope_json_response([TagGroupGet.from_model(md) for md in got])
 
 
 @routes.post(f"/{VTAG}/tags/{{tag_id}}/groups/{{group_id}}", name="create_tag_group")
 @login_required
 @permission_required("tag.crud.*")
 @_handle_tags_exceptions
 async def create_tag_group(request: web.Request):
+    req_ctx = TagRequestContext.model_validate(request)
     path_params = parse_request_path_parameters_as(TagGroupPathParams, request)
-    new_tag_group = await parse_request_body_as(TagGroupCreate, request)
+    body_params = await parse_request_body_as(TagGroupCreate, request)
 
-    assert path_params  # nosec
-    assert new_tag_group  # nosec
+    got = await _service.share_tag_with_group(
+        request.app,
+        caller_user_id=req_ctx.user_id,
+        tag_id=path_params.tag_id,
+        group_id=path_params.group_id,
+        access_rights=body_params.to_model(),
+    )
 
-    raise NotImplementedError
+    return envelope_json_response(
+        TagGroupGet.from_model(got), status_cls=web.HTTPCreated
+    )
 
 
 @routes.put(f"/{VTAG}/tags/{{tag_id}}/groups/{{group_id}}", name="replace_tag_group")
 @login_required
 @permission_required("tag.crud.*")
 @_handle_tags_exceptions
 async def replace_tag_group(request: web.Request):
+    req_ctx = TagRequestContext.model_validate(request)
     path_params = parse_request_path_parameters_as(TagGroupPathParams, request)
-    new_tag_group = await parse_request_body_as(TagGroupCreate, request)
+    body_params = await parse_request_body_as(TagGroupCreate, request)
 
-    assert path_params  # nosec
-    assert new_tag_group  # nosec
+    got = await _service.share_tag_with_group(
+        request.app,
+        caller_user_id=req_ctx.user_id,
+        tag_id=path_params.tag_id,
+        group_id=path_params.group_id,
+        access_rights=body_params.to_model(),
+    )
 
-    raise NotImplementedError
+    return envelope_json_response(TagGroupGet.from_model(got))
 
 
 @routes.delete(f"/{VTAG}/tags/{{tag_id}}/groups/{{group_id}}", name="delete_tag_group")
 @login_required
 @permission_required("tag.crud.*")
 @_handle_tags_exceptions
 async def delete_tag_group(request: web.Request):
+    req_ctx = TagRequestContext.model_validate(request)
     path_params = parse_request_path_parameters_as(TagGroupPathParams, request)
 
-    assert path_params  # nosec
-    assert web.HTTPNoContent(content_type=MIMETYPE_APPLICATION_JSON)
-    raise NotImplementedError
+    await _service.unshare_tag_with_group(
+        request.app,
+        caller_user_id=req_ctx.user_id,
+        tag_id=path_params.tag_id,
+        group_id=path_params.group_id,
+    )
+
+    return web.json_response(status=status.HTTP_204_NO_CONTENT)
diff --git a/services/web/server/src/simcore_service_webserver/tags/_service.py b/services/web/server/src/simcore_service_webserver/tags/_service.py
@@ -2,10 +2,12 @@
 """
 
 from aiohttp import web
+from common_library.groups_dicts import AccessRightsDict
 from models_library.basic_types import IdInt
+from models_library.groups import GroupID
 from models_library.users import UserID
 from servicelib.aiohttp.db_asyncpg_engine import get_async_engine
-from simcore_postgres_database.utils_tags import TagsRepo
+from simcore_postgres_database.utils_tags import TagOperationNotAllowedError, TagsRepo
 from sqlalchemy.ext.asyncio import AsyncEngine
 
 from .schemas import TagCreate, TagGet, TagUpdate
@@ -56,3 +58,68 @@ async def delete_tag(app: web.Application, user_id: UserID, tag_id: IdInt):
 
     repo = TagsRepo(engine)
     await repo.delete(user_id=user_id, tag_id=tag_id)
+
+
+async def share_tag_with_group(
+    app: web.Application,
+    *,
+    caller_user_id: UserID,
+    tag_id: IdInt,
+    group_id: GroupID,
+    access_rights: AccessRightsDict,
+):
+    """
+    Raises:
+        TagOperationNotAllowedError
+    """
+    repo = TagsRepo(get_async_engine(app))
+
+    if not await repo.has_access_rights(
+        caller_id=caller_user_id, tag_id=tag_id, write=True
+    ):
+        raise TagOperationNotAllowedError(
+            operation="share.write", user_id=caller_user_id, tag_id=tag_id
+        )
+
+    await repo.create_or_update_access_rights(
+        tag_id=tag_id,
+        group_id=group_id,
+        **access_rights,
+    )
+
+
+async def unshare_tag_with_group(
+    app: web.Application,
+    *,
+    caller_user_id: UserID,
+    tag_id: IdInt,
+    group_id: GroupID,
+) -> bool:
+    repo = TagsRepo(get_async_engine(app))
+
+    if not await repo.has_access_rights(
+        caller_id=caller_user_id, tag_id=tag_id, delete=True
+    ):
+        raise TagOperationNotAllowedError(
+            operation="share.delete", user_id=caller_user_id, tag_id=tag_id
+        )
+
+    deleted: bool = await repo.delete_access_rights(tag_id=tag_id, group_id=group_id)
+    return deleted
+
+
+async def list_tag_groups(
+    app: web.Application,
+    *,
+    caller_user_id: UserID,
+    tag_id: IdInt,
+):
+
+    repo = TagsRepo(get_async_engine(app))
+
+    if not await repo.has_access_rights(
+        caller_id=caller_user_id, tag_id=tag_id, read=True
+    ):
+        return []
+
+    return await repo.list_access_rights(tag_id=tag_id)
diff --git a/services/web/server/src/simcore_service_webserver/tags/schemas.py b/services/web/server/src/simcore_service_webserver/tags/schemas.py
@@ -1,7 +1,8 @@
 import re
 from datetime import datetime
-from typing import Annotated
+from typing import Annotated, Any, Self
 
+from common_library.groups_dicts import AccessRightsDict
 from models_library.api_schemas_webserver._base import InputSchema, OutputSchema
 from models_library.groups import GroupID
 from models_library.rest_base import RequestParameters, StrictRequestParameters
@@ -84,6 +85,9 @@ class TagGroupCreate(InputSchema):
     write: bool
     delete: bool
 
+    def to_model(self) -> AccessRightsDict:
+        return AccessRightsDict(**self.model_dump())
+
 
 class TagGroupGet(OutputSchema):
     gid: GroupID
@@ -94,3 +98,7 @@ class TagGroupGet(OutputSchema):
     # timestamps
     created: datetime
     modified: datetime
+
+    @classmethod
+    def from_model(cls, data: dict[str, Any]) -> Self:
+        raise NotImplementedError
