Added 3 basic searches

Changes to be committed:
	modified:   bco_api/api/scripts/method_specific/POST_api_objects_drafts_modify.py
	modified:   bco_api/api/scripts/method_specific/POST_api_objects_search.py
	modified:   bco_api/api/scripts/utilities/DbUtils.py
	modified:   bco_api/api/views.py

Author: HadleyKing

bco_api/api/scripts/method_specific/POST_api_objects_drafts_modify.py

@@ -18,7 +18,7 @@
 
 # Source: https://codeloop.org/django-rest-framework-course-for-beginners/
 
-def POST_api_objects_drafts_modify(request):
+def post_api_objects_drafts_modify(request):
     """ Modify Draft
 
     Take the bulk request and modify a draft object from it.
@@ -92,9 +92,10 @@ def POST_api_objects_drafts_modify(request):
                     # *** COMPLETELY OVERWRITES CONTENTS!!! ***
                     objected.contents = draft_object['contents']
 
-                    if draft_object['state'] == 'DELETE':
-                        objected.state = 'DELETE'
-
+                    if 'state' in draft_object:
+                        if draft_object['state'] == 'DELETE':
+                            objected.state = 'DELETE'
+        
                     # Set the update time.
                     objected.last_update = timezone.now()
 
@@ -113,8 +114,9 @@ def POST_api_objects_drafts_modify(request):
                     any_failed = True
 
             else:
-                returning.append(db_utils.messages(parameters = {
-                    'object_id': draft_object['object_id']}))['404_object_id']
+                returning.append(
+                    db_utils.messages(parameters = {'object_id': draft_object['object_id']}
+                    )['404_object_id'])
                 any_failed = True
         else:
             returning.append(

bco_api/api/scripts/method_specific/POST_api_objects_search.py

@@ -1,146 +1,95 @@
-# BCO model
-from ...models import bco
+#!/usr/bin/env python3
+"""BCO Search
 
-# For getting objects out of the database.
-from ..utilities import DbUtils
+"""
 
-# User information
-from ..utilities import UserUtils
-
-# Permisions for objects
-from guardian.shortcuts import get_perms
-
-# Responses
+from itertools import chain
+from api.models import bco, Prefix
+from api.scripts.utilities import UserUtils
+from guardian.shortcuts import get_objects_for_user
 from rest_framework import status
 from rest_framework.response import Response
 
