Integrate pgroups for shipment data security
Added `pgroups` to secure and associate data with specific permission groups. Updated backend routers, database models, and API endpoints to handle authorization based on `pgroups`. Adjusted frontend components and hooks to support `pgroups` in data fetching and management workflows.
This commit is contained in:
GotthardG
@ -284,6 +284,7 @@ specific_dewars3 = [dewar for dewar in dewars if dewar.id in specific_dewar_ids3
|
||||
shipments = [
|
||||
Shipment(
|
||||
id=1,
|
||||
pgroups="p20001, p20003",
|
||||
shipment_date=datetime.strptime("2024-10-10", "%Y-%m-%d"),
|
||||
shipment_name="Shipment from Mordor",
|
||||
shipment_status="Delivered",
|
||||
@ -295,6 +296,7 @@ shipments = [
|
||||
),
|
||||
Shipment(
|
||||
id=2,
|
||||
pgroups="p20001, p20002",
|
||||
shipment_date=datetime.strptime("2024-10-24", "%Y-%m-%d"),
|
||||
shipment_name="Shipment from Mordor",
|
||||
shipment_status="In Transit",
|
||||
@ -306,6 +308,7 @@ shipments = [
|
||||
),
|
||||
Shipment(
|
||||
id=3,
|
||||
pgroups="p20004",
|
||||
shipment_date=datetime.strptime("2024-10-28", "%Y-%m-%d"),
|
||||
shipment_name="Shipment from Mordor",
|
||||
shipment_status="In Transit",
|
||||
|
||||
@ -17,12 +17,13 @@ class Shipment(Base):
|
||||
__tablename__ = "shipments"
|
||||
|
||||
id = Column(Integer, primary_key=True, index=True, autoincrement=True)
|
||||
pgroups = Column(String(255), nullable=False)
|
||||
shipment_name = Column(String(255), index=True)
|
||||
shipment_date = Column(Date)
|
||||
shipment_status = Column(String(255))
|
||||
shipment_date = Column(Date, nullable=True)
|
||||
shipment_status = Column(String(255), nullable=True)
|
||||
comments = Column(String(200), nullable=True)
|
||||
contact_id = Column(Integer, ForeignKey("contacts.id"))
|
||||
return_address_id = Column(Integer, ForeignKey("addresses.id"))
|
||||
contact_id = Column(Integer, ForeignKey("contacts.id"), nullable=False)
|
||||
return_address_id = Column(Integer, ForeignKey("addresses.id"), nullable=False)
|
||||
proposal_id = Column(Integer, ForeignKey("proposals.id"), nullable=True)
|
||||
|
||||
contact = relationship("Contact", back_populates="shipments")
|
||||
|
||||
@ -2,7 +2,7 @@ from .address import address_router
|
||||
from .contact import contact_router
|
||||
from .proposal import router as proposal_router
|
||||
from .dewar import router as dewar_router
|
||||
from .shipment import router as shipment_router
|
||||
from .shipment import shipment_router
|
||||
from .auth import router as auth_router
|
||||
from .protected_router import protected_router as protected_router
|
||||
|
||||
|
||||
@ -3,6 +3,7 @@ from fastapi import APIRouter, Depends
|
||||
from app.routers.auth import get_current_user
|
||||
from app.routers.address import address_router
|
||||
from app.routers.contact import contact_router
|
||||
from app.routers.shipment import shipment_router
|
||||
|
||||
protected_router = APIRouter(
|
||||
dependencies=[Depends(get_current_user)] # Applies to all routes
|
||||
@ -10,3 +11,6 @@ protected_router = APIRouter(
|
||||
|
||||
protected_router.include_router(address_router, prefix="/addresses", tags=["addresses"])
|
||||
protected_router.include_router(contact_router, prefix="/contacts", tags=["contacts"])
|
||||
protected_router.include_router(
|
||||
shipment_router, prefix="/shipments", tags=["shipments"]
|
||||
)
|
||||
|
||||
@ -1,7 +1,6 @@
|
||||
from fastapi import APIRouter, HTTPException, status, Query, Depends
|
||||
from sqlalchemy.orm import Session
|
||||
from typing import List, Optional
|
||||
import logging
|
||||
from typing import List
|
||||
from datetime import date
|
||||
import json
|
||||
|
||||
@ -22,11 +21,13 @@ from app.schemas import (
|
||||
Contact as ContactSchema,
|
||||
Sample as SampleSchema,
|
||||
DewarSchema,
|
||||
loginData,
|
||||
)
|
||||
