gn3/auth/authorisation/data/views.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

"""Handle data endpoints."""
import json
from functools import reduce

from flask import request, Response, Blueprint, current_app as app
from authlib.integrations.flask_oauth2.errors import _HTTPException

from gn3 import db_utils as gn3db

from gn3.db.traits import build_trait_name

from gn3.auth import db
from gn3.auth.authentication.oauth2.resource_server import require_oauth
from gn3.auth.authorisation.resources.models import (
    user_resources, public_resources, attach_resources_data)

data = Blueprint("data", __name__)

@data.route("/authorisation", methods=["GET"])
def authorisation() -> Response:
    """Retrive the authorisation level for datasets/traits for the user."""
    db_uri = app.config["AUTH_DB"]
    the_user = "ANONYMOUS"
    with db.connection(db_uri) as auth_conn, gn3db.database_connection() as gn3conn:
        try:
            with require_oauth.acquire("profile group resource") as the_token:
                resources = attach_resources_data(
                    auth_conn, user_resources(auth_conn, the_token.user))
        except _HTTPException as exc:
            err_msg = json.loads(exc.body)
            if err_msg["error"] == "missing_authorization":
                resources = attach_resources_data(
                    auth_conn, public_resources(auth_conn))
            else:
                raise exc from None

        # Access endpoint with somethin like:
        # curl -X GET http://127.0.0.1:8080/api/oauth2/data/authorisation \
        #    -H "Content-Type: application/json" \
        #    -d '{"traits": ["HC_M2_0606_P::1442370_at", "BXDGeno::01.001.695", "BXDPublish::10001"]}'
        args = request.get_json()
        traits_names = args["traits"]
        def __translate__(val):
            return {
                "ProbeSet": "mRNA",
                "Geno": "Genotype",
                "Publish": "Phenotype"
            }[val]
        traits = (
            {
                **{key:trait[key] for key in ("trait_fullname", "trait_name")},
                "dataset_name": trait["db"]["dataset_name"],
                "dataset_type": __translate__(trait["db"]["dataset_type"])
            } for trait in
            (build_trait_name(trait_fullname)
             for trait_fullname in traits_names))
        # Retrieve the dataset/trait IDs from traits above

        # Compare the traits/dataset names/ids from request with resources' data
        # - Any trait not in resources' data is marked inaccessible
        # - Any trait in resources' data:
        #   - IF public is marked readable
        #   - IF private and user has read privilege: mark readable
        #   - ELSE mark inaccessible
        

        return "NOT COMPLETED! ..."