Add role and rule model

MinBZK · Dec 23, 2024 · eba1ff8 · eba1ff8
1 parent 8015d9a
commit eba1ff8
Show file tree

Hide file tree

Showing 8 changed files with 102 additions and 2 deletions.
diff --git a/amt/core/authorization.py b/amt/core/authorization.py
@@ -1,11 +1,34 @@
 from collections.abc import Iterable
+from enum import StrEnum
 from typing import Any
 
 from starlette.requests import Request
 
 from amt.core.internationalization import get_requested_language
 
 
+class AuthorizationVerb(StrEnum):
+    LIST = "List"
+    READ = "Read"
+    CREATE = "Create"
+    UPDATE = "Update"
+    DELETE = "Delete"
+
+
+class AuthorizationType(StrEnum):
+    ALGORITHM = "Algorithm"
+    ORGANIZATION = "Organization"
+
+
+class AuthorizationResource(StrEnum):
+    ORGANIZATION_INFO = "Organization_Info"
+    ORGANIZATION_ALGORITHM = "Organization_Algorithm"
+    ORGANIZATION_MEMBER = "Organization_Member"
+    ALGORITHM = "Algorithm"
+    ALGORITHM_SYSTEMCARD = "Algorithm_Systemcard"
+    ALGORITHM_MEMBER = "Algorithm_Member"
+
+
 def get_user(request: Request) -> dict[str, Any] | None:
     user = None
     if isinstance(request.scope, Iterable) and "session" in request.scope:

diff --git a/amt/middleware/authorization.py b/amt/middleware/authorization.py
@@ -19,6 +19,10 @@ async def dispatch(self, request: Request, call_next: RequestResponseEndpoint) -
             return await call_next(request)
 
         user = get_user(request)
+
+        # todo: append authorization set with valid authorization for that user
+        request.state.authorization = []
+
         if user:  # pragma: no cover
             return await call_next(request)
 

diff --git a/amt/models/__init__.py b/amt/models/__init__.py
@@ -1,6 +1,9 @@
 from .algorithm import Algorithm
+from .authorization import Authorization
 from .organization import Organization
+from .role import Role
+from .rule import Rule
 from .task import Task
 from .user import User
 
-__all__ = ["Algorithm", "Organization", "Task", "User"]
+__all__ = ["Algorithm", "Authorization", "Organization", "Role", "Rule", "Task", "User"]
diff --git a/amt/models/authorization.py b/amt/models/authorization.py
@@ -0,0 +1,16 @@
+from sqlalchemy import ForeignKey
+from sqlalchemy.orm import Mapped, mapped_column, relationship
+
+from amt.models.base import Base
+
+
+class Authorization(Base):
+    __tablename__ = "authorization"
+
+    id: Mapped[int] = mapped_column(primary_key=True)
+    user_id: Mapped[int] = mapped_column(ForeignKey("user.id"))
+    user: Mapped["User"] = relationship(back_populates="authorizations")  # pyright: ignore [reportUndefinedVariable, reportUnknownVariableType] #noqa
+    role_id: Mapped[int] = mapped_column(ForeignKey("role.id"))
+    role: Mapped["Role"] = relationship(back_populates="authorizations")  # pyright: ignore [reportUndefinedVariable, reportUnknownVariableType] #noqa
+    type: Mapped[str]
+    type_id: Mapped[int]
diff --git a/amt/models/relationships.py b/amt/models/relationships.py
@@ -8,3 +8,26 @@
     Column("organization_id", ForeignKey("organization.id"), primary_key=True),  # pyright: ignore[reportUnknownArgumentType]
     Column("user_id", ForeignKey("user.id"), primary_key=True),  # pyright: ignore[reportUnknownArgumentType]
 )
+
+
+#######
+# organizations/
+# organizations/1/algorithms
+# organizations/1/members
+# algorithms/
+# algorithm/36/
+# algorithm/36/system_card
+# algorithm/36/model/inference
+# algorithm/36/system_card/requirements
+# algorithm/36/system_card/data
+# algorithm/36/tasks
+# algorithm/36/system_card/instruments
+
+
+# Maintainer Organization
+# Member Organization
+# Viewer Organization
+
+# Maintainer Algorithm
+# Member Algorithm
+# Viewer Algorithm
diff --git a/amt/models/role.py b/amt/models/role.py
@@ -0,0 +1,15 @@
+from sqlalchemy import String
+from sqlalchemy.orm import Mapped, mapped_column, relationship
+
+from amt.models import Authorization
+from amt.models.base import Base
+from amt.models.rule import Rule
+
+
+class Role(Base):
+    __tablename__ = "role"
+
+    id: Mapped[int] = mapped_column(primary_key=True)
+    name: Mapped[str] = mapped_column(String, nullable=False)
+    rules: Mapped[list["Rule"]] = relationship(back_populates="role")
+    authorizations: Mapped[list["Authorization"]] = relationship(back_populates="role")
diff --git a/amt/models/rule.py b/amt/models/rule.py
@@ -0,0 +1,15 @@
+from sqlalchemy import ForeignKey, String
+from sqlalchemy.orm import Mapped, mapped_column, relationship
+from sqlalchemy.types import JSON
+
+from amt.models.base import Base
+
+
+class Rule(Base):
+    __tablename__ = "rule"
+
+    id: Mapped[int] = mapped_column(primary_key=True)
+    resource: Mapped[str] = mapped_column(String, nullable=False)
+    verbs: Mapped[list[str]] = mapped_column(JSON, default=list)
+    role_id: Mapped[int] = mapped_column(ForeignKey("role.id"))
+    role: Mapped["Role"] = relationship(back_populates="rule")  # pyright: ignore[reportUnknownVariableType, reportUndefinedVariable] #noqa
diff --git a/amt/models/user.py b/amt/models/user.py
@@ -3,7 +3,7 @@
 from sqlalchemy import UUID as SQLAlchemyUUID
 from sqlalchemy.orm import Mapped, mapped_column, relationship
 
-from amt.models import Organization
+from amt.models import Authorization, Organization
 from amt.models.base import Base
 
 
@@ -19,3 +19,4 @@ class User(Base):
         "Organization", secondary="users_and_organizations", back_populates="users", lazy="selectin"
     )
     organizations_created: Mapped[list["Organization"]] = relationship(back_populates="created_by", lazy="selectin")
+    authorizations: Mapped[list["Authorization"]] = relationship(back_populates="user")