[Feature] Search for Permissions, Prep Compound / Structure to be extended, Prep Template overwrites (#347)

Co-authored-by: Tim Lorsbach <tim@lorsba.ch> Reviewed-on: enviPath/enviPy#347
2026-03-11 11:27:15 +13:00
parent d4295c9349
commit b737fc93eb
12 changed files with 242 additions and 27 deletions
--- a/epapi/tests/v1/test_scenario_creation.py
+++ b/epapi/tests/v1/test_scenario_creation.py
@ -60,7 +60,7 @@ class ScenarioCreationAPITests(TestCase):
        )

        self.assertEqual(response.status_code, 404)
-        self.assertIn("Package not found", response.json()["detail"])
+        self.assertIn(f"Package with UUID {fake_uuid} not found", response.json()["detail"])

    def test_create_scenario_insufficient_permissions(self):
        """Test that unauthorized access returns 403."""
--- a/epapi/v1/dal.py
+++ b/epapi/v1/dal.py
@ -41,6 +41,24 @@ def get_package_for_read(user, package_uuid: UUID):
    return package


+def get_package_for_write(user, package_uuid: UUID):
+    """
+    Get package by UUID with permission check.
+    """
+
+    # FIXME: update package manager with custom exceptions to avoid manual checks here
+    try:
+        package = Package.objects.get(uuid=package_uuid)
+    except Package.DoesNotExist:
+        raise EPAPINotFoundError(f"Package with UUID {package_uuid} not found")
+
+    # FIXME: optimize package manager to exclusively work with UUIDs
+    if not user or user.is_anonymous or not PackageManager.writable(user, package):
+        raise EPAPIPermissionDeniedError("Insufficient permissions to access this package.")
+
+    return package
+
+
 def get_scenario_for_read(user, scenario_uuid: UUID):
    """Get scenario by UUID with read permission check."""
    try:
--- a/epapi/v1/endpoints/scenarios.py
+++ b/epapi/v1/endpoints/scenarios.py
@ -9,7 +9,6 @@ import logging
 import json

 from epdb.models import Scenario
-from epdb.logic import PackageManager
 from epdb.views import _anonymous_or_real
 from ..pagination import EnhancedPageNumberPagination
 from ..schemas import (
@ -17,7 +16,7 @@ from ..schemas import (
    ScenarioOutSchema,
    ScenarioCreateSchema,
 )
-from ..dal import get_user_entities_for_read, get_package_entities_for_read
+from ..dal import get_user_entities_for_read, get_package_entities_for_read, get_package_for_write
 from envipy_additional_information import registry

 logger = logging.getLogger(__name__)
@ -58,7 +57,7 @@ def create_scenario(request, package_uuid: UUID, payload: ScenarioCreateSchema =
    user = _anonymous_or_real(request)

    try:
-        current_package = PackageManager.get_package_by_id(user, package_uuid)
+        current_package = get_package_for_write(user, package_uuid)
    except ValueError as e:
        error_msg = str(e)
        if "does not exist" in error_msg: