Integrate pgroups for shipment data security
Added `pgroups` to secure and associate data with specific permission groups. Updated backend routers, database models, and API endpoints to handle authorization based on `pgroups`. Adjusted frontend components and hooks to support `pgroups` in data fetching and management workflows.
This commit is contained in:
GotthardG
@ -1,7 +1,6 @@
|
||||
from fastapi import APIRouter, HTTPException, status, Query, Depends
|
||||
from sqlalchemy.orm import Session
|
||||
from typing import List, Optional
|
||||
import logging
|
||||
from typing import List
|
||||
from datetime import date
|
||||
import json
|
||||
|
||||
@ -22,11 +21,13 @@ from app.schemas import (
|
||||
Contact as ContactSchema,
|
||||
Sample as SampleSchema,
|
||||
DewarSchema,
|
||||
loginData,
|
||||
)
|
||||
from app.database import get_db
|
||||
from app.crud import get_shipments, get_shipment_by_id
|
||||
from app.crud import get_shipment_by_id
|
||||
from app.routers.auth import get_current_user
|
||||
|
||||
router = APIRouter()
|
||||
shipment_router = APIRouter()
|
||||
|
||||
|
||||
def default_serializer(obj):
|
||||
@ -35,28 +36,30 @@ def default_serializer(obj):
|
||||
raise TypeError(f"Type {type(obj)} not serializable")
|
||||
|
||||
|
||||
@router.get("", response_model=List[ShipmentSchema])
|
||||
@shipment_router.get("", response_model=List[ShipmentSchema])
|
||||
async def fetch_shipments(
|
||||
id: Optional[int] = Query(None), db: Session = Depends(get_db)
|
||||
active_pgroup: str = Query(...),
|
||||
db: Session = Depends(get_db),
|
||||
current_user: loginData = Depends(get_current_user),
|
||||
):
|
||||
if id:
|
||||
shipment = get_shipment_by_id(db, id)
|
||||
if not shipment:
|
||||
logging.error(f"Shipment with ID {id} not found")
|
||||
raise HTTPException(status_code=404, detail="Shipment not found")
|
||||
logging.info(f"Shipment found: {shipment}")
|
||||
return [shipment]
|
||||
|
||||
shipments = get_shipments(db)
|
||||
logging.info(f"Total shipments fetched: {len(shipments)}")
|
||||
for shipment in shipments:
|
||||
logging.info(
|
||||
f"Shipment ID: {shipment.id}, Shipment Name: {shipment.shipment_name}"
|
||||
# Validate that the active_pgroup belongs to the user
|
||||
if active_pgroup not in current_user.pgroups:
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_400_BAD_REQUEST,
|
||||
detail="Invalid pgroup provided.",
|
||||
)
|
||||
|
||||
# Query shipments matching the active_pgroup
|
||||
shipments = (
|
||||
db.query(ShipmentModel)
|
||||
.filter(ShipmentModel.pgroups.like(f"%{active_pgroup}%"))
|
||||
.all()
|
||||
)
|
||||
|
||||
return shipments
|
||||
|
||||
|
||||
@router.get("/{shipment_id}/dewars", response_model=List[DewarSchema])
|
||||
@shipment_router.get("/{shipment_id}/dewars", response_model=List[DewarSchema])
|
||||
async def get_dewars_by_shipment_id(shipment_id: int, db: Session = Depends(get_db)):
|
||||
shipment = db.query(ShipmentModel).filter(ShipmentModel.id == shipment_id).first()
|
||||
if not shipment:
|
||||
@ -69,7 +72,9 @@ async def get_dewars_by_shipment_id(shipment_id: int, db: Session = Depends(get_
|
||||
return dewars
|
||||
|
||||
|
||||
@router.post("", response_model=ShipmentSchema, status_code=status.HTTP_201_CREATED)
|
||||
@shipment_router.post(
|
||||
"", response_model=ShipmentSchema, status_code=status.HTTP_201_CREATED
|
||||
)
|
||||
async def create_shipment(shipment: ShipmentCreate, db: Session = Depends(get_db)):
|
||||
contact = (
|
||||
db.query(ContactModel).filter(ContactModel.id == shipment.contact_id).first()
