Add pagination to user/resources (#601)

* Add pagination to `my resources`

* Add backwards compatibility

Author: PGijsbers

src/routers/user_router.py

@@ -5,6 +5,7 @@
 from sqlalchemy import select
 from sqlmodel import Session
 
+from dependencies.pagination import PaginationParams
 from routers.resource_routers import versioned_routers
 from authentication import KeycloakUser, get_user_or_raise
 from database.authorization import Permission, PermissionType
@@ -32,17 +33,34 @@ def create(url_prefix: str, version: Version) -> APIRouter:
         },
     )
 
+    resources_for_user_description = "Return all assets for which you have administrator rights."
+    if version == Version.V2:
+        resources_for_user_description += (
+            " For backwards compatibility reasons, if `limit=10` no limit is applied."
+            " In V3 and later, the default limit of 10 is respected."
+        )
+
     @router.get(
         f"/user/resources",
+        description=resources_for_user_description,
         tags=["User"],
-        description="Return all assets for which you have administrator rights",
         response_model=Catalogue,
     )
     def get_versioned_resources_for_user(
+        pagination: PaginationParams,
         user: KeycloakUser = Depends(get_user_or_raise),
         session: Session = Depends(get_session),
     ) -> dict[str, list[AIoDConcept]]:
-        resources = _get_resources_for_user(user, session)
+        limit: int | None = pagination.limit
+        if limit == 10 and version == Version.V2:
+            limit = None
+
+        resources = _get_resources_for_user(
+            user,
+            session,
+            offset=pagination.offset,
+            limit=limit,
+        )
         orm_to_read = {
             r.resource_class.__tablename__: r.orm_to_read
             for r in versioned_routers.get(version, [])
@@ -55,7 +73,13 @@ def get_versioned_resources_for_user(
     return router
 
 
-def _get_resources_for_user(user: KeycloakUser, session: Session) -> dict[str, list[AIoDConcept]]:
+def _get_resources_for_user(
+    user: KeycloakUser,
+    session: Session,
+    *,
+    offset: int = 0,
+    limit: int | None = None,
+) -> dict[str, list[AIoDConcept]]:
     # "Ownership" is currently equivalent to having ADMIN permissions
     stmt = (
         select(AIoDEntryORM)
@@ -64,7 +88,10 @@ def _get_resources_for_user(user: KeycloakUser, session: Session) -> dict[str, l
             Permission.user_identifier == user._subject_identifier,
             Permission.type_ == PermissionType.ADMIN,
         )
+        .offset(offset)
     )
+    if limit:
+        stmt = stmt.limit(limit)
     entries = session.scalars(stmt).all()
     assets_to_fetch = [entry.identifier for entry in entries]
     # We have AIoD entries, but want their respective asset information (e.g. publication).

src/tests/test_user_endpoints.py

@@ -1,6 +1,7 @@
 from http import HTTPStatus
 from typing import Callable
 
+import pytest
 from starlette.testclient import TestClient
 
 from database.authorization import set_permission, PermissionType, register_user
@@ -10,6 +11,7 @@
 from database.model.agent.organisation import Organisation
 from tests.testutils.users import register_asset, logged_in_user, ALICE, BOB
 from tests.testutils.default_instances import publication_factory, publication
+from versioning import Version
 
 
 def test_my_resources_can_be_empty(client: TestClient) -> None:
@@ -98,3 +100,48 @@ def test_my_resources_counts_only_if_admin(client: TestClient, publication_facto
 def test_my_resources_must_be_authorized(client: TestClient) -> None:
     response = client.get("/user/resources")
     assert response.status_code == HTTPStatus.UNAUTHORIZED
+
+
+def test_my_resources_paginates(client: TestClient, publication_factory: Publication) -> None:
+    register_asset(publication_factory(), owner=ALICE, status=EntryStatus.PUBLISHED)
+    register_asset(publication_factory(), owner=ALICE, status=EntryStatus.PUBLISHED)
+    register_asset(publication_factory(), owner=ALICE, status=EntryStatus.PUBLISHED)
+
+    with logged_in_user(ALICE):
+        response = client.get("/user/resources?limit=2", headers={"Authorization": "fake token"})
+        assert response.status_code == HTTPStatus.OK
+        assert len(response.json()["publication"]) == 2, "Set limit should be respected"
+
+        first_asset = response.json()["publication"][0]["identifier"]
+
+        response = client.get("/user/resources?offset=1", headers={"Authorization": "fake token"})
+        assert response.status_code == HTTPStatus.OK
+        assert len(response.json()["publication"]) == 2, "Using an offset can reduce the amount of returned results."
+        msg = "Increasing offset should lead to different assets."
+        assert first_asset not in [pub["identifier"] for pub in response.json()["publication"]], msg
+
+        response = client.get("/user/resources?offset=1&limit=1", headers={"Authorization": "fake token"})
+        assert response.status_code == HTTPStatus.OK
+        assert len(response.json()["publication"]) == 1, "Offset and limit should be able to be used together."
+
+
+@pytest.mark.versions(Version.V2)
+def test_my_resources_no_limit_default_in_v2(client: TestClient, publication_factory: Publication) -> None:
+    for _ in range(11):  # The default pagination limit is 10
+        register_asset(publication_factory(), owner=ALICE, status=EntryStatus.PUBLISHED)
+
+    with logged_in_user(ALICE):
+        response = client.get("/user/resources", headers={"Authorization": "fake token"})
+        assert response.status_code == HTTPStatus.OK
+        assert len(response.json()["publication"]) == 11
+
+
+@pytest.mark.versions(Version.LATEST)
+def test_my_resources_limit_default_in_latest(client: TestClient, publication_factory: Publication) -> None:
+    for _ in range(11):  # The default pagination limit is 10
+        register_asset(publication_factory(), owner=ALICE, status=EntryStatus.PUBLISHED)
+
+    with logged_in_user(ALICE):
+        response = client.get("/user/resources", headers={"Authorization": "fake token"})
+        assert response.status_code == HTTPStatus.OK
+        assert len(response.json()["publication"]) == 10, "Set limit should be respected"