Merge pull request #71 from oslokommune/DP-1944-initial-permission-api-support

simenheg · web-flow · commit 01364ee49693 · 2021-04-28T12:35:20.000+02:00
DP-1944 Add initial support for the permission API
diff --git a/okdata/sdk/config.py b/okdata/sdk/config.py
@@ -25,6 +25,7 @@
     "uploadUrl": "https://api.data-dev.oslo.systems/data-uploader",
     "statusApiUrl": "https://api.data-dev.oslo.systems/status-api/status",
     "simpleDatasetAuthorizerUrl": "https://api.data-dev.oslo.systems/simple-dataset-authorizer",
+    "permissionApiUrl": "https://api.data-dev.oslo.systems/okdata-permission-api",
 }
 OKDATA_CONFIG["prod"] = {
     "client_id": None,
@@ -43,6 +44,7 @@
     "uploadUrl": "https://api.data.oslo.systems/data-uploader",
     "statusApiUrl": "https://api.data.oslo.systems/status-api/status",
     "simpleDatasetAuthorizerUrl": "https://api.data.oslo.systems/simple-dataset-authorizer",
+    "permissionApiUrl": "https://api.data.oslo.systems/okdata-permission-api",
 }
 
 OKDATA_DEFAULT_ENVIRONMENT = "prod"
diff --git a/okdata/sdk/permission/client.py b/okdata/sdk/permission/client.py
@@ -0,0 +1,59 @@
+import logging
+from urllib.parse import quote
+
+# TODO: Polyfill. Replace with `from dataclasses import asdict` once support
+# for Python 3.6 is dropped.
+from okdata.sdk.permission.user_types import asdict
+from okdata.sdk import SDK
+
+log = logging.getLogger()
+
+
+class PermissionClient(SDK):
+    def __init__(self, config=None, auth=None, env=None):
+        self.__name__ = "permission"
+        super().__init__(config, auth, env)
+        self.api_url = self.config.get("permissionApiUrl")
+
+    def update_permission(
+        self, resource_name, scope, add_users=[], remove_users=[], retries=0
+    ):
+        """Grant or revoke permissions for a resource.
+
+        `resource_name` must be given on the form "namespace:type:id", while
+        `scope` must be given on the form "namespace:type:permission".
+
+        `add_users` and `remove_users` are iterables containing the users to
+        give access to and to revoke access from, respectively. The users
+        should be instances of the user types defined in
+        `okdata.sdk.permission.user_types`.
+
+        Usage example giving read access to the dataset "my-dataset" to the
+        user "janedoe":
+
+          update_permission(
+              "okdata:dataset:my-dataset",
+              "okdata:dataset:read",
+              add_users=[User("janedoe")],
+          )
+        """
+        url = "{}/permissions/{}".format(self.api_url, quote(resource_name))
+        data = {
+            "add_users": list(map(asdict, add_users)),
+            "remove_users": list(map(asdict, remove_users)),
+            "scope": scope,
+        }
+        log.info(f"SDK:Updating permissions for {resource_name} with {data}")
+        return self.put(url, data, retries=retries).json()
+
+    def get_my_permissions(self, retries=0):
+        """Return a list of permissions associated with the current user."""
+        url = f"{self.api_url}/my_permissions"
+        log.info(f"SDK:Listing permissions from: {url}")
+        return self.get(url, retries=retries).json()
+
+    def get_permissions(self, resource_name, retries=0):
+        """Return a list of permissions associated with `resource_name`."""
+        url = "{}/permissions/{}".format(self.api_url, quote(resource_name))
+        log.info(f"SDK:Getting permissions for {resource_name} from: {url}")
+        return self.get(url, retries=retries).json()
diff --git a/okdata/sdk/permission/user_types.py b/okdata/sdk/permission/user_types.py
@@ -0,0 +1,52 @@
+# TODO: Use these simplified dataclasses once support for Python 3.6 is
+# dropped. Meanwhile we'll use the "polyfill" classes defined below.
+#
+# from dataclasses import dataclass, field
+#
+# @dataclass
+# class Client:
+#     user_id: str
+#     user_type: str = field(default="client", init=False)
+#
+#
+# @dataclass
+# class Team:
+#     user_id: str
+#     user_type: str = field(default="team", init=False)
+#
+#
+# @dataclass
+# class User:
+#     user_id: str
+#     user_type: str = field(default="user", init=False)
+
+
+class Client:
+    user_id: str
+    user_type: str
+
+    def __init__(self, user_id):
+        self.user_id = user_id
+        self.user_type = "client"
+
+
+class Team:
+    user_id: str
+    user_type: str
+
+    def __init__(self, user_id):
+        self.user_id = user_id
+        self.user_type = "team"
+
+
+class User:
+    user_id: str
+    user_type: str
+
+    def __init__(self, user_id):
+        self.user_id = user_id
+        self.user_type = "user"
+
+
+def asdict(obj):
+    return obj.__dict__

Original file line number	Diff line number	Diff line change
`@@ -25,6 +25,7 @@`
`25`	`25`	`"uploadUrl": "https://api.data-dev.oslo.systems/data-uploader",`
`26`	`26`	`"statusApiUrl": "https://api.data-dev.oslo.systems/status-api/status",`
`27`	`27`	`"simpleDatasetAuthorizerUrl": "https://api.data-dev.oslo.systems/simple-dataset-authorizer",`
	`28`	`+ "permissionApiUrl": "https://api.data-dev.oslo.systems/okdata-permission-api",`
`28`	`29`	`}`
`29`	`30`	`OKDATA_CONFIG["prod"] = {`
`30`	`31`	`"client_id": None,`
`@@ -43,6 +44,7 @@`
`43`	`44`	`"uploadUrl": "https://api.data.oslo.systems/data-uploader",`
`44`	`45`	`"statusApiUrl": "https://api.data.oslo.systems/status-api/status",`
`45`	`46`	`"simpleDatasetAuthorizerUrl": "https://api.data.oslo.systems/simple-dataset-authorizer",`
	`47`	`+ "permissionApiUrl": "https://api.data.oslo.systems/okdata-permission-api",`
`46`	`48`	`}`
`47`	`49`
`48`	`50`	`OKDATA_DEFAULT_ENVIRONMENT = "prod"`