-
-
-
-def POST_api_objects_search(
-	incoming
-):
-
-	# View doesn't work yet...
-	return Response(
-		status = status.HTTP_400_BAD_REQUEST
-	)
-	
-	# Take the bulk request and search for objects.
-
-	# Instantiate any necessary imports.
-	db = DbUtils.DbUtils()
-	uu = UserUtils.UserUtils()
-	
-	# The token has already been validated,
-	# so the user is guaranteed to exist.
-
-	# Before any permissions, we want to actually search
-	# for objects.
-
-	# Construct the search
-
-	# Get the User object.
-	user = uu.user_from_request(
-		rq = incoming
-	)
-
-	# Get the user's prefix permissions.
-	px_perms = uu.prefix_perms_for_user(
-		flatten = True,
-		user_object = user,
-		specific_permission = ['view']
-	)
-
-	# Define the bulk request.
-	bulk_request = incoming.data['POST_api_objects_search']
-
-	# Construct an array to return the objects.
-	returning = []
-
-	# Since bulk_request is an array, go over each
-	# item in the array.
-	for read_object in bulk_request:
-		
-		# Get the prefix for this draft.
-		standardized = read_object['object_id'].split('/')[-1].split('_')[0].upper()
-
-		# Does the requestor have view permissions for
-		# the *prefix*?
-		if 'view_' + standardized in px_perms:
-		
-			# The requestor has view permissions for
-			# the prefix, but do they have object-level
-			# view permissions?
-
-			# This can be checked by seeing if the requestor
-			# is the object owner OR they are a user with
-			# object-level view permissions OR if they are in a 
-			# group that has object-level view permissions.
-
-			# To check these options, we need the actual object.
-			if bco.objects.filter(object_id = read_object['object_id']).exists():
-
-				objected = bco.objects.get(
-					object_id = read_object['object_id']
-				)
-
-				# We don't care where the view permission comes from,
-				# be it a User permission or a Group permission.
-				all_permissions = get_perms(
-					user,
-					objected
-				)
-				
-				if user.pk == objected.owner_user.pk or 'view_' + standardized in all_permissions:
-
-					# Read the object.
-					returning.append(
-						db.messages(
-							parameters = {
-								'contents': objected.contents,
-								'object_id': read_object['object_id']
-							}
-						)['200_OK_object_delete']
-					)
-					
-				else:
-
-					# Insufficient permissions.
-					returning.append(
-						db.messages(
-							parameters = {}
-						)['403_insufficient_permissions']
-					)
-
-			else:
-
-				# Couldn't find the object.
-				returning.append(
-					db.messages(
-						parameters = {
-							'object_id': read_object['object_id']
-						}
-					)
-				)['404_object_id']
-			
-		else:
-			
-			# Update the request status.
-			returning.append(
-				db.messages(
-					parameters = {
-						'prefix': standardized
-					}
-				)['401_prefix_unauthorized']
-			)
-	
-	# As this view is for a bulk operation, status 200
-	# means that the request was successfully processed,
-	# but NOT necessarily each item in the request.
-	# For example, a table may not have been found for the first
-	# requested draft.
-	return Response(
-		status = status.HTTP_200_OK,
-		data = returning
-	)
+def post_api_objects_search(request):
+    """Search for BCOs
+
+    Parameters
+    ----------
+    request: rest_framework.request.Request
+        Django request object.
+
+    Returns
+    -------
+    List of BCOs that met search criteria
+
+    """
+
+    return_values = [
+        'contents',
+        'last_update',
+        'object_class',
+        'object_id',
+        'owner_group',
+        'owner_user',
+        'prefix',
+        'schema',
+        'state'
+    ]
+
+    query = request.data['POST_api_objects_search'][0]
+    search_type = query['type']
+    try:
+        search_value = query['search']
+    except KeyError:
+        search_value = ''
+    user_utils = UserUtils.UserUtils()
+    user_info = request._user
+    
+    if search_type == 'bco_id':
+        if user_info.username == 'anon':
+            bco_list = bco.objects.filter(object_id__icontains=search_value, state='PUBLISHED')
+            result_list = chain(bco_list.values(*return_values))
+        else:
+            user_objects = get_objects_for_user(user=user_info, perms=[], klass=bco, any_perm=True)
+            bco_list = bco.objects.filter(object_id__icontains=search_value).exclude(state='DELETE')
+            for i in bco_list:
+                if i not in user_objects:
+                    bco_list.exclude(pk=i.id)
+            result_list = chain(bco_list.values(*return_values))
+
+    if search_type == 'prefix':
+        search_value = search_value.upper()
+        user_prefixes = user_utils.prefixes_for_user(user_object=user_info)
+        try:
+            prefix = Prefix.objects.get(prefix=search_value).prefix
+
+        except Prefix.DoesNotExist:
+            return Response(status=status.HTTP_404_NOT_FOUND, data={
+                'request_status': 'FAILURE',
+                'status_code'   : '404',
+                'message'       : 'The prefix was not found on the server.'
+                })
+
+        if prefix in user_prefixes:
+            bco_list = bco.objects.filter(prefix=prefix).values().exclude(state='DELETE')
+            result_list = chain(bco_list.values(*return_values))
+
+        else:
+            return Response(status=status.HTTP_403_FORBIDDEN, data={
+                'request_status': 'FAILURE',
+                'status_code'   : '403',
+                'message'       : 'The token provided does not have sufficient'\
+                                  ' permissions for the requested object.'
+                }
+            )
+
+    if search_type == 'mine':
+        if user_info.username == 'anon':
+            result_list = chain(bco.objects.filter(state='PUBLISHED').values(*return_values))
+
+        else:
+            result_list = chain(bco.objects.filter(
+                owner_user=user_info).exclude(state='DELETE'
+            ).values(*return_values))
+
+    return Response(status=status.HTTP_200_OK, data=result_list)

