cornflow 1.1.5__py3-none-any.whl → 1.2.0__py3-none-any.whl

airflow_config/airflow_local_settings.py

@@ -19,5 +19,5 @@ STATE_COLORS = {
 from airflow.www.utils import UIAlert
 
 DASHBOARD_UIALERTS = [
-    UIAlert("Welcome! This is the backend of your Cornflow environment. Airflow™ is a platform created by the community to programmatically author, schedule and monitor workflows."),
+    UIAlert("Welcome! This is the backend of your cornflow environment. Airflow™ is a platform created by the community to programmatically author, schedule and monitor workflows."),
 ]

cornflow/app.py

@@ -37,7 +37,7 @@ from cornflow.endpoints.signup import SignUpEndpoint
 from cornflow.shared import db, bcrypt
 from cornflow.shared.compress import init_compress
 from cornflow.shared.const import AUTH_DB, AUTH_LDAP, AUTH_OID
-from cornflow.shared.exceptions import initialize_errorhandlers
+from cornflow.shared.exceptions import initialize_errorhandlers, ConfigurationError
 from cornflow.shared.log_config import log_config
 
 
@@ -62,11 +62,11 @@ def create_app(env_name="development", dataconn=None):
     CORS(app)
     bcrypt.init_app(app)
     db.init_app(app)
-    migrate = Migrate(app=app, db=db)
+    Migrate(app=app, db=db)
 
     if "sqlite" in app.config["SQLALCHEMY_DATABASE_URI"]:
 
-        def _fk_pragma_on_connect(dbapi_con, con_record):
+        def _fk_pragma_on_connect(dbapi_con, _con_record):
             dbapi_con.execute("pragma foreign_keys=ON")
 
         with app.app_context():
@@ -100,6 +100,11 @@ def create_app(env_name="development", dataconn=None):
         api.add_resource(LoginEndpoint, "/login/", endpoint="login")
     elif auth_type == AUTH_OID:
         api.add_resource(LoginOpenAuthEndpoint, "/login/", endpoint="login")
+    else:
+        raise ConfigurationError(
+            error="Invalid authentication type",
+            log_txt="Error while configuring authentication. The authentication type is not valid."
+        )
 
     initialize_errorhandlers(app)
     init_compress(app)

cornflow/cli/migrations.py

@@ -3,7 +3,7 @@ import os.path
 
 import click
 from cornflow.shared import db
-from flask_migrate import Migrate, migrate, upgrade, init
+from flask_migrate import Migrate, migrate, upgrade, downgrade, init
 
 from .utils import get_app
 
@@ -28,7 +28,27 @@ def migrate_migrations():
 
 
 @migrations.command(name="upgrade", help="Apply migrations")
-def upgrade_migrations():
+@click.option(
+    "-r", "--revision", type=str, help="The revision to upgrade to", default="head"
+)
+def upgrade_migrations(revision="head"):
+    app = get_app()
+    external = int(os.getenv("EXTERNAL_APP", 0))
+    if external == 0:
+        path = "./cornflow/migrations"
+    else:
+        path = f"./{os.getenv('EXTERNAL_APP_MODULE', 'external_app')}/migrations"
+
+    with app.app_context():
+        migration_client = Migrate(app=app, db=db, directory=path)
+        upgrade(revision=revision)
+
+
+@migrations.command(name="downgrade", help="Downgrade migrations")
+@click.option(
+    "-r", "--revision", type=str, help="The revision to downgrade to", default="-1"
+)
+def downgrade_migrations(revision="-1"):
     app = get_app()
     external = int(os.getenv("EXTERNAL_APP", 0))
     if external == 0:
@@ -38,7 +58,7 @@ def upgrade_migrations():
 
     with app.app_context():
         migration_client = Migrate(app=app, db=db, directory=path)
-        upgrade()
+        downgrade(revision=revision)
 
 
 @migrations.command(

cornflow/cli/service.py

@@ -6,6 +6,7 @@ from logging import error
 
 
 import click
+from .utils import get_db_conn
 import cornflow
 from cornflow.app import create_app
 from cornflow.commands import (
@@ -16,7 +17,14 @@ from cornflow.commands import (
     update_schemas_command,
     update_dag_registry_command,
 )
-from cornflow.shared.const import AUTH_DB, ADMIN_ROLE, SERVICE_ROLE
+from cornflow.shared.const import (
+    AUTH_DB,
+    AUTH_LDAP,
+    AUTH_OID,
+    ADMIN_ROLE,
+    SERVICE_ROLE,
+    PLANNER_ROLE,
+)
 from cornflow.shared import db
 from cryptography.fernet import Fernet
 from flask_migrate import Migrate, upgrade
@@ -49,15 +57,8 @@ def init_cornflow_service():
     os.environ["SECRET_KEY"] = os.getenv("FERNET_KEY", Fernet.generate_key().decode())
 
