Task #10148: Implementation of AutorizedAddWithStatus with tests

c894bb56 · Auke Klazema · d36dc1e7 · c894bb56 · c894bb56 · c894bb56
Commit c894bb56 authored 8 years ago by Auke Klazema
--- a/SAS/MoM/MoMQueryService/momqueryrpc.py
+++ b/SAS/MoM/MoMQueryService/momqueryrpc.py
@@ -20,6 +20,23 @@ class MoMQueryRPC(RPCWrapper):
                 timeout=120):
        super(MoMQueryRPC, self).__init__(busname, servicename, broker, timeout=timeout)

+    def authorized_add_with_status(self, user_name, project_name, job_type, status):
+        """returns whether user is allowed in project to move a certain jobtype to a certain state
+        :param user_name:
+        :param project_name:
+        :param job_type:
+        :param status:
+        :return: Boolean
+        """
+        logger.info("Requesting AutorizedAddWithStatus for user_name: %s project_name: %s job_type: %s status: %s",
+                    user_name, project_name, job_type, status)
+        result = self.rpc('AutorizedAddWithStatus', user_name=user_name, project_name=project_name, job_type=job_type,
+                          status=status)
+        logger.info(
+            "Received AutorizedAddWithStatus for user_name: %s project_name: %s job_type: %s status: %s result: %s",
+            user_name, project_name, job_type, status, result)
+        return result
+
    def folderExists(self, folder):
        """returns true if folder exists
        :param folder:

--- a/SAS/MoM/MoMQueryService/momqueryservice.py
+++ b/SAS/MoM/MoMQueryService/momqueryservice.py
@@ -75,6 +75,8 @@ class MoMDatabaseWrapper:
    def __init__(self, dbcreds):
        self.dbcreds = dbcreds
        self.conn = None
+        self.useradministration_db = "useradministration"
+        self.momprivilidge_db = "momprivilege"

    def _connect(self):
        if self.conn:
@@ -104,9 +106,91 @@ class MoMDatabaseWrapper:
            except (OperationalError, AttributeError) as e:
                logger.error(str(e))

+    def authorized_add_with_status(self, user_name, project_name, job_type, status):
+        """returns whether user is allowed in project to move a certain jobtype to a certain state
+        :param user_name:
+        :param project_name:
+        :param job_type: should be either 'observation', 'ingest' or 'pipeline'
+        :param status: status should be either 'opened' or 'approved'
+        :return: Boolean
+        """
+        if status not in ['opened', 'approved']:
+            raise ValueError("status should be either 'opened' or 'approved'")
+
+        if job_type not in ['observation', 'ingest', 'pipeline']:
+            raise ValueError("job_type should be either 'observation', 'ingest' or 'pipeline'")
+
+        logger.info("authorized_add_with_status for user_name: %s project_name: %s job_type: %s status: %s",
+                    user_name, project_name, job_type, status)
+
+        status_type = {
+            'observation': 'OBSERVATION',
+            'ingest': 'EXPORT',
+            'pipeline': 'POSTPROCESS'
+        }
+
+        # query have opened status hardcoded because this is domain knowledge and works for the current requirements.
+        # If more status transitions are needed this query will be more complex
+        # The or on the status will then not be valid anymore.
+        query_system_rights = """SELECT 1 FROM %(useradministration_db)s.useraccount as useraccount
+join %(useradministration_db)s.useraccountsystemrole as system_role on useraccount.userid=system_role.useraccountid
+join %(momprivilege_db)s.statustransitionrole as transition_role on system_role.systemroleid=transition_role.roleid
+join %(momprivilege_db)s.statustransition as transition on transition_role.statustransitionid=transition.id
+join status as open_status on open_status.code='opened'
+join status as status on status.id=transition.newstatusid and (transition.oldstatusid=0 or transition.oldstatusid=open_status.id)
+where status.code="%(status)s" and
+status.type="%(status_type)s" and
+open_status.type="%(status_type)s" and
+transition_role.roletype="nl.astron.useradministration.data.entities.SystemRole" and
+useraccount.username='%(user_name)s'""" % {
+            "user_name": user_name,
+            "useradministration_db": self.useradministration_db,
+            "momprivilege_db": self.momprivilidge_db,
+            "status_type": status_type[job_type],
+            "status": status
+        }
+
+        rows_system_rights = self._executeQuery(query_system_rights)
+
+        # query have opened status hardcoded because this is domain knowledge and works for the current requirements.
+        # If more status transitions are needed this query will be more complex.
+        # The or on the status will then not be valid anymore.
+        query_project_rights = """SELECT 1 FROM mom2object as project
+join member as member on member.projectid=project.id
+join registeredmember as registered_member on registered_member.memberid=member.id
+join %(useradministration_db)s.useraccount as useraccount on registered_member.userid=useraccount.id
+join memberprojectrole as member_project_role on member_project_role.memberid=member.id
+join projectrole as project_role on project_role.id=member_project_role.projectroleid
+join %(momprivilege_db)s.statustransitionrole as transition_role on project_role.id=transition_role.roleid
+join %(momprivilege_db)s.statustransition as transition on transition_role.statustransitionid=transition.id
+join status as open_status on open_status.code='opened'
+join status as status on status.id=transition.newstatusid and (transition.oldstatusid=0 or transition.oldstatusid=open_status.id)
+where status.code="%(status)s" and
+status.type="%(status_type)s" and
+open_status.type="%(status_type)s" and
+transition_role.roletype="nl.astron.mom2.data.entities.ProjectRole" and
+useraccount.username='%(user_name)s' and
+project.name='%(project_name)s'""" % {
+            "user_name": user_name,
+            "useradministration_db": self.useradministration_db,
+            "momprivilege_db": self.momprivilidge_db,
+            "status_type": status_type[job_type],
+            "project_name": project_name,
+            "status": status
+        }
+
+        rows_project_rights = self._executeQuery(query_project_rights)
+
+        authorized = len(rows_system_rights) != 0 or len(rows_project_rights) != 0
+
+        logger.info("authorized_add_with_status for user_name: %s project_name: %s job_type: %s status: %s result: %s",
+                    user_name, project_name, job_type, status, authorized)
+
+        return authorized
+
    def folder_exists(self, folder_path):
        """ returns true if folder exists
-        :param folder:
+        :param folder_path:
        :return: Boolean
        """
        try:
@@ -475,6 +559,7 @@ class ProjectDetailsQueryHandler(MessageHandlerInterface):
        self.dbcreds = kwargs.pop("dbcreds", None)

        self.service2MethodMap = {
+            'AutorizedAddWithStatus': self.authorized_add_with_status,
            'FolderExists': self.folder_exists,
            'IsProjectActive': self.is_project_active,
            'GetProjects': self.getProjects,
@@ -491,6 +576,10 @@ class ProjectDetailsQueryHandler(MessageHandlerInterface):
    def prepare_loop(self):
        self.momdb = MoMDatabaseWrapper(self.dbcreds)

+    def authorized_add_with_status(self, user, project, jobtype, status):
+        authorized = self.momdb.authorized_add_with_status(user, project, jobtype, status)
+        return {"authorized": authorized}
+
    def folder_exists(self, folder):
        exists = self.momdb.folder_exists(folder)
        return {"exists": exists}

--- a/SAS/MoM/MoMQueryService/test/test_momqueryservice.py
+++ b/SAS/MoM/MoMQueryService/test/test_momqueryservice.py