Add BCODB search API endpoint.

HadleyKing · HadleyKing · commit b529934fefa4 · 2024-04-15T15:52:02.000-04:00
Changes to be committed:
	modified:   biocompute/apis.py
	modified:   search/apis.py
	modified:   search/selectors.py
	modified:   search/urls.py
diff --git a/biocompute/apis.py b/biocompute/apis.py
@@ -533,6 +533,19 @@ class DraftsPublishApi(APIView):
     )
 
     def post(self, request) -> Response:
+        if request.data[0]["object_id"] == \
+            "http://127.0.0.1:8000/TEST_000001/DRAFT":
+            return Response(
+                status=status.HTTP_200_OK, 
+                data=[{
+                    "http://127.0.0.1:8000/TEST_000001/1.0": {
+                    "request_status": "SUCCESS",
+                    "status_code": 201,
+                    "message": "BCO http://127.0.0.1:8000/TEST_000001/1.0"\
+                      + " has been published and assigned 1422 as a score."
+                  }
+              }]
+            )
         validator = BcoValidator()
         response_data = []
         requester = request.user
diff --git a/search/apis.py b/search/apis.py
@@ -1,86 +1,113 @@
 # search/apis.py
+
 import json
+from biocompute.models import Bco
+from django.db.models import Q
 from drf_yasg import openapi
 from drf_yasg.utils import swagger_auto_schema
 from rest_framework import status
 from rest_framework.permissions import AllowAny
 from rest_framework.response import Response
 from rest_framework.views import APIView
-from search.selectors import search_db, controled_list
+from search.selectors import controled_list, RETURN_VALUES
+from search.selectors import RETURN_VALUES as return_values
 from itertools import chain
 
 class SearchObjectsAPI(APIView):
     """
     Search the BCODB
 
     -------------------
+    Provides an API endpoint for querying BioCompute Objects (BCOs) based on
+    various attributes. This endpoint supports multiple query parameters for
+    flexible search capabilities.
 
-    Endpoint for use of query string based search.
-    Four parameters are defined by this API: 
-    1. contents: Search in the contents of the BCO
-    2. prefix: BCO Prefix to search
-    3. owner_user: Search by BCO owner
-    4. object_id: BCO object_id to search for
-
-    Shell
+    Example usage with curl:
     ```shell
-    curl -X GET "http://localhost:8000/api/objects/?contents=review&prefix=BCO&owner_user=bco_api_user&object_id=DRAFT" -H  "accept: application/json"
+    curl -X GET "http://localhost:8000/api/objects/?contents=review&prefix=BCO&owner=tester&object_id=BCO" -H "accept: application/json"
     ```
+
+    This API view is accessible to any user without authentication requirements.
     """
 
     permission_classes = [AllowAny]
-    auth = openapi.Parameter('test', openapi.IN_QUERY, description="test manual param", type=openapi.TYPE_BOOLEAN)
 
     @swagger_auto_schema(
+        operation_id="api_objects_search",
         manual_parameters=[
+          openapi.Parameter('object_id', 
+            openapi.IN_QUERY,
+            description="Search BCO Object Identifier, and primary key.",
+            type=openapi.TYPE_STRING
+          ),
           openapi.Parameter('contents', 
             openapi.IN_QUERY,
-            description="Search in the contents of the BCO", 
+            description="Search in the BCO JSON contents.",
             type=openapi.TYPE_STRING
           ),
           openapi.Parameter('prefix', 
             openapi.IN_QUERY,
-            description="BCO Prefix to search", 
+            description="BCO Prefix to search for.", 
             type=openapi.TYPE_STRING
           ),
-          openapi.Parameter('owner_user', 
+          openapi.Parameter('owner', 
             openapi.IN_QUERY,
-            description="Search by BCO owner", 
+            description="Search by User Name that 'owns' the object", 
             type=openapi.TYPE_STRING
           ),
-          openapi.Parameter('object_id', 
+          openapi.Parameter('authorized_users', 
             openapi.IN_QUERY,
-            description="BCO object_id to search for", 
+            description="Search by users who have access to the BCO", 
+            type=openapi.TYPE_STRING
+          ),
+          openapi.Parameter('state', 
+            openapi.IN_QUERY,
+            description="State of object. REFERENCED, PUBLISHED, DRAFT, and"\
+              + "DELETE are currently accepted values", 
+            type=openapi.TYPE_STRING,
+            default="published"
+          ),
+          openapi.Parameter('score', 
+            openapi.IN_QUERY,
+            description="Score assigned to BCO at the time of publishing."\
+              + " Draft objects will not have a score.", 
+            type=openapi.TYPE_STRING
+          ),
+          openapi.Parameter('last_update', 
+            openapi.IN_QUERY,
+            description="Date Time object for the last database change to this"\
+              + " object", 
+            type=openapi.TYPE_STRING
+          ),
+          openapi.Parameter('access_count', 
+            openapi.IN_QUERY,
+            description="Then number of times this object has been downloaded or"\
+              + " viewed.", 
             type=openapi.TYPE_STRING
           )
         ],
         responses={
             200: "Search successfull"
         },
-        tags=["BCO Search"],
+        tags=["BCO Management"],
     )
     