|
||||
@ -94,6 +99,7 @@ async def create_shipment(shipment: ShipmentCreate, db: Session = Depends(get_db
|
||||
contact_id=contact.id,
|
||||
return_address_id=return_address.id,
|
||||
proposal_id=proposal.id,
|
||||
pgroups=shipment.pgroups,
|
||||
)
|
||||
|
||||
# Handling dewars association
|
||||
@ -111,7 +117,7 @@ async def create_shipment(shipment: ShipmentCreate, db: Session = Depends(get_db
|
||||
return db_shipment
|
||||
|
||||
|
||||
@router.delete("/{shipment_id}", status_code=status.HTTP_204_NO_CONTENT)
|
||||
@shipment_router.delete("/{shipment_id}", status_code=status.HTTP_204_NO_CONTENT)
|
||||
async def delete_shipment(shipment_id: int, db: Session = Depends(get_db)):
|
||||
# Fetch the shipment
|
||||
shipment = db.query(ShipmentModel).filter(ShipmentModel.id == shipment_id).first()
|
||||
@ -172,7 +178,7 @@ async def delete_shipment(shipment_id: int, db: Session = Depends(get_db)):
|
||||
return
|
||||
|
||||
|
||||
@router.put("/{shipment_id}", response_model=ShipmentSchema)
|
||||
@shipment_router.put("/{shipment_id}", response_model=ShipmentSchema)
|
||||
async def update_shipment(
|
||||
shipment_id: int, updated_shipment: ShipmentCreate, db: Session = Depends(get_db)
|
||||
):
|
||||
@ -251,7 +257,7 @@ async def update_shipment(
|
||||
return shipment
|
||||
|
||||
|
||||
@router.post("/{shipment_id}/add_dewar", response_model=ShipmentSchema)
|
||||
@shipment_router.post("/{shipment_id}/add_dewar", response_model=ShipmentSchema)
|
||||
async def add_dewar_to_shipment(
|
||||
shipment_id: int, dewar_id: int, db: Session = Depends(get_db)
|
||||
):
|
||||
@ -269,7 +275,9 @@ async def add_dewar_to_shipment(
|
||||
return shipment
|
||||
|
||||
|
||||
@router.delete("/{shipment_id}/remove_dewar/{dewar_id}", response_model=ShipmentSchema)
|
||||
@shipment_router.delete(
|
||||
"/{shipment_id}/remove_dewar/{dewar_id}", response_model=ShipmentSchema
|
||||
)
|
||||
async def remove_dewar_from_shipment(
|
||||
shipment_id: int, dewar_id: int, db: Session = Depends(get_db)
|
||||
):
|
||||
@ -338,13 +346,13 @@ async def remove_dewar_from_shipment(
|
||||
return shipment
|
||||
|
||||
|
||||
@router.get("/contact_persons", response_model=List[ContactSchema])
|
||||
@shipment_router.get("/contact_persons", response_model=List[ContactSchema])
|
||||
async def get_shipment_contact_persons(db: Session = Depends(get_db)):
|
||||
contact_persons = db.query(ContactModel).all()
|
||||
return contact_persons
|
||||
|
||||
|
||||
@router.get("/{shipment_id}/samples", response_model=List[SampleSchema])
|
||||
@shipment_router.get("/{shipment_id}/samples", response_model=List[SampleSchema])
|
||||
async def get_samples_in_shipment(shipment_id: int, db: Session = Depends(get_db)):
|
||||
shipment = db.query(ShipmentModel).filter(ShipmentModel.id == shipment_id).first()
|
||||
if shipment is None:
|
||||
@ -358,7 +366,7 @@ async def get_samples_in_shipment(shipment_id: int, db: Session = Depends(get_db
|
||||
return samples
|
||||
|
||||
|
||||
@router.get(
|
||||
@shipment_router.get(
|
||||
"/shipments/{shipment_id}/dewars/{dewar_id}/samples",
|
||||
response_model=List[SampleSchema],
|
||||
)
|
||||
@ -381,7 +389,7 @@ async def get_samples_in_dewar(
|
||||
return samples
|
||||
|
||||
|
||||
@router.put("/{shipment_id}/comments", response_model=ShipmentSchema)
|
||||
@shipment_router.put("/{shipment_id}/comments", response_model=ShipmentSchema)
|
||||
async def update_shipment_comments(
|
||||
shipment_id: int,
|
||||
comments_data: UpdateShipmentComments,
|
||||
|
||||
Reference in New Issue
Block a user