bco_api/api/scripts/utilities/DbUtils.py

@@ -641,6 +641,11 @@ def messages(
                         'status_code'   : '201',
                         'message'       : 'The prefix \'' + parameters['prefix'] + '\' was successfully created.'
                         },
+                '204_no_content'                        : {
+                        'request_status': 'SUCCESS',
+                        'status_code'   : '204',
+                        'message'       : 'The search you performed returned ZERO results.'
+                        },
                 '400_bad_request'                          : {
                         'request_status': 'FAILURE',
                         'status_code'   : '400',

bco_api/api/views.py

@@ -36,15 +36,15 @@
 from api.scripts.method_specific.POST_api_accounts_describe import POST_api_accounts_describe
 from api.scripts.method_specific.POST_api_accounts_new import POST_api_accounts_new
 from api.scripts.method_specific.POST_api_objects_drafts_create import post_api_objects_drafts_create
-from api.scripts.method_specific.POST_api_objects_drafts_modify import POST_api_objects_drafts_modify
+from api.scripts.method_specific.POST_api_objects_drafts_modify import post_api_objects_drafts_modify
 from api.scripts.method_specific.POST_api_objects_drafts_permissions import POST_api_objects_drafts_permissions
 from api.scripts.method_specific.POST_api_objects_drafts_permissions_set import POST_api_objects_drafts_permissions_set
 from api.scripts.method_specific.POST_api_objects_drafts_publish import POST_api_objects_drafts_publish
 from api.scripts.method_specific.POST_api_objects_drafts_read import POST_api_objects_drafts_read
 from api.scripts.method_specific.POST_api_objects_drafts_token import POST_api_objects_drafts_token
 from api.scripts.method_specific.POST_api_objects_publish import POST_api_objects_publish
 from api.scripts.method_specific.POST_api_objects_published import POST_api_objects_published
-from api.scripts.method_specific.POST_api_objects_search import POST_api_objects_search
+from api.scripts.method_specific.POST_api_objects_search import post_api_objects_search
 from api.scripts.method_specific.POST_api_objects_token import POST_api_objects_token
 from api.scripts.method_specific.POST_api_prefixes_create import POST_api_prefixes_create
 from api.scripts.method_specific.POST_api_prefixes_delete import POST_api_prefixes_delete
@@ -123,9 +123,7 @@ class ApiAccountsActivateUsernameTempIdentifier(APIView):
     permission_classes = []
 
     # For the success and error messages
-    renderer_classes = [
-            TemplateHTMLRenderer
-            ]
+    renderer_classes = [TemplateHTMLRenderer]
     template_name = 'api/account_activation_message.html'
 
     auth = []
@@ -533,7 +531,7 @@ class ApiObjectsDraftsModify(APIView):
             403: "Invalid token."
             }, tags=["BCO Management"])
     def post(self, request) -> Response:
-        return check_post_and_process(request, POST_api_objects_drafts_modify)
+        return check_post_and_process(request, post_api_objects_drafts_modify)
 
 
 class ApiObjectsDraftsPermissions(APIView):
@@ -806,6 +804,8 @@ class ApiObjectsSearch(APIView):
     Search for available BCO objects that match criteria.
     """
 
+    # authentication_classes = []
+    # permission_classes = []
     # TODO: Need to get the schema that is being sent here from FE
     request_body = openapi.Schema(
             type=openapi.TYPE_OBJECT,
@@ -822,7 +822,7 @@ class ApiObjectsSearch(APIView):
             403: "Invalid token."
             }, tags=["BCO Management"])
     def post(self, request) -> Response:
-        return check_post_and_process(request, POST_api_objects_search)
+        return check_post_and_process(request, post_api_objects_search)
 
 
 class ApiObjectsToken(APIView):