goosebit 0.2.4__py3-none-any.whl → 0.2.6__py3-none-any.whl

goosebit/ui/bff/settings/routes.py

@@ -0,0 +1,20 @@
+from fastapi import APIRouter, Security
+
+from goosebit.api.v1.settings import routes
+from goosebit.auth import validate_user_permissions
+from goosebit.auth.permissions import GOOSEBIT_PERMISSIONS
+
+from . import users
+
+router = APIRouter(prefix="/settings")
+
+router.include_router(users.router)
+
+router.add_api_route(
+    "/permissions",
+    routes.settings_permissions_get,
+    methods=["GET"],
+    dependencies=[Security(validate_user_permissions, scopes=[GOOSEBIT_PERMISSIONS["settings"]["users"]["read"]()])],
+    name="bff_settings_permissions_get",
+    response_model_exclude_none=True,
+)

goosebit/ui/bff/settings/users/__init__.py

@@ -0,0 +1 @@
+from .routes import router  # noqa: F401

goosebit/ui/bff/settings/users/responses.py

@@ -0,0 +1,33 @@
+from typing import Callable
+
+from pydantic import BaseModel, Field
+from tortoise.queryset import QuerySet
+
+from goosebit.schema.users import UserSchema
+from goosebit.ui.bff.common.requests import DataTableRequest
+
+
+class BFFSettingsUsersResponse(BaseModel):
+    data: list[UserSchema]
+    draw: int
+    records_total: int = Field(serialization_alias="recordsTotal")
+    records_filtered: int = Field(serialization_alias="recordsFiltered")
+
+    @classmethod
+    async def convert(cls, dt_query: DataTableRequest, query: QuerySet, search_filter: Callable):
+        total_records = await query.count()
+        if dt_query.search.value:
+            query = query.filter(search_filter(dt_query.search.value))
+
+        filtered_records = await query.count()
+
+        if dt_query.order_query:
+            query = query.order_by(dt_query.order_query)
+
+        if dt_query.length is not None:
+            query = query.limit(dt_query.length)
+
+        rollouts = await query.offset(dt_query.start).all()
+        data = [UserSchema.model_validate(r) for r in rollouts]
+
+        return cls(data=data, draw=dt_query.draw, records_total=total_records, records_filtered=filtered_records)

goosebit/ui/bff/settings/users/routes.py

@@ -0,0 +1,80 @@
+from __future__ import annotations
+
+from typing import Annotated
+
+from fastapi import APIRouter, Depends, Security
+from tortoise.expressions import Q
+
+from goosebit.api.v1.settings.users import routes
+from goosebit.auth import validate_user_permissions
+from goosebit.auth.permissions import GOOSEBIT_PERMISSIONS
+from goosebit.db.models import User
+from goosebit.ui.bff.common.columns import SettingsUsersColumns
+from goosebit.ui.bff.common.requests import DataTableRequest
+from goosebit.ui.bff.common.responses import DTColumns
+from goosebit.ui.bff.common.util import parse_datatables_query
+from goosebit.ui.bff.settings.users.responses import BFFSettingsUsersResponse
+
+router = APIRouter(prefix="/users")
+
+
+@router.get(
+    "",
+    dependencies=[Security(validate_user_permissions, scopes=[GOOSEBIT_PERMISSIONS["settings"]["users"]["read"]()])],
+)
+async def settings_users_get(
+    dt_query: Annotated[DataTableRequest, Depends(parse_datatables_query)],
+) -> BFFSettingsUsersResponse:
+    filters: list[Q] = []
+
+    def search_filter(search_value):
+        base_filter = Q(Q(username__icontains=search_value), join_type="OR")
+        return Q(base_filter, *filters, join_type="AND")
+
+    query = User.all()
+
+    return await BFFSettingsUsersResponse.convert(dt_query, query, search_filter)
+
+
+router.add_api_route(
+    "",
+    routes.settings_users_put,
+    methods=["POST"],
+    dependencies=[Security(validate_user_permissions, scopes=[GOOSEBIT_PERMISSIONS["settings"]["users"]["write"]()])],
+    name="bff_settings_users_put",
+)
+
+router.add_api_route(
+    "",
+    routes.settings_users_delete,
+    methods=["DELETE"],
+    dependencies=[Security(validate_user_permissions, scopes=[GOOSEBIT_PERMISSIONS["settings"]["users"]["delete"]()])],
+    name="bff_settings_users_delete",
+)
+
+router.add_api_route(
+    "",
+    routes.settings_users_patch,
+    methods=["PATCH"],
+    dependencies=[Security(validate_user_permissions, scopes=[GOOSEBIT_PERMISSIONS["settings"]["users"]["write"]()])],
+    name="bff_settings_users_patch",
+)
+
+
+@router.get(
+    "/columns",
+    dependencies=[Security(validate_user_permissions, scopes=[GOOSEBIT_PERMISSIONS["settings"]["users"]["read"]()])],
+    response_model_exclude_none=True,
+)
+async def settings_users_get_columns() -> DTColumns:
+    columns = list(
+        filter(
+            None,
+            [
+                SettingsUsersColumns.username,
+                SettingsUsersColumns.enabled,
+                SettingsUsersColumns.permissions,
+            ],
+        )
+    )
+    return DTColumns(columns=columns)

