async def ensure_post_permission(request: Request, doc,
configuration: Configuration):
# only owning group can put/post
ensure_group_permission(request=request, group_id=doc["group_id"])
headers = generate_headers_downstream(request.headers)
doc_db = configuration.doc_db_asset
return await doc_db.update_document(doc,
owner=configuration.public_owner,
headers=headers)
async def ensure_post_permission(
request: Request,
docdb: DocDb,
doc: Any,
configuration: Configuration
):
ensure_group_permission(request=request, group_id=doc["group_id"])
headers = generate_headers_downstream(request.headers)
return await docdb.update_document(doc, owner=configuration.public_owner, headers=headers)
async def ensure_get_permission(
request: Request,
docdb: DocDb,
partition_keys: Dict[str, Any],
configuration: Configuration
):
headers = generate_headers_downstream(request.headers)
asset = await docdb.get_document(partition_keys=partition_keys, clustering_keys={},
owner=configuration.public_owner, headers=headers)
# there is no restriction on access asset 'metadata' for now
ensure_group_permission(request=request, group_id=asset["group_id"])
return asset
async def ensure_get_permission(request: Request, asset_id: str, scope: str,
configuration: Configuration):
docdb = configuration.doc_db_asset
headers = generate_headers_downstream(request.headers)
asset = await docdb.get_document(partition_keys={"asset_id": asset_id},
clustering_keys={},
owner=configuration.public_owner,
headers=headers)
# there is no restriction on access asset 'metadata' for now fo read
if 'w' in scope:
ensure_group_permission(request=request, group_id=asset["group_id"])
return asset
async def ensure_delete_permission(
request: Request,
docdb: DocDb,
doc: Dict[str, Any],
configuration: Configuration
):
# only owning group can delete
# if isinstance(doc, FolderResponse) or isinstance(doc, ItemResponse) or isinstance(doc, DriveResponse):
doc = convert_in(doc)
ensure_group_permission(request=request, group_id=doc["group_id"])
headers = generate_headers_downstream(request.headers)
return await docdb.delete_document(doc=doc, owner=configuration.public_owner, headers=headers)
async def list_drives(
request: Request,
group_id: str,
configuration: Configuration = Depends(get_configuration)):
headers = generate_headers_downstream(request.headers)
ensure_group_permission(request=request, group_id=group_id)
docdb_drive = configuration.doc_dbs.drives_db
drives = await docdb_drive.query(query_body=f"group_id={group_id}#100",
owner=configuration.public_owner,
headers=headers)
drives = [DriveResponse(**convert_out(d)) for d in drives["documents"]]
return DrivesResponse(drives=drives)
async def ensure_delete_permission(request: Request, asset: any,
configuration: Configuration):
# only owning group can delete
ensure_group_permission(request=request, group_id=asset["group_id"])
storage, doc_db = configuration.storage, configuration.doc_db_asset
headers = generate_headers_downstream(request.headers)
asset_id = asset["asset_id"]
await asyncio.gather(
storage.delete_group(prefix=Path(asset['kind']) / asset_id,
owner=configuration.public_owner,
headers=headers),
doc_db.delete_document(doc=asset,
owner=configuration.public_owner,
headers=headers))
return asset