chore: update bento_lib for new authz service

bento_beacon/authz/middleware.py

@@ -1,18 +1,13 @@
 from flask import request
 from bento_lib.auth.middleware.flask import FlaskAuthMiddleware
+from bento_lib.auth.permissions import Permission
+from bento_lib.auth.resources import RESOURCE_EVERYTHING
 from ..config_files.config import Config
 from ..utils.beacon_response import middleware_meta_callback
 
 __all__ = [
     "authz_middleware",
-    "PERMISSION_QUERY_PROJECT_LEVEL_BOOLEAN",
-    "PERMISSION_QUERY_DATASET_LEVEL_BOOLEAN",
-    "PERMISSION_QUERY_PROJECT_LEVEL_COUNTS",
-    "PERMISSION_QUERY_DATASET_LEVEL_COUNTS",
-    "PERMISSION_QUERY_DATA",
-    "PERMISSION_DOWNLOAD_DATA",
-    "check_permissions",
-    "check_permission"
+    "check_permission",
 ]
 
 
@@ -23,25 +18,6 @@
     debug_mode=Config.BENTO_DEBUG
 )
 
-# for now, these will go unused - Beacon currently does not have a strong concept of Bento projects/datasets
-PERMISSION_QUERY_PROJECT_LEVEL_BOOLEAN = "query:project_level_boolean"
-PERMISSION_QUERY_DATASET_LEVEL_BOOLEAN = "query:dataset_level_boolean"
-PERMISSION_QUERY_PROJECT_LEVEL_COUNTS = "query:project_level_counts"
-PERMISSION_QUERY_DATASET_LEVEL_COUNTS = "query:dataset_level_counts"
-# these permissions can open up various aspects of handoff / full-search
-PERMISSION_QUERY_DATA = "query:data"
-PERMISSION_DOWNLOAD_DATA = "download:data"
 
-
-def check_permissions(permissions: list[str]) -> bool:
-    auth_res = authz_middleware.authz_post(request, "/policy/evaluate", body={
-        "requested_resource": {"everything": True},
-        "required_permissions": permissions,
-        },
-    )["result"]
-    authz_middleware.mark_authz_done(request)
-    return auth_res
-
-
-def check_permission(permission: str) -> bool:
-    return check_permissions([permission])
+def check_permission(permission: Permission) -> bool:
+    return authz_middleware.evaluate_one(request, RESOURCE_EVERYTHING, permission, mark_authz_done=True)

bento_beacon/endpoints/individuals.py

@@ -1,9 +1,11 @@
+from bento_lib.auth.permissions import (
+    P_DOWNLOAD_DATA,
+    P_QUERY_DATA,
+)
 from flask import Blueprint
 from functools import reduce
 from ..authz.middleware import (
     authz_middleware,
-    PERMISSION_DOWNLOAD_DATA,
-    PERMISSION_QUERY_DATA,
     check_permission
 )
 from ..utils.beacon_request import (
@@ -94,7 +96,7 @@ def individuals_full_results(ids):
     # if len(ids) > 100:
     #     return {"message": "too many ids for full response"}
 
-    handover_permission = check_permission(PERMISSION_DOWNLOAD_DATA)
+    handover_permission = check_permission(P_DOWNLOAD_DATA)
     handover = handover_for_ids(ids) if handover_permission else {}
     phenopackets_by_result_set = phenopackets_for_ids(ids).get("results", {})
     result_ids = list(phenopackets_by_result_set.keys())
@@ -121,7 +123,7 @@ def individuals_full_results(ids):
 
 
 @individuals.route("/individuals/<id>", methods=['GET', 'POST'])
-@authz_middleware.deco_require_permissions_on_resource({PERMISSION_QUERY_DATA})
+@authz_middleware.deco_require_permissions_on_resource({P_QUERY_DATA})
 def individual_by_id(id):
     # forbidden / unauthorized if no permissions
     return beacon_result_set_response([id], 1)

bento_beacon/utils/beacon_request.py

@@ -1,8 +1,9 @@
-from flask import current_app, request, g
 import jsonschema
+from bento_lib.auth.permissions import P_QUERY_DATA
+from flask import current_app, request, g
 from .exceptions import InvalidQuery
 from .censorship import reject_if_too_many_filters
-from ..authz.middleware import check_permission, PERMISSION_QUERY_DATA
+from ..authz.middleware import check_permission
 
 
 def request_defaults():
@@ -141,4 +142,4 @@ def summary_stats_requested():
 
 def verify_permissions():
     # can do much more here in the future
-    g.permission_query_data = check_permission(PERMISSION_QUERY_DATA)
+    g.permission_query_data = check_permission(P_QUERY_DATA)

requirements.txt

@@ -5,7 +5,7 @@ arrow==1.2.3
 async-timeout==4.0.3
 attrs==22.2.0
 autopep8==1.6.0
-bento-lib==7.2.0
+bento-lib==9.1.0
 certifi==2023.7.22
 cffi==1.15.1
 charset-normalizer==2.1.1
@@ -31,6 +31,8 @@ pkgutil_resolve_name==1.3.10
 psycopg2-binary==2.9.9
 pycodestyle==2.11.1
 pycparser==2.21
+pydantic==2.4.2
+pydantic_core==2.10.1
 pyflakes==3.1.0
 PyJWT==2.8.0
 pyrsistent==0.19.3