Merge pull request #228 from hydroserver2/238-workspaces

kjlippold · web-flow · commit 5877882d8ec0 · 2025-02-27T12:46:27.000-08:00
238 workspaces
diff --git a/.env.example b/.env.example
@@ -1,28 +1,37 @@
-# The base URL for the deployment.
-PROXY_BASE_URL = http://127.0.0.1:8000
-APP_CLIENT_URL = http://127.0.0.1:5173  # In production environments, this should generally be the same as the PROXY_BASE_URL.
-ALLOWED_HOSTS = 127.0.0.1,localhost
-
 # Deployment Settings
-SECRET_KEY =  # This is required by Django. Keep this value secret.
-DEBUG = True  # This should be set to False in production environments.
-DEPLOYMENT_BACKEND = aws  # Use 'aws' for AWS deployments, otherwise use 'local'
-DISABLE_ACCOUNT_CREATION = False  # Set this to True if you want administrative users to manage the creation of all other user accounts.
-
-# The connection URL so the timescaleDB instance can connect to the PostgreSQL database
-DATABASE_URL = postgresql://postgres:password@localhost:5432/tsdb  # Update this value to connect to your PostgreSQL database for this deployment.
-
-# Email Settings. This email is used for user account verification and password reset.
-EMAIL_HOST =
-EMAIL_PORT =
-EMAIL_HOST_USER =
-EMAIL_HOST_PASSWORD =
-ADMIN_EMAIL =
-
-# OAuth Settings. Leave these settings blank to disable any of these services.
-OAUTH_GOOGLE_CLIENT =
-OAUTH_GOOGLE_SECRET =
-OAUTH_ORCID_CLIENT =
-OAUTH_ORCID_SECRET =
-OAUTH_HYDROSHARE_CLIENT =
-OAUTH_HYDROSHARE_SECRET =
+
+PROXY_BASE_URL =             # The base URL HydroServer will be served from.
+ALLOWED_HOSTS =              # Defaults to the host of PROXY_BASE_URL.
+DEBUG =                      # True/False: This should be set to False in production environments.
+DEPLOYMENT_BACKEND =         # Use 'aws' or 'gcp' for cloud deployments, otherwise use 'local'.
+SECRET_KEY =                 # This is required by Django. Keep this value secret.
+DEFAULT_SUPERUSER_EMAIL =    # The email of the admin user created during initial startup.
+DEFAULT_SUPERUSER_PASSWORD = # The password of the admin user created during initial startup.
+ENABLE_AUDITS =              # True/False: This will track user activity in the sta app.
+
+
+# Account Settings
+
+SMTP_URL =                  # A connection to the SMTP server Django will send account related emails from.
+DEFAULT_FROM_EMAIL =        # The email address Django will send account related emails from.
+ACCOUNT_SIGNUP_ENABLED =    # True/False: Controls whether new users can create their own accounts.
+ACCOUNT_OWNERSHIP_ENABLED = # True/False: Controls whether new users can create/own workspaces.
+SOCIALACCOUNT_SIGNUP_ONLY = # True/False: Controls whether non-social account creation is supported.
+
+
+# Database Settings
+
+DATABASE_URL =       # A connection to the PostgreSQL or TimescaleDB server HydroServer will use.
+CONN_MAX_AGE =       # Controls how long Django will hold database connections open before closing them.
+CONN_HEALTH_CHECKS = # True/False: Controls whether connection health checks are enabled.
+SSL_REQUIRED =       # True/False: Controls whether Django will connect to the database using SSL.
+
+
+# Storage Settings
+
+MEDIA_BUCKET_NAME =     # The name of the AWS or GCP bucket photos will be stored in.
+STATIC_BUCKET_NAME =    # The name of the AWS or GCP bucket static files will be stored in.
+APP_CLIENT_URL =        # The base URL media and static files will be served from, if not the PROXY_BASE_URL.
+AWS_CLOUDFRONT_KEY =    # The AWS CloudFront key used to generate signed photo URLs.
+AWS_CLOUDFRONT_KEY_ID = # The ID of the AWS CloudFront key used to generate signed photo URLs.
+GS_PROJECT_ID =         # The ID of the GCP project HydroServer is deployed to.
diff --git a/iam/migrations/0009_create_default_roles_and_types.py b/iam/migrations/0009_create_default_roles_and_types.py
@@ -0,0 +1,19 @@
+# Generated by Django 5.2b1 on 2025-02-27 18:38
+
+from django.db import migrations
+from django.core.management import call_command
+
+
+def load_fixtures(apps, schema_editor):
+    call_command("loaddata", "iam/fixtures/default_roles.json")
+    call_command("loaddata", "iam/fixtures/default_types.json")
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("iam", "0008_alter_collaborator_role_alter_collaborator_user_and_more"),
+    ]
+
+    operations = [
+        migrations.RunPython(load_fixtures),
+    ]
diff --git a/iam/views/authentication.py b/iam/views/authentication.py
@@ -18,7 +18,8 @@ def get_auth_methods(request):
             {
                 "id": social_app.provider,
                 "name": social_app.name,
-                "icon_link": f"{settings.PROXY_BASE_URL}{static(f'providers/{social_app.provider}.png')}",
+                "icon_link": f"{settings.PROXY_BASE_URL if settings.DEPLOYMENT_BACKEND == 'local' else ''}"
+                             f"{static(f'providers/{social_app.provider}.png')}",
                 "signup_enabled": True if social_app.settings.get("allowSignUp") is not False else False,
                 "connect_enabled": True if social_app.settings.get("allowConnection") is True else False,
             } for social_app in SocialApp.objects.all()
diff --git a/sta/services/thing.py b/sta/services/thing.py
@@ -2,6 +2,8 @@
 from typing import Optional, Literal
 from ninja.errors import HttpError
 from django.contrib.auth import get_user_model
+from django.contrib.postgres.aggregates import ArrayAgg
+from django.db.models import F
 from iam.services.utils import ServiceUtils
 from sta.models import Thing, Location, Tag, Photo
 from sta.schemas import ThingPostBody, ThingPatchBody, TagPostBody, TagDeleteBody, PhotoDeleteBody
@@ -107,7 +109,9 @@ def get_tag_keys(user: Optional[User], workspace_id: Optional[uuid.UUID], thing_
         if thing_id:
             queryset = queryset.filter(thing_id=thing_id)
 
-        return list(queryset.visible(user=user).values_list("key", flat=True).distinct())
+        tags = queryset.visible(user=user).values("key").annotate(values=ArrayAgg(F("value"), distinct=True))
+
+        return {entry["key"]: entry["values"] for entry in tags}
 
     def add_tag(self, user: User, uid: uuid.UUID, data: TagPostBody):
         thing = self.get_thing_for_action(user=user, uid=uid, action="edit")
diff --git a/sta/views/tag.py b/sta/views/tag.py
@@ -36,7 +36,7 @@ def get_tags(request: HydroServerHttpRequest, thing_id: Path[uuid.UUID]):
     "keys",
     auth=[session_auth, bearer_auth, anonymous_auth],
     response={
-        200: list[str],
+        200: dict[str, list[str]],
         401: str,
     }
 )
diff --git a/tests/fixtures/test_collaborators.yaml b/tests/fixtures/test_collaborators.yaml
@@ -3,29 +3,29 @@
   pk: 1000000010
   fields:
     user: 1000000011
-    role: a7701d22-e716-4584-a18c-055c8c4f2bd6
+    role: 2f05f775-5d8a-4778-9942-3d13a64ec7a3
     workspace: 6e0deaf2-a92b-421b-9ece-86783265596f
 
 # Public Workspace Viewer
 - model: iam.collaborator
   pk: 1000000011
   fields:
     user: 1000000012
-    role: 702e2156-baee-451a-b7ee-dca8baeda378
+    role: 1d91bff7-edf6-4b69-bb26-674436335725
     workspace: 6e0deaf2-a92b-421b-9ece-86783265596f
 