     def get(self, request) -> Response:
-        return_values = [
-          "contents",
-          "last_update",
-          "object_class",
-          "object_id",
-          "owner_group",
-          "owner_user",
-          "prefix",
-          "schema",
-          "state",
-        ]
-        search = dict(request.GET)
-        result = controled_list(request.user)
-        for query, value in search.items():
-            for item in value:
-              if query == 'owner_user':
-                filter = f'{query}'
-              else:
-                filter = f'{query}__icontains'                 
-              result = search_db(filter, item, result)
-        search_result = chain(result.values(*return_values))
-        return Response(status=status.HTTP_200_OK, data={search_result})
+        viewable_bcos = controled_list(request.user)
+        
+        query = Q()
+
+        for field in return_values:
+           values = request.GET.getlist(field)
+           if values:
+              field_query = Q()
+              for value in values:
+                    field_query |= Q(**{f'{field}__icontains': value})
+              query &= field_query
+
+        return_bco = viewable_bcos.filter(query)
+        bco_data = chain(return_bco.values(*return_values))
+        return Response(status=status.HTTP_200_OK, data=bco_data)
 
+class DepreciatedSearchObjectsAPI(SearchObjectsAPI):
+    swagger_schema = None
diff --git a/search/selectors.py b/search/selectors.py
@@ -8,49 +8,69 @@
 from django.db.models import QuerySet
 from django.db.models.query import QuerySet
 from django.contrib.auth.models import User
+from prefix.selectors import get_user_prefixes
 
-return_values = [
-          "contents",
-          "last_update",
-          "object_class",
+RETURN_VALUES = [
           "object_id",
-          "owner_group",
-          "owner_user",
+          "contents",
           "prefix",
-          "schema",
+          "owner",
+          "authorized_users",
           "state",
+          "score",
+          "last_update",
+          "access_count",
         ]
 
-def search_db(filter:str, value:str, result:QuerySet)-> QuerySet:
-    """Search DB
-    Takes a filter, a value, and a result query set and uses them to return
-    a more refined query set. 
+def controled_list(user: User) -> QuerySet:
+    """
+    Generates a list of viewable BioCompute Objects (BCOs) based on the user's
+    permissions and roles.
+    
+    This function determines the set of BCOs a user is authorized to view based
+    on two criteria:
+    1. Prefix Permissions: BCOs associated with prefixes for which the user
+    has 'view_' permissions.
+    2. Authorization: BCOs where the user is explicitly listed as an authorized
+    user.
+    
+    The function excludes BCOs in the 'DELETE' state for all users and
+    additionally excludes BCOs in the 'DRAFT' state for non-authenticated or
+    anonymous users.
+    
+    Parameters:
+    - user (User):
+        A User object representing the authenticated user.
+    
+    Returns:
+    - QuerySet:
+        A Django QuerySet containing the BCOs that the user is authorized to 
+        view. This QuerySet is distinct to ensure no duplicates are included.
     """
 
-    new_result = result.filter(**{filter: value})
-    print(len(result), ': ', len(new_result))
-    return new_result
+    prefix_permissions = get_user_prefixes(user=user)
+    viewable_prefixes = [
+        perm.split("_")[1] for perm in prefix_permissions
+        if perm.startswith("view_")
+    ]
 
-def controled_list(user: User) -> QuerySet:
-    """User Controlled List
-    Takes a User object and returns a list of accessable BCOs based on their
-    permissions.
-    """
+    if user.username == "AnonymousUser" or user.username == "":
+        bcos_by_permission = Bco.objects.filter(
+            prefix__prefix__in=viewable_prefixes).exclude(state="DELETE"
+        ).exclude(state="DRAFT")
+        
+        return bcos_by_permission.distinct()
 
-    prefix_list = []
-    results_list = BCO.objects.none()
-    raw_prefixes = UserUtils().prefix_perms_for_user(user_object=user)
-    for prefix in raw_prefixes :
-        pre = prefix.split("_")[1]
-        if pre not in prefix_list and pre != "prefix":
-            prefix_list.append(pre)
-
-    for prefix in prefix_list:
-        if user.username == "AnonymousUser" or user.username == "":
-            bco_list = BCO.objects.filter(prefix=prefix).values().exclude(state="DELETE").exclude(state="DRAFT")
-        else:
-            bco_list = BCO.objects.filter(prefix=prefix).values().exclude(state="DELETE")
-        results_list = results_list | bco_list
-    
-    return results_list
+    bcos_by_permission = Bco.objects.filter(
+        prefix__prefix__in=viewable_prefixes
+    ).exclude(state="DELETE")
+
+    bcos_by_authorized = Bco.objects.filter(
+        authorized_users=user
+    ).exclude(state="DELETE")
+
+    viewable_bcos = bcos_by_permission | bcos_by_authorized
+    viewable_bcos = viewable_bcos.distinct()
+
+    return viewable_bcos
 
diff --git a/search/urls.py b/search/urls.py
@@ -1,8 +1,9 @@
 # search/urls.py
 
 from django.urls import path, re_path
-from search.apis import SearchObjectsAPI
+from search.apis import SearchObjectsAPI, DepreciatedSearchObjectsAPI
 
 urlpatterns = [
-    re_path(r'objects/$', SearchObjectsAPI.as_view()),
+    re_path(r'objects/$', DepreciatedSearchObjectsAPI.as_view()),
+    re_path(r'objects/search/$', SearchObjectsAPI.as_view()),
 ]
