jebus/enviPy-bayer
1
0
Fork 0
forked from enviPath/enviPy
Code Issues Pull Requests Actions Releases Activity

[Feature] Search for Permissions, Prep Compound / Structure to be extended, Prep Template overwrites (#347)

Browse Source 
Co-authored-by: Tim Lorsbach <tim@lorsba.ch>
Reviewed-on: enviPath/enviPy#347
This commit is contained in:
jebus
2026-03-11 11:27:15 +13:00
parent d4295c9349
commit b737fc93eb
12 changed files with 242 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
envipath/settings.py
View File

@ -92,10 +92,19 @@ if os.environ.get("REGISTRATION_MANDATORY", False) == "True":
ROOT_URLCONF = "envipath.urls"
TEMPLATE_DIRS = [
os.path.join(BASE_DIR, "templates"),
]
# If we have a non-public tenant, we might need to overwrite some templates
# search TENANT folder first...
if TENANT != "public":
TEMPLATE_DIRS.insert(0, os.path.join(BASE_DIR, TENANT, "templates"))
TEMPLATES = [
{
"BACKEND": "django.template.backends.django.DjangoTemplates",
"DIRS": (os.path.join(BASE_DIR, "templates"),),
"DIRS": TEMPLATE_DIRS,
"APP_DIRS": True,
"OPTIONS": {
"context_processors": [

2
epapi/tests/v1/test_scenario_creation.py
View File

@ -60,7 +60,7 @@ class ScenarioCreationAPITests(TestCase):
)
self.assertEqual(response.status_code, 404)
self.assertIn("Package not found", response.json()["detail"])
self.assertIn(f"Package with UUID {fake_uuid} not found", response.json()["detail"])
def test_create_scenario_insufficient_permissions(self):
"""Test that unauthorized access returns 403."""

18
epapi/v1/dal.py
View File

@ -41,6 +41,24 @@ def get_package_for_read(user, package_uuid: UUID):
return package
def get_package_for_write(user, package_uuid: UUID):
"""
Get package by UUID with permission check.
"""
# FIXME: update package manager with custom exceptions to avoid manual checks here
try:
package = Package.objects.get(uuid=package_uuid)
except Package.DoesNotExist:
raise EPAPINotFoundError(f"Package with UUID {package_uuid} not found")
# FIXME: optimize package manager to exclusively work with UUIDs
if not user or user.is_anonymous or not PackageManager.writable(user, package):
raise EPAPIPermissionDeniedError("Insufficient permissions to access this package.")
return package
def get_scenario_for_read(user, scenario_uuid: UUID):
"""Get scenario by UUID with read permission check."""
try:

5
epapi/v1/endpoints/scenarios.py
View File

@ -9,7 +9,6 @@ import logging
import json
from epdb.models import Scenario
from epdb.logic import PackageManager
from epdb.views import _anonymous_or_real
from ..pagination import EnhancedPageNumberPagination
from ..schemas import (
@ -17,7 +16,7 @@ from ..schemas import (
ScenarioOutSchema,
ScenarioCreateSchema,
)
from ..dal import get_user_entities_for_read, get_package_entities_for_read
from ..dal import get_user_entities_for_read, get_package_entities_for_read, get_package_for_write
from envipy_additional_information import registry
logger = logging.getLogger(__name__)
@ -58,7 +57,7 @@ def create_scenario(request, package_uuid: UUID, payload: ScenarioCreateSchema =
user = _anonymous_or_real(request)
try:
current_package = PackageManager.get_package_by_id(user, package_uuid)
current_package = get_package_for_write(user, package_uuid)
except ValueError as e:
error_msg = str(e)
if "does not exist" in error_msg:

2
epdb/legacy_api.py
View File

@ -1392,7 +1392,7 @@ def create_package_scenario(request, package_uuid):
study_type = request.POST.get("type")
ais = []
types = request.POST.getlist("adInfoTypes[]")
types = request.POST.get("adInfoTypes[]", "").split(",")
for t in types:
ais.append(build_additional_information_from_request(request, t))

65
epdb/migrations/0020_alter_compoundstructure_options_and_more.py Normal file
View File