     # Cornflow db defaults
-    cornflow_db_host = os.getenv("CORNFLOW_DB_HOST", "cornflow_db")
-    cornflow_db_port = os.getenv("CORNFLOW_DB_PORT", "5432")
-    cornflow_db_user = os.getenv("CORNFLOW_DB_USER", "cornflow")
-    cornflow_db_password = os.getenv("CORNFLOW_DB_PASSWORD", "cornflow")
-    cornflow_db = os.getenv("CORNFLOW_DB", "cornflow")
-    cornflow_db_conn = os.getenv(
-        "cornflow_db_conn",
-        f"postgresql://{cornflow_db_user}:{cornflow_db_password}@{cornflow_db_host}:{cornflow_db_port}/{cornflow_db}",
-    )
+    os.environ["DEFAULT_POSTGRES"] = "1"
+    cornflow_db_conn = get_db_conn()
     os.environ["DATABASE_URL"] = cornflow_db_conn
 
     # Platform auth config and service users
@@ -83,11 +84,11 @@ def init_cornflow_service():
     os.environ["SIGNUP_ACTIVATED"] = str(signup_activated)
     user_access_all_objects = os.getenv("USER_ACCESS_ALL_OBJECTS", 0)
     os.environ["USER_ACCESS_ALL_OBJECTS"] = str(user_access_all_objects)
-    default_role = os.getenv("DEFAULT_ROLE", 2)
+    default_role = int(os.getenv("DEFAULT_ROLE", PLANNER_ROLE))
     os.environ["DEFAULT_ROLE"] = str(default_role)
 
     # Check LDAP parameters for active directory and show message
-    if os.getenv("AUTH_TYPE") == 2:
+    if os.getenv("AUTH_TYPE") == AUTH_LDAP:
         print(
             "WARNING: Cornflow will be deployed with LDAP Authorization. Please review your ldap auth configuration."
         )
@@ -129,10 +130,11 @@ def init_cornflow_service():
         app = create_app(environment, cornflow_db_conn)
         with app.app_context():
             path = f"{os.path.dirname(cornflow.__file__)}/migrations"
-            migrate = Migrate(app=app, db=db, directory=path)
+            Migrate(app=app, db=db, directory=path)
             upgrade()
             access_init_command(verbose=False)
-            if auth == 1 or auth == 0:
+            if auth == AUTH_DB or auth == AUTH_OID:
+                # create cornflow admin user
                 create_user_with_role(
                     cornflow_admin_user,
                     cornflow_admin_email,
@@ -188,7 +190,7 @@ def init_cornflow_service():
             migrate = Migrate(app=app, db=db, directory=path)
             upgrade()
             access_init_command(verbose=False)
-            if auth == 1 or auth == 0:
+            if auth == AUTH_DB or auth == AUTH_OID:
                 # create cornflow admin user
                 create_user_with_role(
                     cornflow_admin_user,

cornflow/cli/utils.py

@@ -6,7 +6,7 @@ import warnings
 
 def get_app():
     env = os.getenv("FLASK_ENV", "development")
-    data_conn = os.getenv("DATABASE_URL", "sqlite:///cornflow.db")
+    data_conn = get_db_conn()
     if env == "production":
         warnings.filterwarnings("ignore")
     external = int(os.getenv("EXTERNAL_APP", 0))
@@ -24,3 +24,18 @@ def get_app():
         app = create_app(env, data_conn)
 
     return app
+
+
+def get_db_conn():
+    if int(os.getenv("DEFAULT_POSTGRES", 0)) == 0:
+        return os.getenv("DATABASE_URL", "sqlite:///cornflow.db")
+    else:
+        cornflow_db_host = os.getenv("CORNFLOW_DB_HOST", "cornflow_db")
+        cornflow_db_port = os.getenv("CORNFLOW_DB_PORT", "5432")
+        cornflow_db_user = os.getenv("CORNFLOW_DB_USER", "cornflow")
+        cornflow_db_password = os.getenv("CORNFLOW_DB_PASSWORD", "cornflow")
+        cornflow_db = os.getenv("CORNFLOW_DB", "cornflow")
+        return os.getenv(
+            "cornflow_db_conn",
+            f"postgresql://{cornflow_db_user}:{cornflow_db_password}@{cornflow_db_host}:{cornflow_db_port}/{cornflow_db}",
+        )

cornflow/config.py

@@ -1,5 +1,5 @@
 import os
-from .shared.const import AUTH_DB, PLANNER_ROLE
+from .shared.const import AUTH_DB, PLANNER_ROLE, AUTH_OID
 from apispec import APISpec
 from apispec.ext.marshmallow import MarshmallowPlugin
 
@@ -28,7 +28,7 @@ class DefaultConfig(object):
     SIGNUP_ACTIVATED = int(os.getenv("SIGNUP_ACTIVATED", 1))
     CORNFLOW_SERVICE_USER = os.getenv("CORNFLOW_SERVICE_USER", "service_user")
 
-    # If service user is allow to log with username and password
+    # If service user is allowed to log with username and password
     SERVICE_USER_ALLOW_PASSWORD_LOGIN = int(
         os.getenv("SERVICE_USER_ALLOW_PASSWORD_LOGIN", 1)
     )
@@ -59,15 +59,13 @@ class DefaultConfig(object):
     LDAP_PROTOCOL_VERSION = int(os.getenv("LDAP_PROTOCOL_VERSION", 3))
     LDAP_USE_TLS = os.getenv("LDAP_USE_TLS", "False")
 
-    # OpenID login -> Default Azure
-    OID_PROVIDER = os.getenv("OID_PROVIDER", 0)
-    OID_CLIENT_ID = os.getenv("OID_CLIENT_ID")
-    OID_TENANT_ID = os.getenv("OID_TENANT_ID")
-    OID_ISSUER = os.getenv("OID_ISSUER")
+    # OpenID Connect configuration
+    OID_PROVIDER = os.getenv("OID_PROVIDER")
+    OID_EXPECTED_AUDIENCE = os.getenv("OID_EXPECTED_AUDIENCE")
 
     # APISPEC:
     APISPEC_SPEC = APISpec(
-        title="Cornflow API docs",
+        title="cornflow API docs",
         version="v1",
         plugins=[MarshmallowPlugin()],
         openapi_version="2.0.0",
@@ -127,8 +125,9 @@ class TestingOpenAuth(Testing):
     """
     Configuration class for testing some edge cases with Open Auth login
     """
-
-    AUTH_TYPE = 0
+    AUTH_TYPE = AUTH_OID
+    OID_PROVIDER = "https://test-provider.example.com"
+    OID_EXPECTED_AUDIENCE = "test-audience-id"
 
 
 class TestingApplicationRoot(Testing):
@@ -158,5 +157,5 @@ app_config = {
     "testing": Testing,
     "production": Production,
     "testing-oauth": TestingOpenAuth,
-    "testing-root": TestingApplicationRoot,
+    "testing-root": TestingApplicationRoot
 }

cornflow/endpoints/__init__.py

@@ -3,8 +3,9 @@ Initialization file for the endpoints module
 All references to endpoints should be imported from here
 The login resource gets created on app startup as it depends on configuration
 """
+
 from .action import ActionListEndpoint
-from .alarms import AlarmsEndpoint
+from .alarms import AlarmsEndpoint, AlarmDetailEndpoint
 from .apiview import ApiViewListEndpoint
 from .case import (
     CaseEndpoint,
@@ -225,6 +226,11 @@ alarms_resources = [
         urls="/alarms/",
         endpoint="alarms",
     ),
+    dict(
+        resource=AlarmDetailEndpoint,
+        urls="/alarms/<int:idx>/",
+        endpoint="alarms-detail",
+    ),
     dict(
         resource=MainAlarmsEndpoint,
         urls="/main-alarms/",

cornflow/endpoints/alarms.py

@@ -1,15 +1,19 @@
 # Imports from libraries
+from flask import current_app
 from flask_apispec import doc, marshal_with, use_kwargs
 
 # Import from internal modules
 from cornflow.endpoints.meta_resource import BaseMetaResource
 from cornflow.models import AlarmsModel
 from cornflow.schemas.alarms import (
+    AlarmEditRequest,
     AlarmsResponse,
     AlarmsPostRequest,
-    QueryFiltersAlarms
+    QueryFiltersAlarms,
 )
 from cornflow.shared.authentication import Auth, authenticate
+from cornflow.shared.exceptions import AirflowError, ObjectDoesNotExist, InvalidData
+from cornflow.shared.const import SERVICE_ROLE
 
 
 class AlarmsEndpoint(BaseMetaResource):
@@ -56,4 +60,64 @@ class AlarmsEndpoint(BaseMetaResource):
         and an integer with the HTTP status code.
         :rtype: Tuple(dict, integer)
         """
-        return self.post_list(data=kwargs)
+        return self.post_list(data=kwargs)
+
+
+class AlarmDetailEndpointBase(BaseMetaResource):
+    """
+    Endpoint used to get the information of a certain alarm. But not the data!
+    """
+
+    def __init__(self):
+        super().__init__()
+        self.data_model = AlarmsModel
+        self.unique = ["id"]
+
+
+class AlarmDetailEndpoint(AlarmDetailEndpointBase):
+    @doc(description="Get details of an alarm", tags=["None"], inherit=False)
+    @authenticate(auth_class=Auth())
+    @marshal_with(AlarmsResponse)
+    @BaseMetaResource.get_data_or_404
+    def get(self, idx):
+        """
+        API method to get an execution created by the user and its related info.
+        It requires authentication to be passed in the form of a token that has to be linked to
+        an existing session (login) made by a user.
+
+        :param str idx: ID of the execution.
+        :return: A dictionary with a message (error if authentication failed, or the execution does not exist or
+          the data of the execution) and an integer with the HTTP status code.
+        :rtype: Tuple(dict, integer)
+        """
+        current_app.logger.info(
+            f"User {self.get_user()} gets details of execution {idx}"
+        )
+        return self.get_detail(idx=idx)
+
+    @doc(description="Edit an execution", tags=["Executions"], inherit=False)
+    @authenticate(auth_class=Auth())
+    @use_kwargs(AlarmEditRequest, location="json")
+    def put(self, idx, **data):
+        """
+        Edit an existing alarm
+
+        :param string idx: ID of the alarm.
+        :return: A dictionary with a message (error if authentication failed, or the alarm does not exist or
+          a message) and an integer with the HTTP status code.
+        :rtype: Tuple(dict, integer)
+        """
+        current_app.logger.info(f"User {self.get_user()} edits alarm {idx}")
+        return self.put_detail(data, track_user=False, idx=idx)
+
+    @doc(description="Disable an alarm", tags=["None"])
+    @authenticate(auth_class=Auth())
+    def delete(self, idx):
+        """
+        :param int alarm_id: Alarm id.
+        :return:
+        :rtype: Tuple(dict, integer)
+        """
+
+        current_app.logger.info(f"Alarm {idx} was disabled by user {self.get_user()}")
+        return self.disable_detail(idx=idx)

cornflow/endpoints/login.py

@@ -1,16 +1,17 @@
 """
-External endpoint for the user to login to the cornflow webserver
+External endpoint for the user to log in to the cornflow webserver
 """
 
+from datetime import datetime, timezone, timedelta
+
 # Partial imports
-from flask import current_app
+from flask import current_app, request
 from flask_apispec import use_kwargs, doc
 from sqlalchemy.exc import IntegrityError, DBAPIError
-from datetime import datetime, timedelta
 
 # Import from internal modules
 from cornflow.endpoints.meta_resource import BaseMetaResource
-from cornflow.models import UserModel, UserRoleModel
+from cornflow.models import UserModel, UserRoleModel, PermissionsDAG
 from cornflow.schemas.user import LoginEndpointRequest, LoginOpenAuthRequest
 from cornflow.shared import db
 from cornflow.shared.authentication import Auth, LDAPBase
@@ -18,15 +19,11 @@ from cornflow.shared.const import (
     AUTH_DB,
     AUTH_LDAP,
     AUTH_OID,
-    OID_AZURE,
-    OID_GOOGLE,
-    OID_NONE,
 )
 from cornflow.shared.exceptions import (
     ConfigurationError,
     InvalidCredentials,
     InvalidUsage,
-    EndpointNotImplemented,
 )
 
 
@@ -45,7 +42,7 @@ class LoginBaseEndpoint(BaseMetaResource):
         This method is in charge of performing the log in of the user
 