goosebit/ui/bff/software/responses.py

@@ -5,7 +5,7 @@ from tortoise.expressions import Q
 from tortoise.queryset import QuerySet
 
 from goosebit.schema.software import SoftwareSchema
-from goosebit.ui.bff.common.requests import DataTableRequest
+from goosebit.ui.bff.common.requests import DataTableOrderDirection, DataTableRequest
 
 
 class BFFSoftwareResponse(BaseModel):
@@ -21,17 +21,27 @@ class BFFSoftwareResponse(BaseModel):
         if dt_query.search.value:
             query = query.filter(search_filter(dt_query.search.value))
 
-        if dt_query.order_query:
-            query = query.order_by(dt_query.order_query)
-
         filtered_records = await query.count()
 
-        query = query.offset(dt_query.start)
+        if len(dt_query.order) > 0 and dt_query.order[0].name == "version":
+            # ordering cannot be delegated to database as semantic versioning sorting is not supported
+            software = await query.all()
+            reverse = dt_query.order[0].dir == DataTableOrderDirection.DESCENDING
+            software.sort(key=lambda s: s.parsed_version, reverse=reverse)
+
+            # in-memory paging
+            if dt_query.length is None:
+                software = software[dt_query.start :]
+            else:
+                software = software[dt_query.start : dt_query.start + dt_query.length]
+
+        else:
+            # if no ordering is specified, database-side paging can be used
+            if dt_query.length is not None:
+                query = query.limit(dt_query.length)
 
-        if not dt_query.length == 0:
-            query = query.limit(dt_query.length)
+            software = await query.offset(dt_query.start).all()
 
-        devices = await query.all()
-        data = [SoftwareSchema.model_validate(d) for d in devices]
+        data = [SoftwareSchema.model_validate(s) for s in software]
 
         return cls(data=data, draw=dt_query.draw, records_total=total_records, records_filtered=filtered_records)

goosebit/ui/bff/software/routes.py

@@ -9,12 +9,16 @@ from tortoise.expressions import Q
 
 from goosebit.api.v1.software import routes
 from goosebit.auth import validate_user_permissions
+from goosebit.auth.permissions import GOOSEBIT_PERMISSIONS
 from goosebit.db.models import Hardware, Rollout, Software
-from goosebit.settings import config
+from goosebit.storage import storage
 from goosebit.ui.bff.common.requests import DataTableRequest
 from goosebit.ui.bff.common.util import parse_datatables_query
 from goosebit.updates import create_software_update
+from goosebit.util.path import validate_filename
 
+from ..common.columns import SoftwareColumns
+from ..common.responses import DTColumns
 from .responses import BFFSoftwareResponse
 
 router = APIRouter(prefix="/software")
@@ -22,11 +26,11 @@ router = APIRouter(prefix="/software")
 
 @router.get(
     "",
-    dependencies=[Security(validate_user_permissions, scopes=["software.read"])],
+    dependencies=[Security(validate_user_permissions, scopes=[GOOSEBIT_PERMISSIONS["software"]["read"]()])],
 )
 async def software_get(
     dt_query: Annotated[DataTableRequest, Depends(parse_datatables_query)],
-    uuids: list[str] = Query(default=None),
+    ids: list[str] = Query(default=None),
 ) -> BFFSoftwareResponse:
     filters: list[Q] = []
 
@@ -36,8 +40,8 @@ async def software_get(
 
     query = Software.all().prefetch_related("compatibility")
 
