Implement info pages with different access conditions

Fixes #1246

Author: bkis

Tekst-API/openapi.json

@@ -2698,6 +2698,14 @@
         ],
         "summary": "Get segment",
         "operationId": "getSegment",
+        "security": [
+          {
+            "APIKeyCookie": []
+          },
+          {
+            "OAuth2PasswordBearer": []
+          }
+        ],
         "parameters": [
           {
             "name": "id",
@@ -9951,6 +9959,17 @@
             "$ref": "#/components/schemas/TranslationLocaleKey",
             "description": "Locale indicating the translation language of this segment"
           },
+          "restriction": {
+            "type": "string",
+            "enum": [
+              "none",
+              "user",
+              "superuser"
+            ],
+            "title": "Restriction",
+            "description": "Whether access is unrestricted or restricted to superusers or users",
+            "default": "none"
+          },
           "title": {
             "type": "string",
             "maxLength": 32,
@@ -10044,6 +10063,17 @@
             "$ref": "#/components/schemas/TranslationLocaleKey",
             "description": "Locale indicating the translation language of this segment"
           },
+          "restriction": {
+            "type": "string",
+            "enum": [
+              "none",
+              "user",
+              "superuser"
+            ],
+            "title": "Restriction",
+            "description": "Whether access is unrestricted or restricted to superusers or users",
+            "default": "none"
+          },
           "title": {
             "type": "string",
             "maxLength": 32,
@@ -10117,6 +10147,24 @@
             "description": "Locale indicating the translation language of this segment",
             "optionalNullable": false
           },
+          "restriction": {
+            "anyOf": [
+              {
+                "type": "string",
+                "enum": [
+                  "none",
+                  "user",
+                  "superuser"
+                ]
+              },
+              {
+                "type": "null"
+              }
+            ],
+            "title": "Restriction",
+            "description": "Whether access is unrestricted or restricted to superusers or users",
+            "optionalNullable": false
+          },
           "title": {
             "anyOf": [
               {

Tekst-API/tekst/models/segment.py

@@ -39,6 +39,14 @@ class ClientSegment(ModelBase, ModelFactoryMixin):
             description="Locale indicating the translation language of this segment",
         ),
     ]
+    restriction: Annotated[
+        Literal["none", "user", "superuser"],
+        Field(
+            description=(
+                "Whether access is unrestricted or restricted to superusers or users"
+            ),
+        ),
+    ] = "none"
     title: Annotated[
         ConStr(
             max_length=32,

Tekst-API/tekst/platform.py

@@ -1,17 +1,21 @@
+from collections.abc import Mapping
 from datetime import UTC, datetime, timedelta
 from os.path import realpath
 from pathlib import Path
 
-from beanie.operators import LT
+from beanie.operators import GTE, LT, Eq, In, Or
 from bson import json_util
 
 from tekst import db, search
 from tekst.auth import AccessTokenDocument, create_initial_superuser
 from tekst.config import TekstConfig, get_config
 from tekst.db import migrations
 from tekst.logs import log, log_op_end, log_op_start
+from tekst.models.common import PydanticObjectId
 from tekst.models.message import UserMessageDocument
 from tekst.models.platform import PlatformStateDocument
+from tekst.models.segment import ClientSegmentDocument, ClientSegmentHead
+from tekst.models.user import UserDocument
 from tekst.resources import call_resource_precompute_hooks
 from tekst.state import get_state, update_state
 
@@ -119,3 +123,61 @@ async def cleanup_task(cfg: TekstConfig = get_config()) -> dict[str, float]:
     return {
         "took": round(log_op_end(op_id), 2),
     }
+
+
+async def _get_segment_restriction_queries(
+    user: UserDocument | None = None,
+) -> tuple[Mapping]:
+    if user is None:
+        return (In(ClientSegmentDocument.restriction, ["none", None]),)
+    if user.is_superuser:
+        return tuple()
+    return (In(ClientSegmentDocument.restriction, ["none", "user"]),)
+
+
+async def get_segment(
+    *,
+    segment_id: PydanticObjectId | None = None,
+    user: UserDocument | None = None,
+) -> ClientSegmentDocument | None:
+    return await ClientSegmentDocument.find_one(
+        Eq(ClientSegmentDocument.id, segment_id),
+        *(await _get_segment_restriction_queries(user)),
+    )
+
+
+async def get_segments(
+    *,
+    system: bool | None = None,
+    user: UserDocument | None = None,
+    head_projection: bool = False,
+) -> list[ClientSegmentDocument]:
+    system_segments_queries = (
+        tuple()
+        if system is None
+        else (
+            GTE(ClientSegmentDocument.key, "system"),
+            LT(ClientSegmentDocument.key, "systen"),
+        )
+        if system
+        else (
+            Or(
+                LT(ClientSegmentDocument.key, "system"),
+                GTE(ClientSegmentDocument.key, "systen"),
+            ),
+        )
+    )
+    if not head_projection:
+        return await ClientSegmentDocument.find(
+            *system_segments_queries,
+            *(await _get_segment_restriction_queries(user)),
+        ).to_list()
+    else:
+        return (
+            await ClientSegmentDocument.find(
+                *system_segments_queries,
+                *(await _get_segment_restriction_queries(user)),
+            )
+            .project(ClientSegmentHead)
+            .to_list()
+        )

