Tuuli/tuuli_backend
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Mime for assets; better access handling for tables list

Browse source
This commit is contained in:
Andrew 2023-05-01 01:56:42 +07:00
parent b799d1312b
commit cab075810c
3 changed files with 35 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

44
app.py
View file

@ -5,6 +5,7 @@ from starlette.responses import StreamingResponse, JSONResponse
from fastapi.middleware.cors import CORSMiddleware from fastapi.middleware.cors import CORSMiddleware
from based import db from based import db
import psycopg import psycopg
import puremagic
from secrets import token_hex from secrets import token_hex
from minio import Minio from minio import Minio
from minio.helpers import ObjectWriteResult from minio.helpers import ObjectWriteResult
@ -87,19 +88,33 @@ async def getAccessToken(userData: AuthModel):
200: {"model": list[TableDefinition], "description": "List of tables"}, 200: {"model": list[TableDefinition], "description": "List of tables"},
403: { 403: {
"model": ErrorResponse, "model": ErrorResponse,
"description": "Requesting this endpoint requires admin-level user access token", "description": "Requesting this endpoint requires access token",
}, },
}, },
) )
async def listTables(access_token: str | None = Header(default=None)): async def listTables(access_token: str | None = Header(default=None)):
is_admin = check_if_admin_access_token(connector, access_token) tds: list[TableDefinition] = []
if not is_admin:
try:
_user, _ = get_user_by_access_token(connector, access_token)
if not _user:
raise Exception("Not allowed")
except Exception as e:
return JSONResponse( return JSONResponse(
ErrorResponse(error="Not allowed").dict(), ErrorResponse(error=str(e)).dict(), status_code=status.HTTP_403_FORBIDDEN
status_code=status.HTTP_403_FORBIDDEN,
) )
return [TableDefinition.parse_obj(table) for table in connector.tables()] is_admin = check_if_admin_access_token(connector, access_token)
for table in connector.tables():
td = TableDefinition.parse_obj(table)
if not is_admin:
acl = get_user_permissions_for_table(connector, td.table_name, _user)
if acl != AccessType.READ and acl != AccessType.READ_WRITE:
continue
tds.append(td)
return tds
@app.post( @app.post(
@ -425,9 +440,6 @@ async def items(
try: try:
is_admin = check_if_admin_access_token(connector, access_token) is_admin = check_if_admin_access_token(connector, access_token)
if table_info["system"] and not is_admin:
raise Exception("Not allowed")
user, group = get_user_by_access_token(connector, access_token) user, group = get_user_by_access_token(connector, access_token)
if not user: if not user:
raise Exception("Not allowed") raise Exception("Not allowed")
@ -908,13 +920,19 @@ async def createAsset(
filename = f"unnamed" filename = f"unnamed"
filename = f"{token_hex()}_{filename}" filename = f"{token_hex()}_{filename}"
try:
mime = puremagic.from_stream(asset.file, mime=True)
if not mime:
mime = "application/octet-stream"
except:
mime = "application/octet-stream"
asset.file.seek(0)
result: ObjectWriteResult = minioClient.put_object( result: ObjectWriteResult = minioClient.put_object(
BUCKET_NAME, BUCKET_NAME,
filename, filename,
data=asset.file, data=asset.file,
content_type=( content_type=mime,
asset.content_type if asset.content_type else "application/octet-stream"
),
length=asset.size, length=asset.size,
) )
if not result: if not result:
@ -923,7 +941,7 @@ async def createAsset(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
) )
ok, e = create_asset(connector, filename, "", str(result.version_id)) ok, e = create_asset(connector, filename, "", str(result.version_id), mime)
if not ok: if not ok:
if e: if e:
return JSONResponse( return JSONResponse(

2
db_models.py
View file

@ -108,6 +108,7 @@ ASSETS_TABLE_SCHEMA = [
TextColumnDefinition("name"), TextColumnDefinition("name"),
TextColumnDefinition("description", default=""), TextColumnDefinition("description", default=""),
TextColumnDefinition("fid"), TextColumnDefinition("fid"),
TextColumnDefinition("mime"),
TextColumnDefinition("tags", default=""), TextColumnDefinition("tags", default=""),
] ]
@ -117,4 +118,5 @@ class Asset(BaseModel):
name: str name: str
description: str description: str
fid: str fid: str
mime: str
tags: str tags: str

3
dba.py
View file

@ -464,7 +464,7 @@ def drop_table(conn: DBConnector, table_name: str):
return False, e return False, e
def create_asset(conn: DBConnector, name: str, description: str, fid: str): def create_asset(conn: DBConnector, name: str, description: str, fid: str, mime: str):
try: try:
conn.insertIntoTable( conn.insertIntoTable(
ASSETS_TABLE_NAME, ASSETS_TABLE_NAME,
@ -472,6 +472,7 @@ def create_asset(conn: DBConnector, name: str, description: str, fid: str):
"name": name, "name": name,
"description": description, "description": description,
"fid": fid, "fid": fid,
"mime": mime,
}, },
) )
return True, None return True, None