Add DraftRetrieveApi

To do this functions related to Prefixes and the associated permissions were created

Changes to be committed:
	modified:   biocompute/apis.py
	modified:   biocompute/models.py
	modified:   biocompute/selectors.py
	modified:   biocompute/services.py
	modified:   biocompute/urls.py
	modified:   config/asgi.py
	modified:   config/fixtures/local_data.json
	modified:   config/services.py
	modified:   config/urls.py
	modified:   prefix/selectors.py
	modified:   prefix/services.py
	deleted:    test.json
	modified:   tests/fixtures/example_bco.py
	modified:   tests/fixtures/test_data.json
	deleted:    token.json

Author: HadleyKing

biocompute/apis.py

@@ -6,6 +6,7 @@
 
 from drf_yasg import openapi
 from drf_yasg.utils import swagger_auto_schema
+from django.conf import settings
 from django.db import utils
 from rest_framework.views import APIView
 from rest_framework import status
@@ -14,6 +15,11 @@
 from tests.fixtures.example_bco import BCO_000001
 from config.services import legacy_api_converter, response_constructor
 from biocompute.services import BcoDraftSerializer
+from biocompute.selectors import retrieve_bco
+from prefix.selectors import user_can_draft
+
+
+hostname = settings.PUBLIC_HOSTNAME
 
 BCO_DRAFT_SCHEMA = openapi.Schema(
         type=openapi.TYPE_ARRAY,
@@ -25,22 +31,17 @@
                 "object_id": openapi.Schema(
                     type=openapi.TYPE_STRING,
                     description="BCO Object ID.",
-                    example="https://biocomputeobject.org/TEST_000001"
+                    example=f"{hostname}/TEST_000001/DRAFT"
                 ),
                 "prefix": openapi.Schema(
                     type=openapi.TYPE_STRING,
                     description="BCO Prefix to use",
-                    example="BCO"
+                    example="TEST"
                 ),
                 "authorized_users": openapi.Schema(
                     type=openapi.TYPE_ARRAY,
                     description="Users which can access the BCO draft.",
-                    items=openapi.Schema(type=openapi.TYPE_STRING, example="None")
-                ),
-                "authorized_groups": openapi.Schema(
-                    type=openapi.TYPE_ARRAY,
-                    description="Group which can access the BCO draft.",
-                    items=openapi.Schema(type=openapi.TYPE_STRING, example="None")
+                    items=openapi.Schema(type=openapi.TYPE_STRING, example="tester")
                 ),
                 "contents": openapi.Schema(
                     type=openapi.TYPE_OBJECT,
@@ -53,14 +54,19 @@
     )
 
 class DraftsCreateApi(APIView):
-    """
-    Create BCO Draft [Bulk Enabled]
+    """Create BCO Draft [Bulk Enabled]
 
-    --------------------
+    API endpoint for creating new BioCompute Object (BCO) drafts, with support
+    for bulk operations.
 
-    Creates a new BCO draft object.
+    This endpoint allows authenticated users to create new BCO drafts
+    individually or in bulk by submitting a list of BCO drafts. The operation
+    can be performed for one or more drafts in a single request. Each draft is
+    validated and processed independently, allowing for mixed response
+    statuses (HTTP_207_MULTI_STATUS) in the case of bulk submissions.
     """
-    
+
+    permission_classes = [IsAuthenticated,]
     request_body = BCO_DRAFT_SCHEMA
 
     @swagger_auto_schema(
@@ -87,6 +93,30 @@ def post(self, request) -> Response:
 
         for index, object in enumerate(data):
             response_id = object.get("object_id", index)
+            bco_prefix = object.get("prefix", index)
+            prefix_permitted = user_can_draft(owner, bco_prefix)
+
+            if prefix_permitted is None:
+                response_data.append(response_constructor(
+                    identifier=response_id,
+                    status = "NOT FOUND",
+                    code= 404,
+                    message= f"Invalid prefix: {bco_prefix}.",
+                ))
+                rejected_requests = True
+                continue
+
+            if prefix_permitted is False:
+                response_data.append(response_constructor(
+                    identifier=response_id,
+                    status = "FORBIDDEN",
+                    code= 400,
+                    message= f"User, {owner}, does not have draft permissions"\
+                        + " for prefix {bco_prefix}.",
+                ))
+                rejected_requests = True
+                continue
+            
             bco = BcoDraftSerializer(data=object, context={'request': request})
 