from app.database import get_db
|
||||
from app.crud import get_shipments, get_shipment_by_id
|
||||
from app.crud import get_shipment_by_id
|
||||
from app.routers.auth import get_current_user
|
||||
|
||||
router = APIRouter()
|
||||
shipment_router = APIRouter()
|
||||
|
||||
|
||||
def default_serializer(obj):
|
||||
@ -35,28 +36,30 @@ def default_serializer(obj):
|
||||
raise TypeError(f"Type {type(obj)} not serializable")
|
||||
|
||||
|
||||
@router.get("", response_model=List[ShipmentSchema])
|
||||
@shipment_router.get("", response_model=List[ShipmentSchema])
|
||||
async def fetch_shipments(
|
||||
id: Optional[int] = Query(None), db: Session = Depends(get_db)
|
||||
active_pgroup: str = Query(...),
|
||||
db: Session = Depends(get_db),
|
||||
current_user: loginData = Depends(get_current_user),
|
||||
):
|
||||
if id:
|
||||
shipment = get_shipment_by_id(db, id)
|
||||
if not shipment:
|
||||
logging.error(f"Shipment with ID {id} not found")
|
||||
raise HTTPException(status_code=404, detail="Shipment not found")
|
||||
logging.info(f"Shipment found: {shipment}")
|
||||
return [shipment]
|
||||
|
||||
shipments = get_shipments(db)
|
||||
logging.info(f"Total shipments fetched: {len(shipments)}")
|
||||
for shipment in shipments:
|
||||
logging.info(
|
||||
f"Shipment ID: {shipment.id}, Shipment Name: {shipment.shipment_name}"
|
||||
# Validate that the active_pgroup belongs to the user
|
||||
if active_pgroup not in current_user.pgroups:
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_400_BAD_REQUEST,
|
||||
detail="Invalid pgroup provided.",
|
||||
)
|
||||
|
||||
# Query shipments matching the active_pgroup
|
||||
shipments = (
|
||||
db.query(ShipmentModel)
|
||||
.filter(ShipmentModel.pgroups.like(f"%{active_pgroup}%"))
|
||||
.all()
|
||||
)
|
||||
|
||||
return shipments
|
||||
|
||||
|
||||
@router.get("/{shipment_id}/dewars", response_model=List[DewarSchema])
|
||||
@shipment_router.get("/{shipment_id}/dewars", response_model=List[DewarSchema])
|
||||
async def get_dewars_by_shipment_id(shipment_id: int, db: Session = Depends(get_db)):
|
||||
shipment = db.query(ShipmentModel).filter(ShipmentModel.id == shipment_id).first()
|
||||
if not shipment:
|
||||
@ -69,7 +72,9 @@ async def get_dewars_by_shipment_id(shipment_id: int, db: Session = Depends(get_
|
||||
return dewars
|
||||
|
||||
|
||||
@router.post("", response_model=ShipmentSchema, status_code=status.HTTP_201_CREATED)
|
||||
@shipment_router.post(
|
||||
"", response_model=ShipmentSchema, status_code=status.HTTP_201_CREATED
|
||||
)
|
||||
async def create_shipment(shipment: ShipmentCreate, db: Session = Depends(get_db)):
|
||||
contact = (
|
||||
db.query(ContactModel).filter(ContactModel.id == shipment.contact_id).first()
|
||||
@ -94,6 +99,7 @@ async def create_shipment(shipment: ShipmentCreate, db: Session = Depends(get_db
|
||||
contact_id=contact.id,
|
||||
return_address_id=return_address.id,
|
||||
proposal_id=proposal.id,
|
||||
pgroups=shipment.pgroups,
|
||||
)
|
||||
|
||||
# Handling dewars association
|
||||
@ -111,7 +117,7 @@ async def create_shipment(shipment: ShipmentCreate, db: Session = Depends(get_db
|
||||
return db_shipment
|
||||
|
||||
|
||||
@router.delete("/{shipment_id}", status_code=status.HTTP_204_NO_CONTENT)
|
||||
@shipment_router.delete("/{shipment_id}", status_code=status.HTTP_204_NO_CONTENT)
|
||||
async def delete_shipment(shipment_id: int, db: Session = Depends(get_db)):
|
||||
# Fetch the shipment
|
||||
shipment = db.query(ShipmentModel).filter(ShipmentModel.id == shipment_id).first()
|
||||
@ -172,7 +178,7 @@ async def delete_shipment(shipment_id: int, db: Session = Depends(get_db)):
|
||||
return
|
||||
|
||||
|
||||
@router.put("/{shipment_id}", response_model=ShipmentSchema)
|
||||
@shipment_router.put("/{shipment_id}", response_model=ShipmentSchema)
|
||||
async def update_shipment(
|