 # Private Workspace Editor
 - model: iam.collaborator
   pk: 1000000012
   fields:
     user: 1000000011
-    role: a7701d22-e716-4584-a18c-055c8c4f2bd6
+    role: 2f05f775-5d8a-4778-9942-3d13a64ec7a3
     workspace: b27c51a0-7374-462d-8a53-d97d47176c10
 
 # Private Workspace Viewer
 - model: iam.collaborator
   pk: 1000000013
   fields:
     user: 1000000012
-    role: 702e2156-baee-451a-b7ee-dca8baeda378
+    role: 1d91bff7-edf6-4b69-bb26-674436335725
     workspace: b27c51a0-7374-462d-8a53-d97d47176c10
diff --git a/tests/fixtures/test_roles.yaml b/tests/fixtures/test_roles.yaml
@@ -1,33 +1,3 @@
-# Editor Role
-- model: iam.role
-  pk: a7701d22-e716-4584-a18c-055c8c4f2bd6
-  fields:
-    name: "Editor"
-    description: "Editor"
-
-# Editor Permissions
-- model: iam.permission
-  pk: 1000000010
-  fields:
-    role: a7701d22-e716-4584-a18c-055c8c4f2bd6
-    permission_type: "*"
-    resource_type: "*"
-
-# Viewer Role
-- model: iam.role
-  pk: 702e2156-baee-451a-b7ee-dca8baeda378
-  fields:
-    name: "Viewer"
-    description: "Viewer"
-
-# Viewer Permissions
-- model: iam.permission
-  pk: 1000000011
-  fields:
-    role: 702e2156-baee-451a-b7ee-dca8baeda378
-    permission_type: "view"
-    resource_type: "*"
-
 # Private Role
 - model: iam.role
   pk: 60b9d8b1-28d1-4d0d-9bee-4e47219d0118
diff --git a/tests/iam/services/test_collaborator.py b/tests/iam/services/test_collaborator.py
@@ -32,17 +32,17 @@ def test_list_collaborator(get_user, user, workspace, message, error_code):
 