         :param kwargs: keyword arguments passed for the login, these can be username, password or a token
-        :return: the response of the login or it raises an error. The correct response is a dict
+        :return: the response of the login, or it raises an error. The correct response is a dict
         with the newly issued token and the user id, and a status code of 200
         :rtype: dict
         """
@@ -55,10 +52,37 @@ class LoginBaseEndpoint(BaseMetaResource):
         if auth_type == AUTH_DB:
             user = self.auth_db_authenticate(**kwargs)
             response.update({"change_password": check_last_password_change(user)})
+            current_app.logger.info(
+                f"User {user.id} logged in successfully using database authentication"
+            )
         elif auth_type == AUTH_LDAP:
             user = self.auth_ldap_authenticate(**kwargs)
+            current_app.logger.info(
+                f"User {user.id} logged in successfully using LDAP authentication"
+            )
         elif auth_type == AUTH_OID:
-            user = self.auth_oid_authenticate(**kwargs)
+            if kwargs.get("username") and kwargs.get("password"):
+                if not current_app.config.get("SERVICE_USER_ALLOW_PASSWORD_LOGIN", 0):
+                    raise InvalidUsage(
+                        "Must provide a token in Authorization header. Cannot log in with username and password",
+                        400,
+                    )
+                user = self.auth_oid_authenticate(
+                    username=kwargs["username"], password=kwargs["password"]
+                )
+                current_app.logger.info(
+                    f"Service user {user.id} logged in successfully using password"
+                )
+                token = self.auth_class.generate_token(user.id)
+            else:
+                token = self.auth_class().get_token_from_header(request.headers)
+                user = self.auth_oid_authenticate(token=token)
+                current_app.logger.info(
+                    f"User {user.id} logged in successfully using OpenID authentication"
+                )
+
+            response.update({"token": token, "id": user.id})
+            return response, 200
         else:
             raise ConfigurationError()
 
@@ -77,7 +101,7 @@ class LoginBaseEndpoint(BaseMetaResource):
 
         :param str username: the username of the user to log in
         :param str password:  the password of the user to log in
-        :return: the user object or it raises an error if it has not been possible to log in
+        :return: the user object, or it raises an error if it has not been possible to log in
         :rtype: :class:`UserModel`
         """
         user = self.data_model.get_one_object(username=username)
@@ -96,7 +120,7 @@ class LoginBaseEndpoint(BaseMetaResource):
 
         :param str username: the username of the user to log in
         :param str password:  the password of the user to log in
-        :return: the user object or it raises an error if it has not been possible to log in
+        :return: the user object, or it raises an error if it has not been possible to log in
         :rtype: :class:`UserModel`
         """
         ldap_obj = self.ldap_class(current_app.config)
@@ -141,49 +165,20 @@ class LoginBaseEndpoint(BaseMetaResource):
         self, token: str = None, username: str = None, password: str = None
     ):
         """
-        Method  in charge of performing the log in with the token issued by an Open ID provider.
-        It has an exception and thus accepts username and password for service users if needed.
+        Method in charge of performing the authentication using OpenID Connect tokens.
+        Supports any OIDC provider configured via provider_url.
 
-        :param str token: the token that the user has obtained from the Open ID provider
-        :param str username: the username of the user to log in
-        :param str password: the password of the user to log in
-        :return: the user object or it raises an error if it has not been possible to log in
+        :param str token: the JWT token from the OIDC provider
+        :param str username: username for service users
+        :param str password: password for service users
+        :return: the user object, or it raises an error if it has not been possible to log in
         :rtype: :class:`UserModel`
         """
-
         if token:
 
-            oid_provider = int(current_app.config["OID_PROVIDER"])
-
-            client_id = current_app.config["OID_CLIENT_ID"]
-            tenant_id = current_app.config["OID_TENANT_ID"]
-            issuer = current_app.config["OID_ISSUER"]
-
-            if client_id is None or tenant_id is None or issuer is None:
-                raise ConfigurationError("The OID provider configuration is not valid")
-
-            if oid_provider == OID_AZURE:
-                decoded_token = self.auth_class().validate_oid_token(
-                    token, client_id, tenant_id, issuer, oid_provider
-                )
-
-            elif oid_provider == OID_GOOGLE:
-                raise EndpointNotImplemented(
-                    "The selected OID provider is not implemented"
-                )
-            elif oid_provider == OID_NONE:
-                raise EndpointNotImplemented(
-                    "The OID provider configuration is not valid"
-                )
-            else:
-                raise EndpointNotImplemented(
-                    "The OID provider configuration is not valid"
-                )
+            decoded_token = self.auth_class().decode_token(token)
 