||||
shipment_id: int, updated_shipment: ShipmentCreate, db: Session = Depends(get_db)
|
||||
):
|
||||
@ -251,7 +257,7 @@ async def update_shipment(
|
||||
return shipment
|
||||
|
||||
|
||||
@router.post("/{shipment_id}/add_dewar", response_model=ShipmentSchema)
|
||||
@shipment_router.post("/{shipment_id}/add_dewar", response_model=ShipmentSchema)
|
||||
async def add_dewar_to_shipment(
|
||||
shipment_id: int, dewar_id: int, db: Session = Depends(get_db)
|
||||
):
|
||||
@ -269,7 +275,9 @@ async def add_dewar_to_shipment(
|
||||
return shipment
|
||||
|
||||
|
||||
@router.delete("/{shipment_id}/remove_dewar/{dewar_id}", response_model=ShipmentSchema)
|
||||
@shipment_router.delete(
|
||||
"/{shipment_id}/remove_dewar/{dewar_id}", response_model=ShipmentSchema
|
||||
)
|
||||
async def remove_dewar_from_shipment(
|
||||
shipment_id: int, dewar_id: int, db: Session = Depends(get_db)
|
||||
):
|
||||
@ -338,13 +346,13 @@ async def remove_dewar_from_shipment(
|
||||
return shipment
|
||||
|
||||
|
||||
@router.get("/contact_persons", response_model=List[ContactSchema])
|
||||
@shipment_router.get("/contact_persons", response_model=List[ContactSchema])
|
||||
async def get_shipment_contact_persons(db: Session = Depends(get_db)):
|
||||
contact_persons = db.query(ContactModel).all()
|
||||
return contact_persons
|
||||
|
||||
|
||||
@router.get("/{shipment_id}/samples", response_model=List[SampleSchema])
|
||||
@shipment_router.get("/{shipment_id}/samples", response_model=List[SampleSchema])
|
||||
async def get_samples_in_shipment(shipment_id: int, db: Session = Depends(get_db)):
|
||||
shipment = db.query(ShipmentModel).filter(ShipmentModel.id == shipment_id).first()
|
||||
if shipment is None:
|
||||
@ -358,7 +366,7 @@ async def get_samples_in_shipment(shipment_id: int, db: Session = Depends(get_db
|
||||
return samples
|
||||
|
||||
|
||||
@router.get(
|
||||
@shipment_router.get(
|
||||
"/shipments/{shipment_id}/dewars/{dewar_id}/samples",
|
||||
response_model=List[SampleSchema],
|
||||
)
|
||||
@ -381,7 +389,7 @@ async def get_samples_in_dewar(
|
||||
return samples
|
||||
|
||||
|
||||
@router.put("/{shipment_id}/comments", response_model=ShipmentSchema)
|
||||
@shipment_router.put("/{shipment_id}/comments", response_model=ShipmentSchema)
|
||||
async def update_shipment_comments(
|
||||
shipment_id: int,
|
||||
comments_data: UpdateShipmentComments,
|
||||
|
||||
@ -569,6 +569,7 @@ class Proposal(BaseModel):
|
||||
|
||||
class Shipment(BaseModel):
|
||||
id: int
|
||||
pgroups: str
|
||||
shipment_name: str
|
||||
shipment_date: date
|
||||
shipment_status: str
|
||||
@ -583,6 +584,7 @@ class Shipment(BaseModel):
|
||||
|
||||
|
||||
class ShipmentCreate(BaseModel):
|
||||
pgroups: str
|
||||
shipment_name: str
|
||||
shipment_date: date
|
||||
shipment_status: str
|
||||
@ -597,6 +599,7 @@ class ShipmentCreate(BaseModel):
|
||||
|
||||
|
||||
class UpdateShipmentComments(BaseModel):
|
||||
pgroups: str
|
||||
comments: str
|
||||
|
||||
|
||||
|
||||
@ -8,7 +8,6 @@ from app import ssl_heidi
|
||||
from app.routers import (
|
||||
proposal,
|
||||
dewar,
|
||||
shipment,
|
||||
puck,
|
||||
spreadsheet,
|
||||
logistics,
|
||||
@ -157,7 +156,6 @@ app.include_router(protected_router, prefix="/protected", tags=["protected"])
|
||||
app.include_router(auth.router, prefix="/auth", tags=["auth"])
|
||||
app.include_router(proposal.router, prefix="/proposals", tags=["proposals"])
|
||||
app.include_router(dewar.router, prefix="/dewars", tags=["dewars"])
|
||||
app.include_router(shipment.router, prefix="/shipments", tags=["shipments"])
|
||||
app.include_router(puck.router, prefix="/pucks", tags=["pucks"])
|
||||
app.include_router(spreadsheet.router, tags=["spreadsheet"])
|
||||
app.include_router(logistics.router, prefix="/logistics", tags=["logistics"])
|
||||
|
||||
Reference in New Issue
Block a user