-    if uuids:
-        hardware = await Hardware.filter(devices__uuid__in=uuids).distinct()
+    if ids:
+        hardware = await Hardware.filter(devices__id__in=ids).distinct()
         filters.append(Q(*[Q(compatibility__id=c.id) for c in hardware], join_type="AND"))
 
     return await BFFSoftwareResponse.convert(dt_query, query, search_filter, Q(*filters))
@@ -47,14 +51,14 @@ router.add_api_route(
     "",
     routes.software_delete,
     methods=["DELETE"],
-    dependencies=[Security(validate_user_permissions, scopes=["software.delete"])],
+    dependencies=[Security(validate_user_permissions, scopes=[GOOSEBIT_PERMISSIONS["software"]["delete"]()])],
     name="bff_software_delete",
 )
 
 
 @router.post(
     "",
-    dependencies=[Security(validate_user_permissions, scopes=["software.write"])],
+    dependencies=[Security(validate_user_permissions, scopes=[GOOSEBIT_PERMISSIONS["software"]["write"]()])],
 )
 async def post_update(
     request: Request,
@@ -77,11 +81,14 @@ async def post_update(
         await create_software_update(url, None)
     else:
         # local file
-        artifacts_dir = Path(config.artifacts_dir)
-        file = artifacts_dir.joinpath(filename)
-        await artifacts_dir.mkdir(parents=True, exist_ok=True)
+        temp_dir = Path(storage.get_temp_dir())
 
-        temp_file = file.with_suffix(".tmp")
+        try:
+            file_path = await validate_filename(filename, temp_dir)
+        except ValueError as e:
+            raise HTTPException(400, f"Invalid filename: {e}")
+
+        temp_file = file_path.with_suffix(".tmp")
         if init:
             await temp_file.unlink(missing_ok=True)
 
@@ -90,7 +97,28 @@ async def post_update(
 
         if done:
             try:
-                absolute = await file.absolute()
+                absolute = await file_path.absolute()
                 await create_software_update(absolute.as_uri(), temp_file)
             finally:
                 await temp_file.unlink(missing_ok=True)
+
+
+@router.get(
+    "/columns",
+    dependencies=[Security(validate_user_permissions, scopes=[GOOSEBIT_PERMISSIONS["software"]["read"]()])],
+    response_model_exclude_none=True,
+)
+async def devices_get_columns() -> DTColumns:
+    columns = list(
+        filter(
+            None,
+            [
+                SoftwareColumns.id,
+                SoftwareColumns.name,
+                SoftwareColumns.version,
+                SoftwareColumns.compatibility,
+                SoftwareColumns.size,
+            ],
+        )
+    )
+    return DTColumns(columns=columns)

goosebit/ui/nav.py

@@ -1,10 +1,20 @@
+from pydantic import BaseModel
+
+
+class NavigationItem(BaseModel):
+    function: str
+    text: str
+    permissions: list[str]
+    show: bool
+
+
 class Navigation:
     def __init__(self):
         self.items = []
 
-    def route(self, text: str, permissions: str | None = None):
+    def route(self, text: str, permissions: list[str] | None = None, show: bool = True):
         def decorator(func):
-            self.items.append({"function": func.__name__, "text": text, "permissions": permissions})
+            self.items.append(NavigationItem(function=func.__name__, text=text, permissions=permissions, show=show))
             return func
 
         return decorator

goosebit/ui/routes.py

@@ -1,64 +1,108 @@
-from fastapi import APIRouter, Depends, Security
-from fastapi.requests import Request
+import logging
+
+from fastapi import APIRouter, Depends, HTTPException, Security
+from fastapi.requests import HTTPConnection, Request
 from fastapi.responses import RedirectResponse
-from fastapi.security import OAuth2PasswordBearer
+from fastapi.security import SecurityScopes
 
-from goosebit.auth import redirect_if_unauthenticated, validate_user_permissions
+from goosebit.auth import (
+    check_permissions,
+    get_current_user,
+    redirect_if_unauthenticated,
+)
+from goosebit.auth.permissions import GOOSEBIT_PERMISSIONS
 from goosebit.ui.nav import nav
 
+from ..db.models import User
 from . import bff
 from .templates import templates
 
-oauth2_scheme = OAuth2PasswordBearer(tokenUrl="login")
-
-router = APIRouter(prefix="/ui", dependencies=[Depends(redirect_if_unauthenticated)], include_in_schema=False)
+router = APIRouter(prefix="/ui", include_in_schema=False)
 router.include_router(bff.router)
 
