More appropriate permissions

Author: MrMatAP

.idea/dataSources.xml

@@ -0,0 +1,46 @@
+"""Owners and Resources
+
+Revision ID: d11062fbec93
+Revises: 4594cf7d8bfb
+Create Date: 2021-06-26 17:57:31.057034
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = 'd11062fbec93'
+down_revision = '4594cf7d8bfb'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.create_table('owners',
+    sa.Column('id', sa.BigInteger().with_variant(sa.Integer(), 'sqlite'), nullable=False),
+    sa.Column('client_id', sa.String(length=255), nullable=False),
+    sa.Column('name', sa.String(length=255), nullable=False),
+    sa.PrimaryKeyConstraint('id'),
+    sa.UniqueConstraint('client_id')
+    )
+    op.add_column('resources', sa.Column('owner_id', sa.Integer(), nullable=False))
+    op.alter_column('resources', 'name',
+               existing_type=sa.VARCHAR(length=50),
+               nullable=False)
+    op.create_foreign_key(None, 'resources', 'owners', ['owner_id'], ['id'])
+    op.drop_column('resources', 'owner')
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.add_column('resources', sa.Column('owner', sa.VARCHAR(length=50), autoincrement=False, nullable=True))
+    op.drop_constraint(None, 'resources', type_='foreignkey')
+    op.alter_column('resources', 'name',
+               existing_type=sa.VARCHAR(length=50),
+               nullable=True)
+    op.drop_column('resources', 'owner_id')
+    op.drop_table('owners')
+    # ### end Alembic commands ###

.idea/runConfigurations/mrmat_python_api_flask.xml

@@ -101,9 +101,9 @@ def create_app(config_override=None, instance_path=None):
             app.logger.info(f'Creating new instance path at {app.instance_path}')
             os.makedirs(app.instance_path)
         else:
-            app.logger.info(f'Using instance path at {app.instance_path}')
+            app.logger.info(f'Using existing instance path at {app.instance_path}')
     except OSError:
-        app.logger.error(f'Failed to create instance path at {app.instance_path}')
+        app.logger.error(f'Failed to create new instance path at {app.instance_path}')
         sys.exit(1)
 
     # When using Flask-SQLAlchemy, there is no need to explicitly import DAO classes because they themselves

…ations/mrmat_python_api_flask__oidc_.xml …ons/mrmat_python_api_flask__default_.xml.idea/runConfigurations/mrmat_python_api_flask__oidc_.xml renamed to .idea/runConfigurations/mrmat_python_api_flask__default_.xml .idea/runConfigurations/mrmat_python_api_flask__oidc_.xml renamed to .idea/runConfigurations/mrmat_python_api_flask__default_.xml

@@ -24,4 +24,4 @@
 """
 
 from .api import bp as api_resource_v1       # noqa: F401
-from .model import Resource, ResourceSchema  # noqa: F401
+from .model import Owner, Resource, OwnerSchema, ResourceSchema  # noqa: F401

…tions/mrmat_python_api_flask__debug_.xml …at_python_api_flask__default__debug_.xml.idea/runConfigurations/mrmat_python_api_flask__debug_.xml renamed to .idea/runConfigurations/mrmat_python_api_flask__default__debug_.xml .idea/runConfigurations/mrmat_python_api_flask__debug_.xml renamed to .idea/runConfigurations/mrmat_python_api_flask__default__debug_.xml

@@ -30,14 +30,15 @@
 from marshmallow import ValidationError
 
 from mrmat_python_api_flask import db, oidc
-from .model import Resource, resource_schema, resources_schema
+from .model import Owner, Resource, resource_schema, resources_schema
 
 bp = Blueprint('resource_v1', __name__)
 logger = LocalProxy(lambda: current_app.logger)
 
 
 def _extract_identity() -> Tuple:
-    return g.oidc_token_info['sub'], g.oidc_token_info['preferred_username']
+    return g.oidc_token_info['client_id'], \
+           g.oidc_token_info['preferred_username']
 