@ -0,0 +1,65 @@
# Generated by Django 5.2.7 on 2026-03-09 10:41
import django.db.models.deletion
from django.db import migrations, models
def populate_polymorphic_ctype(apps, schema_editor):
ContentType = apps.get_model("contenttypes", "ContentType")
Compound = apps.get_model("epdb", "Compound")
CompoundStructure = apps.get_model("epdb", "CompoundStructure")
# Update Compound records
compound_ct = ContentType.objects.get_for_model(Compound)
Compound.objects.filter(polymorphic_ctype__isnull=True).update(polymorphic_ctype=compound_ct)
# Update CompoundStructure records
compound_structure_ct = ContentType.objects.get_for_model(CompoundStructure)
CompoundStructure.objects.filter(polymorphic_ctype__isnull=True).update(
polymorphic_ctype=compound_structure_ct
)
def reverse_populate_polymorphic_ctype(apps, schema_editor):
Compound = apps.get_model("epdb", "Compound")
CompoundStructure = apps.get_model("epdb", "CompoundStructure")
Compound.objects.all().update(polymorphic_ctype=None)
CompoundStructure.objects.all().update(polymorphic_ctype=None)
class Migration(migrations.Migration):
dependencies = [
("contenttypes", "0002_remove_content_type_name"),
("epdb", "0019_remove_scenario_additional_information_and_more"),
]
operations = [
migrations.AlterModelOptions(
name="compoundstructure",
options={"base_manager_name": "objects"},
),
migrations.AddField(
model_name="compound",
name="polymorphic_ctype",
field=models.ForeignKey(
editable=False,
null=True,
on_delete=django.db.models.deletion.CASCADE,
related_name="polymorphic_%(app_label)s.%(class)s_set+",
to="contenttypes.contenttype",
),
),
migrations.AddField(
model_name="compoundstructure",
name="polymorphic_ctype",
field=models.ForeignKey(
editable=False,
null=True,
on_delete=django.db.models.deletion.CASCADE,
related_name="polymorphic_%(app_label)s.%(class)s_set+",
to="contenttypes.contenttype",
),
),
migrations.RunPython(populate_polymorphic_ctype, reverse_populate_polymorphic_ctype),
]

16
epdb/models.py
View File

@ -765,7 +765,12 @@ class Package(EnviPathModel):
class Compound(
EnviPathModel, AliasMixin, ScenarioMixin, ChemicalIdentifierMixin, AdditionalInformationMixin
PolymorphicModel,
EnviPathModel,
AliasMixin,
ScenarioMixin,
ChemicalIdentifierMixin,
AdditionalInformationMixin,
):
package = models.ForeignKey(
s.EPDB_PACKAGE_MODEL, verbose_name="Package", on_delete=models.CASCADE, db_index=True
@ -1095,7 +1100,12 @@ class Compound(
class CompoundStructure(
EnviPathModel, AliasMixin, ScenarioMixin, ChemicalIdentifierMixin, AdditionalInformationMixin
PolymorphicModel,
EnviPathModel,
AliasMixin,
ScenarioMixin,
ChemicalIdentifierMixin,
AdditionalInformationMixin,
):
compound = models.ForeignKey("epdb.Compound", on_delete=models.CASCADE, db_index=True)
smiles = models.TextField(blank=False, null=False, verbose_name="SMILES")
@ -4138,7 +4148,7 @@ class Scenario(EnviPathModel):
ais = AdditionalInformation.objects.filter(scenario=self)
if direct_only:
return ais.filter(content_object__isnull=True)
return ais.filter(object_id__isnull=True)
else:
return ais

BIN
fixtures/test_fixtures.jsonl.gz
View File

Binary file not shown.

BIN
fixtures/test_fixtures_incl_model.jsonl.gz
View File

Binary file not shown.