-
-@router.get("")
+logger = logging.getLogger(__name__)
+
+
+def validate_user_permissions_with_nav_redirect(
+    connection: HTTPConnection,
+    security: SecurityScopes,
+    user: User = Depends(get_current_user),
+):
+    if not check_permissions(security.scopes, user.permissions):
+        logger.warning(f"{user.username} does not have sufficient permissions")
+        for item in nav.items:
+            if check_permissions(item.permissions, user.permissions):
+                raise HTTPException(
+                    status_code=302,
+                    headers={"location": str(connection.url_for(item.function))},
+                )
+        raise HTTPException(
+            status_code=403,
+            detail="Not enough permissions",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+    return connection
+
+
+@router.get("", dependencies=[Depends(redirect_if_unauthenticated)])
 async def ui_root(request: Request):
-    return RedirectResponse(request.url_for("home_ui"))
-
-
-@router.get(
-    "/home",
-    dependencies=[Security(validate_user_permissions, scopes=["home.read"])],
-)
-@nav.route("Home", permissions="home.read")
-async def home_ui(request: Request):
-    return templates.TemplateResponse(request, "index.html.jinja", context={"title": "Home"})
+    return RedirectResponse(request.url_for("devices_ui"))
 
 
 @router.get(
     "/devices",
-    dependencies=[Security(validate_user_permissions, scopes=["device.read"])],
+    dependencies=[
+        Depends(redirect_if_unauthenticated),
+        Security(validate_user_permissions_with_nav_redirect, scopes=[GOOSEBIT_PERMISSIONS["device"]["read"]()]),
+    ],
 )
-@nav.route("Devices", permissions="device.read")
+@nav.route("Devices", permissions=[GOOSEBIT_PERMISSIONS["device"]["read"]()])
 async def devices_ui(request: Request):
     return templates.TemplateResponse(request, "devices.html.jinja", context={"title": "Devices"})
 
 
 @router.get(
     "/software",
-    dependencies=[Security(validate_user_permissions, scopes=["software.read"])],
+    dependencies=[
+        Depends(redirect_if_unauthenticated),
+        Security(validate_user_permissions_with_nav_redirect, scopes=[GOOSEBIT_PERMISSIONS["software"]["read"]()]),
+    ],
 )
-@nav.route("Software", permissions="software.read")
+@nav.route("Software", permissions=[GOOSEBIT_PERMISSIONS["software"]["read"]()])
 async def software_ui(request: Request):
     return templates.TemplateResponse(request, "software.html.jinja", context={"title": "Software"})
 
 
 @router.get(
     "/rollouts",
-    dependencies=[Security(validate_user_permissions, scopes=["rollout.read"])],
+    dependencies=[
+        Depends(redirect_if_unauthenticated),
+        Security(validate_user_permissions_with_nav_redirect, scopes=[GOOSEBIT_PERMISSIONS["rollout"]["read"]()]),
+    ],
 )
-@nav.route("Rollouts", permissions="rollout.read")
+@nav.route("Rollouts", permissions=[GOOSEBIT_PERMISSIONS["rollout"]["read"]()])
 async def rollouts_ui(request: Request):
     return templates.TemplateResponse(request, "rollouts.html.jinja", context={"title": "Rollouts"})
 
 
 @router.get(
     "/logs/{dev_id}",
-    dependencies=[Security(validate_user_permissions, scopes=["device.read"])],
+    dependencies=[
+        Depends(redirect_if_unauthenticated),
+        Security(validate_user_permissions_with_nav_redirect, scopes=[GOOSEBIT_PERMISSIONS["device"]["read"]()]),
+    ],
 )
 async def logs_ui(request: Request, dev_id: str):
     return templates.TemplateResponse(request, "logs.html.jinja", context={"title": "Log", "device": dev_id})
+
+
+@router.get(
+    "/settings",
+    dependencies=[
+        Depends(redirect_if_unauthenticated),
+        Security(validate_user_permissions_with_nav_redirect, scopes=[GOOSEBIT_PERMISSIONS["settings"]()]),
+    ],
+)
+@nav.route("Settings", permissions=[GOOSEBIT_PERMISSIONS["settings"]()], show=False)
+async def settings_ui(request: Request):
+    return templates.TemplateResponse(request, "settings.html.jinja", context={"title": "Settings"})