feat: add public flag for making public DRS objects

bento-platform · Dec 5, 2023 · ed778a7 · ed778a7
1 parent 43a2fdf
commit ed778a7
Show file tree

Hide file tree

Showing 4 changed files with 68 additions and 10 deletions.
diff --git a/README.md b/README.md
@@ -61,6 +61,24 @@ FLASK_DEBUG=True poetry run flask run
 ```
 
 
+## Generating Migrations
+
+To generate migrations while in the shell of a development Docker container, 
+run the following command:
+
+```bash
+poetry run flask db migrate -m "describe what has changed here"
+```
+
+Migrations will be automatically applied in the Docker environment (dev/prod) 
+on container restart, but if you want to run them manually, use the following 
+command:
+
+```bash
+poetry run flask db upgrade
+```
+
+
 ## Running Tests
 
 To run all tests and calculate coverage, run the following command:

diff --git a/chord_drs/migrations/versions/dcd501398d46_add_public_flag_to_drs_objects.py b/chord_drs/migrations/versions/dcd501398d46_add_public_flag_to_drs_objects.py
@@ -0,0 +1,30 @@
+"""add public flag to DRS objects
+
+Revision ID: dcd501398d46
+Revises: e12d110bf938
+Create Date: 2023-12-05 11:30:07.782924
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = 'dcd501398d46'
+down_revision = 'e12d110bf938'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.add_column('drs_bundle', sa.Column('public', sa.Boolean(), nullable=True))
+    op.add_column('drs_object', sa.Column('public', sa.Boolean(), nullable=True))
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_column('drs_object', 'public')
+    op.drop_column('drs_bundle', 'public')
+    # ### end Alembic commands ###
diff --git a/chord_drs/models.py b/chord_drs/models.py
@@ -26,6 +26,7 @@ class DrsMixin:
     project_id = db.Column(db.String(64), nullable=True)  # Nullable for backwards-compatibility
     dataset_id = db.Column(db.String(64), nullable=True)  # Nullable for backwards-compatibility / project-only stuff?
     data_type = db.Column(db.String(24), nullable=True)  # NULL if multi-data type or something else
+    public = db.Column(db.Boolean, default=False)  # If true, the object is public - accessible by anyone
 
 
 class DrsBundle(db.Model, DrsMixin):

diff --git a/chord_drs/routes.py b/chord_drs/routes.py
@@ -64,14 +64,17 @@ def _post_headers_getter(r: Request) -> dict[str, str]:
         token = r.form.get("token")
         return {"Authorization": f"Bearer {token}"} if token else {}
 
-    return tuple(r[0] for r in (
-        authz_middleware.evaluate(
-            request,
-            [build_resource(drs_obj.project_id, drs_obj.dataset_id, drs_obj.data_type) for drs_obj in drs_objs],
-            [permission],
-            headers_getter=_post_headers_getter if request.method == "POST" else None,
-            mark_authz_done=mark_authz_done,
-        )  # gets us a matrix of len(drs_objs) rows, 1 column with the permission evaluation result
+    return tuple(r[0] or drs_obj.public for r, drs_obj in (
+        zip(
+            authz_middleware.evaluate(
+                request,
+                [build_resource(drs_obj.project_id, drs_obj.dataset_id, drs_obj.data_type) for drs_obj in drs_objs],
+                [permission],
+                headers_getter=_post_headers_getter if request.method == "POST" else None,
+                mark_authz_done=mark_authz_done,
+            ),  # gets us a matrix of len(drs_objs) rows, 1 column with the permission evaluation result
+            drs_objs,
+        )
     ))  # now a tuple of length len(drs_objs) of whether we have the permission for each object
 
 
@@ -420,6 +423,7 @@ def object_ingest():
     project_id: str | None = data.get("project_id")
     dataset_id: str | None = data.get("dataset_id")
     data_type: str | None = data.get("data_type")
+    public: bool = data.get("public", "false").strip().lower() == "true"
     file = request.files.get("file")
 
     # This authz call determines everything, so we can mark authz as done when the call completes:
@@ -466,8 +470,12 @@ def object_ingest():
             candidate_drs_object: DrsBlob | None = DrsBlob.query.filter_by(checksum=checksum).first()
 
             if candidate_drs_object is not None:
-                if candidate_drs_object.project_id == project_id and candidate_drs_object.dataset_id == dataset_id and \
-                        candidate_drs_object.data_type == data_type:
+                if all((
+                    candidate_drs_object.project_id == project_id,
+                    candidate_drs_object.dataset_id == dataset_id,
+                    candidate_drs_object.data_type == data_type,
+                    candidate_drs_object.public == public,
+                )):
                     logger.info(f"Found duplicate DRS object via checksum (will fully deduplicate): {drs_object}")
                     drs_object = candidate_drs_object
                 else:
@@ -482,6 +490,7 @@ def object_ingest():
                     project_id=project_id,
                     dataset_id=dataset_id,
                     data_type=data_type,
+                    public=public,
                 )
                 db.session.add(drs_object)
                 db.session.commit()