aboutsummaryrefslogtreecommitdiff
path: root/gn3/auth/authorisation/data/views.py
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2023-02-27 15:24:08 +0300
committerFrederick Muriuki Muriithi2023-02-27 15:24:08 +0300
commit36248ee1592b87edd83a15c68e090ec220992535 (patch)
treef41c8956c02be461cf43df3a756b673e6f49ca75 /gn3/auth/authorisation/data/views.py
parent32a9103fba0454338ad126125038d97e7d228ec5 (diff)
downloadgenenetwork3-36248ee1592b87edd83a15c68e090ec220992535.tar.gz
auth: Endpoint to get access levels for data
When the endpoint is accessed with a list of traits, it should/will respond with the access privileges for each of the traits attached for the active user.
Diffstat (limited to 'gn3/auth/authorisation/data/views.py')
-rw-r--r--gn3/auth/authorisation/data/views.py67
1 files changed, 67 insertions, 0 deletions
diff --git a/gn3/auth/authorisation/data/views.py b/gn3/auth/authorisation/data/views.py
new file mode 100644
index 0000000..76f4158
--- /dev/null
+++ b/gn3/auth/authorisation/data/views.py
@@ -0,0 +1,67 @@
+"""Handle data endpoints."""
+import json
+from functools import reduce
+
+from flask import request, Response, Blueprint, current_app as app
+from authlib.integrations.flask_oauth2.errors import _HTTPException
+
+from gn3 import db_utils as gn3db
+
+from gn3.db.traits import build_trait_name
+
+from gn3.auth import db
+from gn3.auth.authentication.oauth2.resource_server import require_oauth
+from gn3.auth.authorisation.resources.models import (
+ user_resources, public_resources, attach_resources_data)
+
+data = Blueprint("data", __name__)
+
+@data.route("/authorisation", methods=["GET"])
+def authorisation() -> Response:
+ """Retrive the authorisation level for datasets/traits for the user."""
+ db_uri = app.config["AUTH_DB"]
+ the_user = "ANONYMOUS"
+ with db.connection(db_uri) as auth_conn, gn3db.database_connection() as gn3conn:
+ try:
+ with require_oauth.acquire("profile group resource") as the_token:
+ resources = attach_resources_data(
+ auth_conn, user_resources(auth_conn, the_token.user))
+ except _HTTPException as exc:
+ err_msg = json.loads(exc.body)
+ if err_msg["error"] == "missing_authorization":
+ resources = attach_resources_data(
+ auth_conn, public_resources(auth_conn))
+ else:
+ raise exc from None
+
+ # Access endpoint with somethin like:
+ # curl -X GET http://127.0.0.1:8080/api/oauth2/data/authorisation \
+ # -H "Content-Type: application/json" \
+ # -d '{"traits": ["HC_M2_0606_P::1442370_at", "BXDGeno::01.001.695", "BXDPublish::10001"]}'
+ args = request.get_json()
+ traits_names = args["traits"]
+ def __translate__(val):
+ return {
+ "ProbeSet": "mRNA",
+ "Geno": "Genotype",
+ "Publish": "Phenotype"
+ }[val]
+ traits = (
+ {
+ **{key:trait[key] for key in ("trait_fullname", "trait_name")},
+ "dataset_name": trait["db"]["dataset_name"],
+ "dataset_type": __translate__(trait["db"]["dataset_type"])
+ } for trait in
+ (build_trait_name(trait_fullname)
+ for trait_fullname in traits_names))
+ # Retrieve the dataset/trait IDs from traits above
+
+ # Compare the traits/dataset names/ids from request with resources' data
+ # - Any trait not in resources' data is marked inaccessible
+ # - Any trait in resources' data:
+ # - IF public is marked readable
+ # - IF private and user has read privilege: mark readable
+ # - ELSE mark inaccessible
+
+
+ return "NOT COMPLETED! ..."