From 43e68c1b67eeb5587440cbe5017035b60d897212 Mon Sep 17 00:00:00 2001 From: Gagan Date: Mon, 4 Nov 2024 10:03:32 +0530 Subject: [PATCH] feat(permissions): update endpoints to expose tag-supported perms (#4788) --- api/environments/views.py | 7 +++++-- api/permissions/serializers.py | 7 ++++++- api/projects/views.py | 7 +++++-- .../environments/test_unit_environments_views.py | 12 +++++++++++- api/tests/unit/projects/test_unit_projects_views.py | 10 +++++++++- 5 files changed, 36 insertions(+), 7 deletions(-) diff --git a/api/environments/views.py b/api/environments/views.py index 085fa6853c10..e32e4ccab848 100644 --- a/api/environments/views.py +++ b/api/environments/views.py @@ -11,6 +11,7 @@ from rest_framework.request import Request from rest_framework.response import Response +from environments.permissions.constants import TAG_SUPPORTED_PERMISSIONS from environments.permissions.permissions import ( EnvironmentAdminPermission, EnvironmentPermissions, @@ -189,12 +190,14 @@ def delete_traits(self, request, *args, **kwargs): status=status.HTTP_400_BAD_REQUEST, ) - @swagger_auto_schema(responses={200: PermissionModelSerializer}) + @swagger_auto_schema(responses={200: PermissionModelSerializer(many=True)}) @action(detail=False, methods=["GET"]) def permissions(self, *args, **kwargs): return Response( PermissionModelSerializer( - instance=EnvironmentPermissionModel.objects.all(), many=True + instance=EnvironmentPermissionModel.objects.all(), + many=True, + context={"tag_supported_permissions": TAG_SUPPORTED_PERMISSIONS}, ).data ) diff --git a/api/permissions/serializers.py b/api/permissions/serializers.py index bd8e3a0d6a42..53b66eae2d68 100644 --- a/api/permissions/serializers.py +++ b/api/permissions/serializers.py @@ -4,9 +4,14 @@ class PermissionModelSerializer(serializers.ModelSerializer): + supports_tag = serializers.SerializerMethodField() + class Meta: model = PermissionModel - fields = ("key", "description") + fields = ("key", "description", "supports_tag") + + def get_supports_tag(self, obj: PermissionModel) -> bool: + return obj.key in self.context.get("tag_supported_permissions", []) class CreateUpdateUserPermissionSerializerABC(serializers.ModelSerializer): diff --git a/api/projects/views.py b/api/projects/views.py index 6d2b2f82e260..42929321015e 100644 --- a/api/projects/views.py +++ b/api/projects/views.py @@ -34,6 +34,7 @@ UserProjectPermission, ) from projects.permissions import ( + TAG_SUPPORTED_PERMISSIONS, VIEW_PROJECT, IsProjectAdmin, ProjectPermissions, @@ -126,13 +127,15 @@ def environments(self, request, pk): return Response(EnvironmentSerializerLight(environments, many=True).data) @swagger_auto_schema( - responses={200: PermissionModelSerializer}, request_body=no_body + responses={200: PermissionModelSerializer(many=True)}, request_body=no_body ) @action(detail=False, methods=["GET"]) def permissions(self, *args, **kwargs): return Response( PermissionModelSerializer( - instance=ProjectPermissionModel.objects.all(), many=True + instance=ProjectPermissionModel.objects.all(), + many=True, + context={"tag_supported_permissions": TAG_SUPPORTED_PERMISSIONS}, ).data ) diff --git a/api/tests/unit/environments/test_unit_environments_views.py b/api/tests/unit/environments/test_unit_environments_views.py index 39486bd3c06d..ad8bc80aea4f 100644 --- a/api/tests/unit/environments/test_unit_environments_views.py +++ b/api/tests/unit/environments/test_unit_environments_views.py @@ -18,7 +18,10 @@ from environments.identities.models import Identity from environments.identities.traits.models import Trait from environments.models import Environment, EnvironmentAPIKey, Webhook -from environments.permissions.constants import VIEW_ENVIRONMENT +from environments.permissions.constants import ( + TAG_SUPPORTED_PERMISSIONS, + VIEW_ENVIRONMENT, +) from environments.permissions.models import UserEnvironmentPermission from features.models import Feature, FeatureState from features.versioning.models import EnvironmentFeatureVersion @@ -962,6 +965,13 @@ def test_user_can_list_environment_permission( assert response.status_code == status.HTTP_200_OK assert len(response.json()) == 7 + returned_supported_permissions = [ + permission["key"] + for permission in response.json() + if permission["supports_tag"] is True + ] + assert set(returned_supported_permissions) == set(TAG_SUPPORTED_PERMISSIONS) + def test_environment_my_permissions_reruns_400_for_master_api_key( admin_master_api_key_client: APIClient, environment: Environment diff --git a/api/tests/unit/projects/test_unit_projects_views.py b/api/tests/unit/projects/test_unit_projects_views.py index b668f7ceaa9f..49a18985201f 100644 --- a/api/tests/unit/projects/test_unit_projects_views.py +++ b/api/tests/unit/projects/test_unit_projects_views.py @@ -29,6 +29,7 @@ from projects.permissions import ( CREATE_ENVIRONMENT, CREATE_FEATURE, + TAG_SUPPORTED_PERMISSIONS, VIEW_PROJECT, ) from segments.models import Segment @@ -142,7 +143,7 @@ def test_can_update_project( "client", [(lazy_fixture("admin_master_api_key_client")), (lazy_fixture("admin_client"))], ) -def test_can_list_project_permission(client, project): +def test_can_list_project_permission(client: APIClient, project: Project) -> None: # Given url = reverse("api-v1:projects:project-permissions") @@ -155,6 +156,13 @@ def test_can_list_project_permission(client, project): len(response.json()) == 7 ) # hard code how many permissions we expect there to be + returned_supported_permissions = [ + permission["key"] + for permission in response.json() + if permission["supports_tag"] is True + ] + assert set(returned_supported_permissions) == set(TAG_SUPPORTED_PERMISSIONS) + def test_my_permissions_for_a_project_return_400_with_master_api_key( admin_master_api_key_client, project, organisation