async def ensure_post_permission(request: Request, doc, configuration: Configuration): # only owning group can put/post ensure_group_permission(request=request, group_id=doc["group_id"]) headers = generate_headers_downstream(request.headers) doc_db = configuration.doc_db_asset return await doc_db.update_document(doc, owner=configuration.public_owner, headers=headers)
async def ensure_post_permission( request: Request, docdb: DocDb, doc: Any, configuration: Configuration ): ensure_group_permission(request=request, group_id=doc["group_id"]) headers = generate_headers_downstream(request.headers) return await docdb.update_document(doc, owner=configuration.public_owner, headers=headers)
async def ensure_get_permission( request: Request, docdb: DocDb, partition_keys: Dict[str, Any], configuration: Configuration ): headers = generate_headers_downstream(request.headers) asset = await docdb.get_document(partition_keys=partition_keys, clustering_keys={}, owner=configuration.public_owner, headers=headers) # there is no restriction on access asset 'metadata' for now ensure_group_permission(request=request, group_id=asset["group_id"]) return asset
async def ensure_get_permission(request: Request, asset_id: str, scope: str, configuration: Configuration): docdb = configuration.doc_db_asset headers = generate_headers_downstream(request.headers) asset = await docdb.get_document(partition_keys={"asset_id": asset_id}, clustering_keys={}, owner=configuration.public_owner, headers=headers) # there is no restriction on access asset 'metadata' for now fo read if 'w' in scope: ensure_group_permission(request=request, group_id=asset["group_id"]) return asset
async def ensure_delete_permission( request: Request, docdb: DocDb, doc: Dict[str, Any], configuration: Configuration ): # only owning group can delete # if isinstance(doc, FolderResponse) or isinstance(doc, ItemResponse) or isinstance(doc, DriveResponse): doc = convert_in(doc) ensure_group_permission(request=request, group_id=doc["group_id"]) headers = generate_headers_downstream(request.headers) return await docdb.delete_document(doc=doc, owner=configuration.public_owner, headers=headers)
async def list_drives( request: Request, group_id: str, configuration: Configuration = Depends(get_configuration)): headers = generate_headers_downstream(request.headers) ensure_group_permission(request=request, group_id=group_id) docdb_drive = configuration.doc_dbs.drives_db drives = await docdb_drive.query(query_body=f"group_id={group_id}#100", owner=configuration.public_owner, headers=headers) drives = [DriveResponse(**convert_out(d)) for d in drives["documents"]] return DrivesResponse(drives=drives)
async def ensure_delete_permission(request: Request, asset: any, configuration: Configuration): # only owning group can delete ensure_group_permission(request=request, group_id=asset["group_id"]) storage, doc_db = configuration.storage, configuration.doc_db_asset headers = generate_headers_downstream(request.headers) asset_id = asset["asset_id"] await asyncio.gather( storage.delete_group(prefix=Path(asset['kind']) / asset_id, owner=configuration.public_owner, headers=headers), doc_db.delete_document(doc=asset, owner=configuration.public_owner, headers=headers)) return asset