Tuuli/tuuli_backend
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Mime for assets; better access handling for tables list

Browse source
This commit is contained in:
Andrew 2023-05-01 01:56:42 +07:00
parent b799d1312b
commit cab075810c
3 changed files with 35 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

44
app.py
View file

@ -5,6 +5,7 @@ from starlette.responses import StreamingResponse, JSONResponse
from fastapi.middleware.cors import CORSMiddleware
from based import db
import psycopg
import puremagic
from secrets import token_hex
from minio import Minio
from minio.helpers import ObjectWriteResult
@ -87,19 +88,33 @@ async def getAccessToken(userData: AuthModel):
200: {"model": list[TableDefinition], "description": "List of tables"},
403: {
"model": ErrorResponse,
"description": "Requesting this endpoint requires admin-level user access token",
"description": "Requesting this endpoint requires access token",
},
},
)
async def listTables(access_token: str | None = Header(default=None)):
is_admin = check_if_admin_access_token(connector, access_token)
if not is_admin:
tds: list[TableDefinition] = []
try:
_user, _ = get_user_by_access_token(connector, access_token)
if not _user:
raise Exception("Not allowed")
except Exception as e:
return JSONResponse(
ErrorResponse(error="Not allowed").dict(),
status_code=status.HTTP_403_FORBIDDEN,
ErrorResponse(error=str(e)).dict(), status_code=status.HTTP_403_FORBIDDEN
)
return [TableDefinition.parse_obj(table) for table in connector.tables()]
is_admin = check_if_admin_access_token(connector, access_token)
for table in connector.tables():
td = TableDefinition.parse_obj(table)
if not is_admin:
acl = get_user_permissions_for_table(connector, td.table_name, _user)
if acl != AccessType.READ and acl != AccessType.READ_WRITE:
continue
tds.append(td)
return tds
@app.post(
@ -425,9 +440,6 @@ async def items(
try:
is_admin = check_if_admin_access_token(connector, access_token)
if table_info["system"] and not is_admin:
raise Exception("Not allowed")
user, group = get_user_by_access_token(connector, access_token)
if not user:
raise Exception("Not allowed")
@ -908,13 +920,19 @@ async def createAsset(
filename = f"unnamed"
filename = f"{token_hex()}_{filename}"
try:
mime = puremagic.from_stream(asset.file, mime=True)
if not mime:
mime = "application/octet-stream"
except:
mime = "application/octet-stream"
asset.file.seek(0)
result: ObjectWriteResult = minioClient.put_object(
BUCKET_NAME,
filename,
data=asset.file,
content_type=(
asset.content_type if asset.content_type else "application/octet-stream"
),
content_type=mime,
length=asset.size,
)
if not result:
@ -923,7 +941,7 @@ async def createAsset(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
)
ok, e = create_asset(connector, filename, "", str(result.version_id))
ok, e = create_asset(connector, filename, "", str(result.version_id), mime)
if not ok:
if e:
return JSONResponse(

2
db_models.py
View file

@ -108,6 +108,7 @@ ASSETS_TABLE_SCHEMA = [
TextColumnDefinition("name"),
TextColumnDefinition("description", default=""),
TextColumnDefinition("fid"),
TextColumnDefinition("mime"),
TextColumnDefinition("tags", default=""),
]
@ -117,4 +118,5 @@ class Asset(BaseModel):
name: str
description: str
fid: str
mime: str
tags: str

3
dba.py
View file

@ -464,7 +464,7 @@ def drop_table(conn: DBConnector, table_name: str):
return False, e
def create_asset(conn: DBConnector, name: str, description: str, fid: str):
def create_asset(conn: DBConnector, name: str, description: str, fid: str, mime: str):
try:
conn.insertIntoTable(
ASSETS_TABLE_NAME,
@ -472,6 +472,7 @@ def create_asset(conn: DBConnector, name: str, description: str, fid: str):
"name": name,
"description": description,
"fid": fid,
"mime": mime,
},
)
return True, None