137
templates/modals/objects/edit_package_permissions_modal.html
View File

@ -71,24 +71,129 @@
<label class="label">
<span class="label-text">User or Group</span>
</label>
<select
id="select_grantee"
name="grantee"
class="select select-bordered w-full select-sm"
required
<div
class="relative"
x-data="{
searchQuery: '',
selectedItem: null,
showResults: false,
filteredResults: [],
allItems: [
{% for u in users %}
{ type: 'user', name: '{{ u.username }}', url: '{{ u.url }}',
display: '{{ u.username }}' },
{% endfor %}
{% for g in groups %}
{ type: 'group', name: '{{ g.name|safe }}', url: '{{ g.url }}',
display: '{{ g.name|safe }}' },
{% endfor %}
],
init() {
this.filteredResults = this.allItems;
},
search() {
if (this.searchQuery.length === 0) {
this.filteredResults = this.allItems;
} else {
this.filteredResults = this.allItems.filter(item =>
item.name.toLowerCase().includes(this.searchQuery.toLowerCase())
);
}
this.showResults = true;
},
selectItem(item) {
this.selectedItem = item;
this.searchQuery = item.display;
this.showResults = false;
},
clearSelection() {
this.selectedItem = null;
this.searchQuery = '';
this.showResults = false;
}
}"
@click.away="showResults = false"
>
<optgroup label="Users">
{% for u in users %}
<option value="{{ u.url }}">{{ u.username }}</option>
{% endfor %}
</optgroup>
<optgroup label="Groups">
{% for g in groups %}
<option value="{{ g.url }}">{{ g.name|safe }}</option>
{% endfor %}
</optgroup>
</select>
<input
type="text"
x-model="searchQuery"
@input="search()"
@focus="showResults = true; search()"
@keydown.escape="showResults = false"
@keydown.arrow-down.prevent="$refs.resultsList?.children[0]?.focus()"
class="input input-bordered w-full input-sm"
placeholder="Search users or groups..."
autocomplete="off"
required
/>
<!-- Clear button -->
<button
type="button"
x-show="searchQuery.length > 0"
@click="clearSelection()"
class="absolute right-2 top-1/2 transform -translate-y-1/2 text-gray-400 hover:text-gray-600"
>
</button>
<!-- Hidden input for form submission -->
<input
type="hidden"
name="grantee"
x-bind:value="selectedItem?.url || ''"
required
/>
<!-- Search results dropdown -->
<div
x-show="showResults && filteredResults.length > 0"
x-transition
class="absolute z-50 w-full mt-1 bg-base-100 border border-base-300 rounded-lg shadow-lg max-h-60 overflow-y-auto"
>
<ul x-ref="resultsList" id="resultsList" class="py-1">
<template
x-for="(item, index) in filteredResults"
:key="item.url"
>
<li>
<button
type="button"
@click="selectItem(item)"
@keydown.enter="selectItem(item)"
@keydown.escape="showResults = false"
@keydown.arrow-up.prevent="index > 0 ? $event.target.parentElement.previousElementSibling?.children[0]?.focus() : null"
@keydown.arrow-down.prevent="index < filteredResults.length - 1 ? $event.target.parentElement.nextElementSibling?.children[0]?.focus() : null"
class="w-full px-4 py-2 text-left hover:bg-base-200 focus:bg-base-200 focus:outline-none flex items-center space-x-2"
>
<span
x-text="item.type === 'user' ? '👤' : '👥'"
class="text-sm opacity-60"
></span>
<span x-text="item.display"></span>
<span
x-text="item.type === 'user' ? '(User)' : '(Group)'"
class="text-xs opacity-50 ml-auto"
></span>
</button>
</li>
</template>
</ul>
</div>
<!-- No results message -->
<div
x-show="showResults && filteredResults.length === 0 && searchQuery.length > 0"
x-transition
class="absolute z-50 w-full mt-1 bg-base-100 border border-base-300 rounded-lg shadow-lg"
>
<div class="px-4 py-2 text-gray-500 text-sm">
No users or groups found
</div>
</div>
</div>
</div>
<div class="col-span-2 text-center">
<label class="label justify-center">
<span class="label-text">Read</span>

11
tests/frontend/test_packagepage.py
View File

@ -20,7 +20,16 @@ class TestPackagePage(EnviPyStaticLiveServerTestCase):
page.get_by_role("button", name="Actions").click()
page.get_by_role("button", name="Edit Permissions").click()
# Add read and write permission to enviPath Users group
page.locator("#select_grantee").select_option(label="enviPath Users")
search_input = page.locator('input[placeholder="Search users or groups..."]')
search_input.fill("enviPath")
# Wait for the results list to appear and be populated
page.wait_for_selector("#resultsList", state="visible")
# Click the first button in the results list
first_button = page.locator("#resultsList button").first
first_button.click()
page.locator("#read_new").check()
page.locator("#write_new").check()
page.get_by_role("button", name="+", exact=True).click()

2
uv.lock generated
View File

@ -841,7 +841,7 @@ provides-extras = ["ms-login", "dev", "pepper-plugin"]
[[package]]
name = "envipy-additional-information"
version = "0.4.2"
source = { git = "ssh://git@git.envipath.com/enviPath/enviPy-additional-information.git?branch=develop#40459366648a03b01432998b32fdabd5556a1bae" }
source = { git = "ssh://git@git.envipath.com/enviPath/enviPy-additional-information.git?branch=develop#04f6a01b8c5cd1342464e004e0cfaec9abc13ac5" }
dependencies = [
{ name = "pydantic" },
]