-            username = decoded_token["preferred_username"]
-            email = decoded_token.get("email", f"{username}@test.org")
-            first_name = decoded_token.get("given_name", "")
-            last_name = decoded_token.get("family_name", "")
+            username = decoded_token.get("sub")
 
             user = self.data_model.get_one_object(username=username)
 
@@ -192,6 +187,10 @@ class LoginBaseEndpoint(BaseMetaResource):
                     f"OpenID user {username} does not exist and is created"
                 )
 
+                email = decoded_token.get("email", f"{username}@cornflow.org")
+                first_name = decoded_token.get("given_name", "")
+                last_name = decoded_token.get("family_name", "")
+
                 data = {
                     "username": username,
                     "email": email,
@@ -208,33 +207,52 @@ class LoginBaseEndpoint(BaseMetaResource):
                         "role_id": int(current_app.config["DEFAULT_ROLE"]),
                     }
                 )
-
                 user_role.save()
+                if int(current_app.config["OPEN_DEPLOYMENT"]) == 1:
+                    PermissionsDAG.add_all_permissions_to_user(user.id)
 
             return user
-        elif (
-            username
-            and password
-            and current_app.config["SERVICE_USER_ALLOW_PASSWORD_LOGIN"] == 1
-        ):
 
+        elif username and password:
             user = self.auth_db_authenticate(username, password)
-
             if user.is_service_user():
                 return user
-            else:
-                raise InvalidUsage("Invalid request")
+            raise InvalidUsage("Invalid request")
         else:
             raise InvalidUsage("Invalid request")
 
 
 def check_last_password_change(user):
+    """
+    Check if the user needs to change their password based on the password rotation time.
+
+    :param user: The user object to check
+    :return: True if password needs to be changed, False otherwise
+    :rtype: bool
+    """
     if user.pwd_last_change:
-        if (
-            user.pwd_last_change
-            + timedelta(days=int(current_app.config["PWD_ROTATION_TIME"]))
-            < datetime.utcnow()
-        ):
+        # Handle the case where pwd_last_change is already a datetime object
+        if isinstance(user.pwd_last_change, datetime):
+            # If it's a naive datetime (no timezone info), make it timezone-aware
+            if user.pwd_last_change.tzinfo is None:
+                last_change = user.pwd_last_change.replace(tzinfo=timezone.utc)
+            else:
+                # Already timezone-aware
+                last_change = user.pwd_last_change
+        else:
+            # It's a timestamp (integer), convert to datetime
+            last_change = datetime.fromtimestamp(user.pwd_last_change, timezone.utc)
+
+        # Get current time with UTC timezone for proper comparison
+        current_time = datetime.now(timezone.utc)
+
+        # Calculate the expiration time based on the password rotation setting
+        expiration_time = last_change + timedelta(
+            days=int(current_app.config["PWD_ROTATION_TIME"])
+        )
+
+        # Compare the timezone-aware datetimes
+        if expiration_time < current_time:
             return True
     return False
 

cornflow/endpoints/meta_resource.py

@@ -13,6 +13,7 @@ from cornflow.shared.const import ALL_DEFAULT_ROLES
 from cornflow.shared.exceptions import InvalidUsage, ObjectDoesNotExist, NoPermission
 
 
+
 class BaseMetaResource(Resource, MethodResource):
     """
     The base resource from all methods inherit from.
@@ -175,11 +176,18 @@ class BaseMetaResource(Resource, MethodResource):
     METHODS USED FOR ACTIVATING / DISABLING RECORDS IN CASE WE DO NOT WANT TO DELETE THEM STRAIGHT AWAY
     """
 
-    def disable_detail(self):
+    def disable_detail(self, idx):
         """
-        Method not implemented yet
+        Method to DISABLE an object from the database
+
+        :param idx: the idx which identifies the object
+        :return: the object and a status code.
         """
-        raise NotImplemented
+        row = self.data_model.query.get(idx)
+        if row is None:
+            raise ObjectDoesNotExist(f"Object with id {idx} not found.")
+        row.disable()
+        return {"message": "Object marked as disabled"}, 200
 
     def activate_detail(self, **kwargs):
         """