 
 @pytest.mark.parametrize("user, collaborator, workspace, role, message, error_code", [
-    ("owner", "anonymous", "b27c51a0-7374-462d-8a53-d97d47176c10", "a7701d22-e716-4584-a18c-055c8c4f2bd6", None, None),
-    ("admin", "anonymous", "b27c51a0-7374-462d-8a53-d97d47176c10", "a7701d22-e716-4584-a18c-055c8c4f2bd6", None, None),
+    ("owner", "anonymous", "b27c51a0-7374-462d-8a53-d97d47176c10", "2f05f775-5d8a-4778-9942-3d13a64ec7a3", None, None),
+    ("admin", "anonymous", "b27c51a0-7374-462d-8a53-d97d47176c10", "2f05f775-5d8a-4778-9942-3d13a64ec7a3", None, None),
     ("owner", "anonymous", "b27c51a0-7374-462d-8a53-d97d47176c10", "60b9d8b1-28d1-4d0d-9bee-4e47219d0118", None, None),
-    ("owner", "limited", "b27c51a0-7374-462d-8a53-d97d47176c10", "a7701d22-e716-4584-a18c-055c8c4f2bd6", None, None),
-    ("editor", "anonymous", "b27c51a0-7374-462d-8a53-d97d47176c10", "a7701d22-e716-4584-a18c-055c8c4f2bd6", None, None),
-    ("viewer", "anonymous", "b27c51a0-7374-462d-8a53-d97d47176c10", "a7701d22-e716-4584-a18c-055c8c4f2bd6", "You do not have permission", 403),
-    ("anonymous", "anonymous", "6e0deaf2-a92b-421b-9ece-86783265596f", "a7701d22-e716-4584-a18c-055c8c4f2bd6", "You do not have permission", 403),
-    ("anonymous", "anonymous", "b27c51a0-7374-462d-8a53-d97d47176c10", "a7701d22-e716-4584-a18c-055c8c4f2bd6", "Workspace does not exist", 404),
-    ("owner", "fake", "b27c51a0-7374-462d-8a53-d97d47176c10", "a7701d22-e716-4584-a18c-055c8c4f2bd6", "No account with email", 400),
-    ("owner", "owner", "b27c51a0-7374-462d-8a53-d97d47176c10", "a7701d22-e716-4584-a18c-055c8c4f2bd6", "Account with email", 400),
-    ("owner", "viewer", "b27c51a0-7374-462d-8a53-d97d47176c10", "a7701d22-e716-4584-a18c-055c8c4f2bd6", "Account with email", 400),
+    ("owner", "limited", "b27c51a0-7374-462d-8a53-d97d47176c10", "2f05f775-5d8a-4778-9942-3d13a64ec7a3", None, None),
+    ("editor", "anonymous", "b27c51a0-7374-462d-8a53-d97d47176c10", "2f05f775-5d8a-4778-9942-3d13a64ec7a3", None, None),
+    ("viewer", "anonymous", "b27c51a0-7374-462d-8a53-d97d47176c10", "2f05f775-5d8a-4778-9942-3d13a64ec7a3", "You do not have permission", 403),
+    ("anonymous", "anonymous", "6e0deaf2-a92b-421b-9ece-86783265596f", "2f05f775-5d8a-4778-9942-3d13a64ec7a3", "You do not have permission", 403),
+    ("anonymous", "anonymous", "b27c51a0-7374-462d-8a53-d97d47176c10", "2f05f775-5d8a-4778-9942-3d13a64ec7a3", "Workspace does not exist", 404),
+    ("owner", "fake", "b27c51a0-7374-462d-8a53-d97d47176c10", "2f05f775-5d8a-4778-9942-3d13a64ec7a3", "No account with email", 400),
+    ("owner", "owner", "b27c51a0-7374-462d-8a53-d97d47176c10", "2f05f775-5d8a-4778-9942-3d13a64ec7a3", "Account with email", 400),
+    ("owner", "viewer", "b27c51a0-7374-462d-8a53-d97d47176c10", "2f05f775-5d8a-4778-9942-3d13a64ec7a3", "Account with email", 400),
     ("owner", "anonymous", "b27c51a0-7374-462d-8a53-d97d47176c10", "00000000-0000-0000-0000-000000000000", "Role does not exist", 404),
     ("owner", "anonymous", "6e0deaf2-a92b-421b-9ece-86783265596f", "60b9d8b1-28d1-4d0d-9bee-4e47219d0118", "Role does not exist", 404),
 ])
@@ -65,15 +65,15 @@ def test_create_collaborator(get_user, user, collaborator, workspace, role, mess
 