Tekst-API/tekst/routers/platform.py

@@ -2,13 +2,13 @@
 from typing import Annotated
 
 from beanie import PydanticObjectId
-from beanie.operators import GTE, LT, NotIn, Or
+from beanie.operators import NotIn
 from fastapi import APIRouter, Header, Path, Query, status
 from fastapi.responses import FileResponse
 from humps import camelize
 from starlette.background import BackgroundTask
 
-from tekst import errors, tasks
+from tekst import errors, platform, tasks
 from tekst.auth import OptionalUserDep, SuperuserDep
 from tekst.config import ConfigDep
 from tekst.models.platform import (
@@ -22,12 +22,10 @@
 from tekst.models.segment import (
     ClientSegmentCreate,
     ClientSegmentDocument,
-    ClientSegmentHead,
     ClientSegmentRead,
     ClientSegmentUpdate,
 )
 from tekst.models.user import UserDocument
-from tekst.platform import cleanup_task
 from tekst.routers.texts import get_all_texts
 from tekst.state import get_state, update_state
 
@@ -43,26 +41,26 @@
     response_model=PlatformData,
     status_code=status.HTTP_200_OK,
 )
-async def get_platform_data(ou: OptionalUserDep, cfg: ConfigDep) -> PlatformData:
+async def get_platform_data(
+    ou: OptionalUserDep,
+    cfg: ConfigDep,
+) -> PlatformData:
     """Returns data about the platform and its configuration"""
     return PlatformData(
         texts=await get_all_texts(ou),
         state=await get_state(),
         security=PlatformSecurityInfo(),
         # find segments with keys starting with "system"
-        system_segments=await ClientSegmentDocument.find(
-            GTE(ClientSegmentDocument.key, "system"),
-            LT(ClientSegmentDocument.key, "systen"),
-        ).to_list(),
+        system_segments=await platform.get_segments(
+            system=True,
+            user=ou,
+        ),
         # find segments with keys not starting with "system"
-        info_segments=await ClientSegmentDocument.find(
-            Or(
-                LT(ClientSegmentDocument.key, "system"),
-                GTE(ClientSegmentDocument.key, "systen"),
-            )
-        )
-        .project(ClientSegmentHead)
-        .to_list(),
+        info_segments=await platform.get_segments(
+            system=False,
+            user=ou,
+            head_projection=True,
+        ),
         tekst=camelize(cfg.tekst),
     )
 
@@ -124,9 +122,10 @@ async def update_platform_state(
     ),
 )
 async def get_segment(
+    ou: OptionalUserDep,
     segment_id: Annotated[PydanticObjectId, Path(alias="id")],
 ) -> ClientSegmentDocument:
-    segment = await ClientSegmentDocument.get(segment_id)
+    segment = await platform.get_segment(segment_id=segment_id, user=ou)
     if not segment:
         raise errors.E_404_SEGMENT_NOT_FOUND
     return segment
@@ -353,7 +352,7 @@ async def delete_task(
 )
 async def run_platform_cleanup(su: SuperuserDep) -> tasks.TaskDocument:
     return await tasks.create_task(
-        cleanup_task,
+        platform.cleanup_task,
         tasks.TaskType.PLATFORM_CLEANUP,
         target_id=tasks.TaskType.PLATFORM_CLEANUP.value,
         user_id=su.id,

Tekst-API/tests/conftest.py

@@ -148,6 +148,7 @@ async def _insert_test_data(*collections: str) -> dict[str, list[str]]:
             "state",
             "texts",
             "users",
+            "segments",
         ]
         for collection in collections:
             test_data = get_test_data(f"collections/{collection}.json")