             if bco.is_valid():
@@ -135,3 +165,49 @@ def post(self, request) -> Response:
                 status=status.HTTP_200_OK,
                 data=response_data
             )
+
+class DraftRetrieveApi(APIView):
+    """Get a draft object
+
+    API View to Retrieve a Draft Object
+
+    This view allows authenticated users to retrieve the contents of a specific draft object
+    identified by its BioCompute Object (BCO) accession number. The operation ensures that
+    only users with appropriate permissions can access the draft contents.
+
+    Parameters:
+    - bco_accession (str): A string parameter passed in the URL path that uniquely identifies
+      the draft object to be retrieved.
+    """
+
+    @swagger_auto_schema(
+        manual_parameters=[
+            openapi.Parameter(
+                "bco_accession",
+                openapi.IN_PATH,
+                description="Object ID to be viewed.",
+                type=openapi.TYPE_STRING,
+                default="BCO_000000"
+            )
+        ],
+        responses={
+            200: "Success. Object contents returned",
+            401: "Authentication credentials were not provided, or"
+                " the token was invalid.",
+            403: "Forbidden. The requestor does not have appropriate permissions.",
+            404: "Not found. That draft could not be found on the server."
+        },
+        tags=["BCO Management"],
+    )
+
+    def get(self, request, bco_accession):
+        requester = request.user
+        print(requester)
+        bco_instance = retrieve_bco(bco_accession, requester)
+        if bco_instance is False:
+            return Response(
+                status=status.HTTP_403_FORBIDDEN,
+                data={"message": f"User, {requester}, does not have draft permissions"\
+                        + f" for {bco_accession}."})
+        else:
+            return Response(status=status.HTTP_200_OK, data=bco_instance.contents)

biocompute/models.py

@@ -31,8 +31,6 @@ class Bco(models.Model):
         String representing the django.contrib.auth.models.User that 'owns' the object
     authorized_users: ManyToManyField(User)
         String representing the User that has access to the object
-    authorized_group: ManyToManyField(Group)
-        String representing the Group that has access to the object
     prefix: str
         Prefix for the BCO
     state:str
@@ -58,7 +56,6 @@ class Bco(models.Model):
         related_name="authorized_bcos",
         blank=True
     )
-    authorized_groups = models.ManyToManyField(Group,blank=True)
     state = models.CharField(max_length=20, choices=STATE_CHOICES, default="DRAFT")
     last_update = models.DateTimeField()
     access_count = models.IntegerField(default=0)

biocompute/selectors.py

@@ -0,0 +1,44 @@
+# biocompute/selectors.py
+
+"""BioCompute Selectors
+
+Functions to query the database related to BioCompute Objects
+"""
+
+from django.conf import settings
+from django.contrib.auth. models import User
+from biocompute.models import Bco
+from prefix.selectors import user_can_view
+
+def retrieve_bco(bco_accession: str, user: User) -> bool:
+    """Retrieve BCO
+
+    Determines if a user can view a specific BioCompute Object (BCO).
+
+    This function checks whether a given user has the permission to view a BCO 
+    identified by its accession number. It performs several checks:
+    
+    1. Verifies if the BCO exists. If not, returns `None`.
+    2. Checks if the user is explicitly authorized to view this specific BCO.
+    3. If not directly authorized, it then checks if the user has general 'view' permissions
+       for the prefix associated with the BCO.
+
+    """
+
+    hostname = settings.PUBLIC_HOSTNAME
+    object_id = f"{hostname}/{bco_accession}/DRAFT"
+    prefix_name = bco_accession.split("_")[0]
+
+    try:
+        bco_instance = Bco.objects.get(object_id=object_id)
+    except Bco.DoesNotExist:
+        return None
+    
+    if user in bco_instance.authorized_users.all():
+        return bco_instance
+    
+    view_permission = user_can_view(prefix_name, user)
+    if view_permission is False:
+        return False
+
+    return bco_instance