|
63 | 63 | ) |
64 | 64 | from beanie import PydanticObjectId |
65 | 65 | from beanie.operators import And, Or |
66 | | -from bson import ObjectId, json_util |
| 66 | +from bson import json_util |
67 | 67 | from elasticsearch import Elasticsearch |
68 | 68 | from fastapi import APIRouter, Depends, File, HTTPException, Request, UploadFile |
69 | 69 | from fastapi.responses import StreamingResponse |
@@ -557,33 +557,41 @@ async def get_freeze_datasets( |
557 | 557 | skip: int = 0, |
558 | 558 | limit: int = 10, |
559 | 559 | user=Depends(get_current_user), |
560 | | - fs: Minio = Depends(dependencies.get_fs), |
561 | | - es: Elasticsearch = Depends(dependencies.get_elasticsearchclient), |
562 | | - allow: bool = Depends(Authorization("owner")), |
| 560 | + authenticated: bool = Depends(CheckStatus("AUTHENTICATED")), |
| 561 | + public: bool = Depends(CheckStatus("PUBLIC")), |
| 562 | + admin=Depends(get_admin), |
| 563 | + admin_mode: bool = Depends(get_admin_mode), |
| 564 | + viewer: bool = Depends(Authorization("viewer")), |
563 | 565 | ): |
564 | | - frozen_datasets_and_count = ( |
565 | | - await DatasetFreezeDB.find( |
566 | | - DatasetFreezeDB.origin_id == PydanticObjectId(dataset_id) |
| 566 | + if authenticated or public or (admin and admin_mode) or viewer: |
| 567 | + frozen_datasets_and_count = ( |
| 568 | + await DatasetFreezeDB.find( |
| 569 | + DatasetFreezeDB.origin_id == PydanticObjectId(dataset_id) |
| 570 | + ) |
| 571 | + .aggregate( |
| 572 | + [ |
| 573 | + _get_page_query( |
| 574 | + skip, limit, sort_field="frozen_version_num", ascending=False |
| 575 | + ) |
| 576 | + ], |
| 577 | + ) |
| 578 | + .to_list() |
567 | 579 | ) |
568 | | - .aggregate( |
569 | | - [ |
570 | | - _get_page_query( |
571 | | - skip, limit, sort_field="frozen_version_num", ascending=False |
572 | | - ) |
| 580 | + |
| 581 | + page_metadata = _construct_page_metadata(frozen_datasets_and_count, skip, limit) |
| 582 | + page = Paged( |
| 583 | + metadata=page_metadata, |
| 584 | + data=[ |
| 585 | + DatasetFreezeOut(id=item.pop("_id"), **item) |
| 586 | + for item in frozen_datasets_and_count[0]["data"] |
573 | 587 | ], |
574 | 588 | ) |
575 | | - .to_list() |
576 | | - ) |
577 | | - |
578 | | - page_metadata = _construct_page_metadata(frozen_datasets_and_count, skip, limit) |
579 | | - page = Paged( |
580 | | - metadata=page_metadata, |
581 | | - data=[ |
582 | | - DatasetFreezeOut(id=item.pop("_id"), **item) |
583 | | - for item in frozen_datasets_and_count[0]["data"] |
584 | | - ], |
585 | | - ) |
586 | | - return page.dict() |
| 589 | + return page.dict() |
| 590 | + else: |
| 591 | + raise HTTPException( |
| 592 | + status_code=403, |
| 593 | + detail=f"User {user} does not have access to view freeze list for dataset {dataset_id}", |
| 594 | + ) |
587 | 595 |
|
588 | 596 |
|
589 | 597 | @router.get("/{dataset_id}/freeze/latest_version_num", response_model=int) |
|
0 commit comments