Tekst-API/tests/test_api_platform.py

@@ -13,7 +13,9 @@
 async def test_platform_data(
     test_client: AsyncClient,
     assert_status,
+    insert_test_data,
 ):
+    await insert_test_data()
     resp = await test_client.get("/platform")
     assert_status(200, resp)
     assert resp.json()["tekst"]["version"] == package_metadata["version"]
@@ -23,21 +25,31 @@ async def test_platform_data(
 async def test_web_init_data(
     test_client: AsyncClient,
     assert_status,
+    insert_test_data,
     login,
 ):
+    await insert_test_data()
     # anonymous
     resp = await test_client.get("/platform/web-init")
     assert_status(200, resp)
     assert "platform" in resp.json()
     assert "user" in resp.json()
     assert resp.json()["user"] is None
-
+    assert len(resp.json()["platform"]["infoSegments"]) == 2
     # logged in
     await login()
     resp = await test_client.get("/platform/web-init")
     assert_status(200, resp)
     assert "user" in resp.json()
     assert resp.json()["user"] is not None
+    assert len(resp.json()["platform"]["infoSegments"]) == 4
+    # logged in as admin
+    await login(is_superuser=True)
+    resp = await test_client.get("/platform/web-init")
+    assert_status(200, resp)
+    assert "user" in resp.json()
+    assert resp.json()["user"] is not None
+    assert len(resp.json()["platform"]["infoSegments"]) == 6
 
 
 @pytest.mark.anyio

Tekst-API/tests/test_data/collections/segments.json

@@ -0,0 +1,65 @@
+[
+  {
+    "_id": { "$oid": "68ecc8434d8f8e6fb2ba0cfc" },
+    "key": "info_page",
+    "editor_mode": "wysiwyg",
+    "locale": "enUS",
+    "restriction": "none",
+    "title": "Public Info Page",
+    "html": "<h1>A public info page</h1><p>This is a public info page</p>"
+  },
+  {
+    "_id": { "$oid": "68ecc8b04d8f8e6fb2ba0cfd" },
+    "key": "info_page",
+    "editor_mode": "wysiwyg",
+    "locale": "deDE",
+    "restriction": "none",
+    "title": "Öffentliche Info-Seite",
+    "html": "<h1>Eine öffentliche Info-Seite</h1><p>Die ist eine öffentliche Info-Seite</p>"
+  },
+  {
+    "_id": { "$oid": "68ecc8ef4d8f8e6fb2ba0cfe" },
+    "key": "user_info_page",
+    "editor_mode": "wysiwyg",
+    "locale": "enUS",
+    "restriction": "user",
+    "title": "User Info Page",
+    "html": "<h1>A user info page</h1><p>This is a user info page.</p><p></p>"
+  },
+  {
+    "_id": { "$oid": "68ecc9404d8f8e6fb2ba0cff" },
+    "key": "user_info_page",
+    "editor_mode": "wysiwyg",
+    "locale": "deDE",
+    "restriction": "user",
+    "title": "Benutzer*innen Info-Seite",
+    "html": "<h1>Eine Benutzer*innen Info-Seite</h1><p>Dies ist eine Benutzer*innen Info-Seite</p><p></p>"
+  },
+  {
+    "_id": { "$oid": "68eccec34d8f8e6fb2ba0d00" },
+    "key": "admin_info_page",
+    "editor_mode": "wysiwyg",
+    "locale": "enUS",
+    "restriction": "superuser",
+    "title": "Admin info page",
+    "html": "<h1>Admin Info Page</h1><p>This is an admin info page.</p><p></p>"
+  },
+  {
+    "_id": { "$oid": "68eccf0c4d8f8e6fb2ba0d01" },
+    "key": "admin_info_page",
+    "editor_mode": "wysiwyg",
+    "locale": "deDE",
+    "restriction": "superuser",
+    "title": "Administrator*innen Info-Seite",
+    "html": "<h1>Administrator*innen Info-Seite</h1><p>Dies ist eine Administrator*innen Info-Seite</p>"
+  },
+  {
+    "_id": { "$oid": "68ecd61d4d8f8e6fb2ba0d02" },
+    "key": "systemSiteNotice",
+    "editor_mode": "wysiwyg",
+    "locale": "*",
+    "restriction": "none",
+    "title": "Site Notice",
+    "html": "<h1>Site Notice</h1><p>This could be a site notice.</p>"
+  }
+]

Tekst-Web/i18n/ui/deDE.yml

@@ -854,6 +854,11 @@ admin:
       systemSiteNotice: Impressum
       systemPrivacyPolicy: Datenschutzerklärung
       systemRegisterIntro: Einführungstext auf "Registrieren"-Seite
+    restriction:
+      showTo: Anzeigen für
+      none: Alle, auch Besucher*innen
+      user: Nur registrierte Nutzer*innen
+      superuser: Nur Administrator*innen
     noSegment: Bitte wählen Sie ein Segment aus oder erstellen Sie ein neues!
     newSegment: Neues Segment
     phSelectSegment: Segment auswählen