 
 @bp.route('/', methods=['GET'])
@@ -63,16 +64,35 @@ def get_one(i: int):
 @bp.route('/', methods=['POST'])
 @oidc.accept_token(require_token=True, scopes_required=['mrmat-python-api-flask-resource-write'])
 def create():
-    identity = _extract_identity()
-    logger.info(f'Called by {identity[1]} ({identity[0]}')
+    (client_id, name) = _extract_identity()
+    logger.info(f'Called by {name} ({client_id}')
     try:
         json_body = request.get_json()
         if not json_body:
             return {'message': 'No input data provided'}, 400
         body = resource_schema.load(request.get_json())
     except ValidationError as ve:
         return ve.messages, 422
-    resource = Resource(owner=identity[0], name=body['name'])
+
+    #
+    # Check if we have a resource with the same name and owner already
+
+    resource = Resource.query\
+        .filter(Resource.name == body['name'] and Resource.owner.client_id == client_id)\
+        .one_or_none()
+    if resource is not None:
+        return {'status': 409,
+                'message': f'A resource with the same name and owner already exists with id {resource.id}'}, 409
+
+    #
+    # Look up the owner and create one if necessary
+
+    owner = Owner.query.filter(Owner.client_id == client_id).one_or_none()
+    if owner is None:
+        owner = Owner(client_id=client_id, name=name)
+        db.session.add(owner)
+
+    resource = Resource(owner=owner, name=body['name'])
     db.session.add(resource)
     db.session.commit()
     return resource_schema.dump(resource), 201
@@ -81,14 +101,17 @@ def create():
 @bp.route('/<i>', methods=['PUT'])
 @oidc.accept_token(require_token=True, scopes_required=['mrmat-python-api-flask-resource-write'])
 def modify(i: int):
-    identity = _extract_identity()
-    logger.info(f'Called by {identity[1]} ({identity[0]}')
+    (client_id, name) = _extract_identity()
+    logger.info(f'Called by {name} ({client_id}')
     body = resource_schema.load(request.get_json())
-    resource = Resource.query.filter(Resource.id == i).one()
+
+    resource = Resource.query.filter(Resource.id == i).one_or_none()
     if resource is None:
         return {'status': 404, 'message': 'Unable to find requested resource'}, 404
-    resource.owner = identity[0]
+    if resource.owner.client_id != client_id:
+        return { 'status': 401, 'message': 'You do not own this resource'}, 401
     resource.name = body['name']
+
     db.session.add(resource)
     db.session.commit()
     return resource_schema.dump(resource), 200
@@ -97,11 +120,15 @@ def modify(i: int):
 @bp.route('/<i>', methods=['DELETE'])
 @oidc.accept_token(require_token=True, scopes_required=['mrmat-python-api-flask-resource-write'])
 def remove(i: int):
-    identity = _extract_identity()
-    logger.info(f'Called by {identity[1]} ({identity[0]}')
-    resource = Resource.query.filter(Resource.id == i).one()
+    (client_id, name) = _extract_identity()
+    logger.info(f'Called by {name} ({client_id}')
+
+    resource = Resource.query.filter(Resource.id == i).one_or_none()
     if resource is None:
         return {'status': 410, 'message': 'Unable to find requested resource'}, 410
+    if resource.owner.client_id != client_id:
+        return { 'status': 401, 'message': 'You do not own this resource'}, 401
+
     db.session.delete(resource)
     db.session.commit()
     return {}, 204

migrations/versions/d11062fbec93_owners_and_resources.py

@@ -23,33 +23,51 @@
 """Resource API SQLAlchemy model
 """
 
-from sqlalchemy import Column, Integer, String
+from sqlalchemy import ForeignKey, Column, Integer, String, UniqueConstraint, BigInteger
+from sqlalchemy.orm import relationship
 from marshmallow import fields
 
 from mrmat_python_api_flask import db, ma
 
 
+class Owner(db.Model):
+    __tablename__ = 'owners'
+    id = Column(BigInteger().with_variant(Integer, 'sqlite'), primary_key=True)
+    client_id = Column(String(255), nullable=False, unique=True)
+    name = Column(String(255), nullable=False)
+    resources = relationship('Resource', back_populates='owner')
+
+
 class Resource(db.Model):
     __tablename__ = 'resources'
-    id = Column(Integer, primary_key=True)
-    owner = Column(String(50))
-    # TODO: Should have unique constraint on name
-    name = Column(String(50))
+    id = Column(BigInteger().with_variant(Integer, 'sqlite'), primary_key=True)
+    owner_id = Column(Integer, ForeignKey('owners.id'), nullable=False)
+    name = Column(String(255), nullable=False)
+
+    owner = relationship('Owner', back_populates='resources')
+    UniqueConstraint('owner_id', 'name', name='no_duplicate_names_per_owner')
+
 
-    def __init__(self, owner=None, name=None):
-        self.owner = owner
-        self.name = name
+class OwnerSchema(ma.Schema):
+    class Meta:
+        fields = ('id', 'client_id', 'name')
+
+    id = fields.Int(dump_only=True)
+    client_id = fields.Str(dump_only=True)
+    name = fields.Str()
 
 
 class ResourceSchema(ma.Schema):
     class Meta:
-        # Fields to expose
         fields = ('id', 'owner', 'name')
 
     id = fields.Int()
+    owner_id = fields.Int(load_only=True)
+    owner = fields.Nested(lambda: OwnerSchema(), dump_only=True)
     name = fields.Str()
-    owner = fields.Str()
 
 
+owner_schema = OwnerSchema()
+owners_schema = OwnerSchema(many=True)
 resource_schema = ResourceSchema()
 resources_schema = ResourceSchema(many=True)

mrmat_python_api_flask/__init__.py

@@ -4,7 +4,7 @@
 
 [pytest]
 testpaths = tests
-addopts = --cov=mrmat_python_api_flask --cov-report=term --cov-report=xml:build/coverage.xml --junit-xml=build/junit.xml
+#addopts = --cov=mrmat_python_api_flask --cov-report=term --cov-report=xml:build/coverage.xml --junit-xml=build/junit.xml
 junit_family = xunit2
 log_cli = 1
 log_cli_level = INFO