 
 @pytest.mark.parametrize("user, collaborator, workspace, role, message, error_code", [
-    ("owner", "editor", "b27c51a0-7374-462d-8a53-d97d47176c10", "a7701d22-e716-4584-a18c-055c8c4f2bd6", None, None),
-    ("admin", "editor", "b27c51a0-7374-462d-8a53-d97d47176c10", "a7701d22-e716-4584-a18c-055c8c4f2bd6", None, None),
+    ("owner", "editor", "b27c51a0-7374-462d-8a53-d97d47176c10", "2f05f775-5d8a-4778-9942-3d13a64ec7a3", None, None),
+    ("admin", "editor", "b27c51a0-7374-462d-8a53-d97d47176c10", "2f05f775-5d8a-4778-9942-3d13a64ec7a3", None, None),
     ("owner", "editor", "b27c51a0-7374-462d-8a53-d97d47176c10", "60b9d8b1-28d1-4d0d-9bee-4e47219d0118", None, None),
-    ("editor", "viewer", "b27c51a0-7374-462d-8a53-d97d47176c10", "a7701d22-e716-4584-a18c-055c8c4f2bd6", None, None),
-    ("viewer", "editor", "b27c51a0-7374-462d-8a53-d97d47176c10", "a7701d22-e716-4584-a18c-055c8c4f2bd6", "You do not have permission", 403),
-    ("anonymous", "editor", "6e0deaf2-a92b-421b-9ece-86783265596f", "a7701d22-e716-4584-a18c-055c8c4f2bd6", "You do not have permission", 403),
-    ("anonymous", "editor", "b27c51a0-7374-462d-8a53-d97d47176c10", "a7701d22-e716-4584-a18c-055c8c4f2bd6", "Workspace does not exist", 404),
-    ("owner", "fake", "b27c51a0-7374-462d-8a53-d97d47176c10", "a7701d22-e716-4584-a18c-055c8c4f2bd6", "No collaborator with email", 400),
-    ("owner", "anonymous", "b27c51a0-7374-462d-8a53-d97d47176c10", "a7701d22-e716-4584-a18c-055c8c4f2bd6", "No collaborator with email", 400),
+    ("editor", "viewer", "b27c51a0-7374-462d-8a53-d97d47176c10", "2f05f775-5d8a-4778-9942-3d13a64ec7a3", None, None),
+    ("viewer", "editor", "b27c51a0-7374-462d-8a53-d97d47176c10", "2f05f775-5d8a-4778-9942-3d13a64ec7a3", "You do not have permission", 403),
+    ("anonymous", "editor", "6e0deaf2-a92b-421b-9ece-86783265596f", "2f05f775-5d8a-4778-9942-3d13a64ec7a3", "You do not have permission", 403),
+    ("anonymous", "editor", "b27c51a0-7374-462d-8a53-d97d47176c10", "2f05f775-5d8a-4778-9942-3d13a64ec7a3", "Workspace does not exist", 404),
+    ("owner", "fake", "b27c51a0-7374-462d-8a53-d97d47176c10", "2f05f775-5d8a-4778-9942-3d13a64ec7a3", "No collaborator with email", 400),
+    ("owner", "anonymous", "b27c51a0-7374-462d-8a53-d97d47176c10", "2f05f775-5d8a-4778-9942-3d13a64ec7a3", "No collaborator with email", 400),
     ("owner", "editor", "b27c51a0-7374-462d-8a53-d97d47176c10", "00000000-0000-0000-0000-000000000000", "Role does not exist", 404),
     ("owner", "editor", "6e0deaf2-a92b-421b-9ece-86783265596f", "60b9d8b1-28d1-4d0d-9bee-4e47219d0118", "Role does not exist", 404),
 ])
diff --git a/tests/iam/services/test_role.py b/tests/iam/services/test_role.py
@@ -38,7 +38,7 @@ def test_list_role(get_user, user, workspace, length, message, error_code):
 @pytest.mark.parametrize("user, workspace, role, message, error_code", [
     ("owner", "b27c51a0-7374-462d-8a53-d97d47176c10", "60b9d8b1-28d1-4d0d-9bee-4e47219d0118", "Private", None),
     ("admin", "b27c51a0-7374-462d-8a53-d97d47176c10", "60b9d8b1-28d1-4d0d-9bee-4e47219d0118", "Private", None),
-    ("anonymous", "6e0deaf2-a92b-421b-9ece-86783265596f", "a7701d22-e716-4584-a18c-055c8c4f2bd6", "Editor", None),
+    ("anonymous", "6e0deaf2-a92b-421b-9ece-86783265596f", "2f05f775-5d8a-4778-9942-3d13a64ec7a3", "Editor", None),
     ("owner", "00000000-0000-0000-0000-000000000000", "6e0deaf2-a92b-421b-9ece-86783265596f", "Workspace does not exist", 404),
     ("owner", "b27c51a0-7374-462d-8a53-d97d47176c10", "00000000-0000-0000-0000-000000000000", "Role does not exist", 404),
     ("anonymous", "b27c51a0-7374-462d-8a53-d97d47176c10", "60b9d8b1-28d1-4d0d-9bee-4e47219d0118", "Workspace does not exist", 404),

Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,7 @@ def get_tags(request: HydroServerHttpRequest, thing_id: Path[uuid.UUID]):`
`36`	`36`	`"keys",`
`37`	`37`	`auth=[session_auth, bearer_auth, anonymous_auth],`
`38`	`38`	`response={`
`39`		`- 200: list[str],`
	`39`	`+ 200: dict[str, list[str]],`
`40`	`40`	`401: str,`
`41`	`41`	`}`
`42`	`42`	`)`