Update permissions and Swagger documentation

Fix #174
Changes to be committed:
	modified:   api/views.py
	modified:   search/apis.py
	modified:   search/selectors.py

Author: HadleyKing

api/views.py

@@ -1053,7 +1053,10 @@ class ApiObjectsSearch(APIView):
     
     Shell
     ```shell
-    curl -X POST "http://localhost:8000/api/objects/search/" -H  "accept: application/json" -H  "Authorization: Token ${token}" -H  "Content-Type: application/json" -d "{\"POST_api_objects_search\":[{\"type\": \"prefix\",\"search\": \"TEST\"}]}"
+    curl -X POST "http://localhost:8000/api/objects/search/" -H  "accept: 
+    application/json" -H  "Authorization: Token ${token}" -H  "Content-Type:
+    application/json" -d "{\"POST_api_objects_search\":
+    [{\"type\": \"prefix\",\"search\": \"TEST\"}]}"
     ```
 
     JavaScript

search/apis.py

@@ -18,12 +18,17 @@ class SearchObjectsAPI(APIView):
     -------------------
 
     Endpoint for use of query string based search.
+    Four parameters are defined by this API: 
+    1. contents: Search in the contents of the BCO
+    2. prefix: BCO Prefix to search
+    3. owner_user: Search by BCO owner
+    4. object_id: BCO object_id to search for
+
+    Shell
+    ```shell
+    curl -X GET "http://localhost:8000/api/objects/?contents=review&prefix=BCO&owner_user=bco_api_user&object_id=DRAFT" -H  "accept: application/json"
+    ```
     """
-    
-    #TODO: multiple values in the URL will only return the last one.
-    
-    authentication_classes = [CustomJSONWebTokenAuthentication]
-    permission_classes = [AllowAny,]
 
     auth = openapi.Parameter('test', openapi.IN_QUERY, description="test manual param", type=openapi.TYPE_BOOLEAN)
 
@@ -39,12 +44,12 @@ class SearchObjectsAPI(APIView):
             description="BCO Prefix to search", 
             type=openapi.TYPE_STRING
           ),
-          openapi.Parameter('owner', 
+          openapi.Parameter('owner_user', 
             openapi.IN_QUERY,
             description="Search by BCO owner", 
             type=openapi.TYPE_STRING
           ),
-          openapi.Parameter('bco_id', 
+          openapi.Parameter('object_id', 
             openapi.IN_QUERY,
             description="BCO object_id to search for", 
             type=openapi.TYPE_STRING
@@ -69,12 +74,15 @@ def get(self, request) -> Response:
           "state",
         ]
 
-        search = self.request.GET
-        print(request.user.username)
+        search = dict(self.request.GET)
         result = controled_list(request.user)
         for query, value in search.items():
-            filter = f'{query}__icontains'
-            result = search_db(filter, value, result)
+            for item in value:
+              if query == 'owner_user':
+                filter = f'{query}'
+              else:
+                filter = f'{query}__icontains'                 
+              result = search_db(filter, item, result)
         search_result = chain(result.values(*return_values))
         return Response(status=status.HTTP_200_OK, data={search_result})
 

search/selectors.py

@@ -1,11 +1,17 @@
 # search/selectors.py
+
+"""Search Selectors
+Set of selector functions to handle searching the BCODB
+"""
+
 from api.models import BCO
 from django.db.models import QuerySet
 from django.db.models.query import QuerySet
 from django.contrib.auth.models import User
 from guardian.shortcuts import get_objects_for_user
 from itertools import chain
 from api.scripts.utilities.UserUtils import UserUtils
+
 return_values = [
           "contents",
           "last_update",
@@ -20,22 +26,30 @@
 
 def search_db(filter:str, value:str, result:QuerySet)-> QuerySet:
     """Search DB
-    Search the BCODB
+    Takes a filter, a value, and a result query set and uses them to return
+    a more refined query set. 
     """
+
     new_result = result.filter(**{filter: value})
+    print(len(result), ': ', len(new_result))
     return new_result
 
-def controled_list(user: User):
+def controled_list(user: User) -> QuerySet:
+    """User Controlled List
+    Takes a User object and returns a list of accessable BCOs based on their
+    permissions.
+    """
+
     prefix_list = []
     results_list = BCO.objects.none()
     raw_prefixes = UserUtils().prefix_perms_for_user(user_object=user)
     for prefix in raw_prefixes :
         pre = prefix.split("_")[1]
         if pre not in prefix_list and pre is not "prefix":
             prefix_list.append(pre)
-    
+
     for prefix in prefix_list:
-        if user.username == "AnonymousUser":
+        if user.username == "AnonymousUser" or user.username == "":
             bco_list = BCO.objects.filter(prefix=prefix).values().exclude(state="DELETE").exclude(state="DRAFT")
         else:
             bco_list = BCO.objects.filter(prefix=prefix).values().exclude(state="DELETE")