rzmk/learnhouse
1
0
Fork 0
mirror of https://github.com/rzmk/learnhouse.git synced 2025-12-19 04:19:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: org scope collections

Browse source
This commit is contained in:
swve 2023-06-19 17:51:21 +02:00
parent 759a144fe9
commit d4497e03fb
6 changed files with 126 additions and 54 deletions
Download patch file Download diff file Expand all files Collapse all files

111
src/services/courses/collections.py
View file

@ -2,7 +2,7 @@ from typing import List
from uuid import uuid4
from pydantic import BaseModel
from src.services.users.users import PublicUser
from src.security.security import *
from src.security.security import verify_user_rights_with_roles
from fastapi import HTTPException, status, Request
#### Classes ####################################################
@ -25,7 +25,10 @@ class CollectionInDB(Collection):
# CRUD
####################################################
async def get_collection(request: Request,collection_id: str, current_user: PublicUser):
async def get_collection(
request: Request, collection_id: str, current_user: PublicUser
):
collections = request.app.db["collections"]
collection = await collections.find_one({"collection_id": collection_id})
@ -35,7 +38,8 @@ async def get_collection(request: Request,collection_id: str, current_user: Publ
if not collection:
raise HTTPException(
status_code=status.HTTP_409_CONFLICT, detail="Collection does not exist")
status_code=status.HTTP_409_CONFLICT, detail="Collection does not exist"
)
collection = Collection(**collection)
@ -44,46 +48,56 @@ async def get_collection(request: Request,collection_id: str, current_user: Publ
courseids = [course for course in collection.courses]
collection.courses = []
collection.courses = courses.find(
{"course_id": {"$in": courseids}}, {'_id': 0})
collection.courses = [course for course in await collection.courses.to_list(length=100)]
collection.courses = courses.find({"course_id": {"$in": courseids}}, {"_id": 0})
collection.courses = [
course for course in await collection.courses.to_list(length=100)
]
return collection
async def create_collection(request: Request,collection_object: Collection, current_user: PublicUser):
async def create_collection(
request: Request, collection_object: Collection, current_user: PublicUser
):
collections = request.app.db["collections"]
# find if collection already exists using name
isCollectionNameAvailable = await collections.find_one(
{"name": collection_object.name})
{"name": collection_object.name}
)
# TODO
# await verify_collection_rights("*", current_user, "create")
if isCollectionNameAvailable:
raise HTTPException(
status_code=status.HTTP_409_CONFLICT, detail="Collection name already exists")
status_code=status.HTTP_409_CONFLICT,
detail="Collection name already exists",
)
# generate collection_id with uuid4
collection_id = str(f"collection_{uuid4()}")
collection = CollectionInDB(
collection_id=collection_id, **collection_object.dict())
collection = CollectionInDB(collection_id=collection_id, **collection_object.dict())
collection_in_db = await collections.insert_one(collection.dict())
if not collection_in_db:
raise HTTPException(
status_code=status.HTTP_503_SERVICE_UNAVAILABLE, detail="Unavailable database")
status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
detail="Unavailable database",
)
return collection.dict()
async def update_collection(request: Request,collection_object: Collection, collection_id: str, current_user: PublicUser):
async def update_collection(
request: Request,
collection_object: Collection,
collection_id: str,
current_user: PublicUser,
):
# verify collection rights
await verify_collection_rights(request, collection_id, current_user, "update")
@ -93,19 +107,23 @@ async def update_collection(request: Request,collection_object: Collection, coll
if not collection:
raise HTTPException(
status_code=status.HTTP_409_CONFLICT, detail="Collection does not exist")
status_code=status.HTTP_409_CONFLICT, detail="Collection does not exist"
)
updated_collection = CollectionInDB(
collection_id=collection_id, **collection_object.dict())
collection_id=collection_id, **collection_object.dict()
)
await collections.update_one({"collection_id": collection_id}, {
"$set": updated_collection.dict()})
await collections.update_one(
{"collection_id": collection_id}, {"$set": updated_collection.dict()}
)
return Collection(**updated_collection.dict())
async def delete_collection(request: Request,collection_id: str, current_user: PublicUser):
async def delete_collection(
request: Request, collection_id: str, current_user: PublicUser
):
await verify_collection_rights(request, collection_id, current_user, "delete")
collections = request.app.db["collections"]
@ -114,7 +132,8 @@ async def delete_collection(request: Request,collection_id: str, current_user: P
if not collection:
raise HTTPException(
status_code=status.HTTP_409_CONFLICT, detail="Collection does not exist")
status_code=status.HTTP_409_CONFLICT, detail="Collection does not exist"
)
isDeleted = await collections.delete_one({"collection_id": collection_id})
@ -122,20 +141,34 @@ async def delete_collection(request: Request,collection_id: str, current_user: P
return {"detail": "collection deleted"}
else:
raise HTTPException(
status_code=status.HTTP_503_SERVICE_UNAVAILABLE, detail="Unavailable database")
status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
detail="Unavailable database",
)
####################################################
# Misc
####################################################
async def get_collections(request: Request,page: int = 1, limit: int = 10):
## TODO : auth
async def get_collections(
request: Request,
org_id: str,
current_user: PublicUser,
page: int = 1,
limit: int = 10,
):
collections = request.app.db["collections"]
# get all collections from database without ObjectId
all_collections = collections.find({}).sort(
"name", 1).skip(10 * (page - 1)).limit(limit)
all_collections = (
collections.find({"org_id": org_id})
.sort("name", 1)
.skip(10 * (page - 1))
.limit(limit)
)
await verify_collection_rights(request, "*", current_user, "read")
# create list of collections and include courses in each collection
collections_list = []
@ -148,30 +181,42 @@ async def get_collections(request: Request,page: int = 1, limit: int = 10):
courses = request.app.db["courses"]
collection.courses = []
collection.courses = courses.find(
{"course_id": {"$in": collection_courses}}, {'_id': 0})
{"course_id": {"$in": collection_courses}}, {"_id": 0}
)
collection.courses = [course for course in await collection.courses.to_list(length=100)]
collection.courses = [
course for course in await collection.courses.to_list(length=100)
]
return collections_list
#### Security ####################################################
async def verify_collection_rights(request: Request,collection_id: str, current_user: PublicUser, action: str):
async def verify_collection_rights(
request: Request, collection_id: str, current_user: PublicUser, action: str
):
collections = request.app.db["collections"]
collection = await collections.find_one({"collection_id": collection_id})
if not collection and action != "create":
raise HTTPException(
status_code=status.HTTP_409_CONFLICT, detail="Collection does not exist")
status_code=status.HTTP_409_CONFLICT, detail="Collection does not exist"
)
hasRoleRights = await verify_user_rights_with_roles(request, action, current_user.user_id, collection_id, collection["org_id"])
hasRoleRights = await verify_user_rights_with_roles(
request, action, current_user.user_id, collection_id, collection["org_id"]
)
if not hasRoleRights:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN, detail="You do not have rights to this Collection")
status_code=status.HTTP_403_FORBIDDEN,
detail="You do not have rights to this Collection",
)
return True
#### Security ####################################################