Add scope requirements

alukach · alukach · commit 5194a30732b6 · 2024-04-02T16:32:54.000-07:00
diff --git a/runtime/eoapi/stac/eoapi/stac/app.py b/runtime/eoapi/stac/eoapi/stac/app.py
@@ -100,11 +100,28 @@ async def lifespan(app: FastAPI):
     extension = TiTilerExtension()
     extension.register(api.app, tiles_settings.titiler_endpoint)
 
+for (method, path), scopes in {
+    ("POST", "/collections"): ["stac:collection:create"],
+    ("PUT", "/collections"): ["stac:collection:update"],
+    ("DELETE", "/collections/{collection_id}"): ["stac:collection:delete"],
+    ("POST", "/collections/{collection_id}/items"): ["stac:item:create"],
+    ("PUT", "/collections/{collection_id}/items/{item_id}"): ["stac:item:update"],
+    ("DELETE", "/collections/{collection_id}/items/{item_id}"): ["stac:item:delete"],
+}.items():
+    api.add_route_dependencies(
+        [
+            {
+                "path": app.router.prefix + path,
+                "method": method,
+                "type": "http",
+            },
+        ],
+        [Security(keycloak.scheme, scopes=scopes)],
+    )
+
 
 @app.get("/index.html", response_class=HTMLResponse)
-async def viewer_page(
-    request: Request, token: Annotated[str, Security(keycloak.scheme)]
-):
+async def viewer_page(request: Request):
     """Search viewer."""
     return templates.TemplateResponse(
         "stac-viewer.html",
diff --git a/runtime/eoapi/stac/eoapi/stac/config.py b/runtime/eoapi/stac/eoapi/stac/config.py
@@ -22,6 +22,7 @@ class _ApiSettings(pydantic.BaseSettings):
         "fields",
         "pagination",
         "context",
+        "transaction",
     ]
 
     @pydantic.validator("cors_origins")

Original file line number	Diff line number	Diff line change
`@@ -22,6 +22,7 @@ class _ApiSettings(pydantic.BaseSettings):`
`22`	`22`	`"fields",`
`23`	`23`	`"pagination",`
`24`	`24`	`"context",`
	`25`	`+ "transaction",`
`25`	`26`	`]`
`26`	`27`
`27`	`28`	`@pydantic.validator("cors_origins")`