Skip to content

Commit

Permalink
Merge pull request #150 from QCDIS/restrict_api_operations
Browse files Browse the repository at this point in the history
Restrict api operations
  • Loading branch information
gpelouze authored Sep 20, 2023
2 parents 17fe2be + 97c4eb6 commit 69532bb
Show file tree
Hide file tree
Showing 12 changed files with 76 additions and 109 deletions.
7 changes: 2 additions & 5 deletions vre-panel/components/VLAbAssets.tsx
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
import {JWT} from "next-auth/jwt";
import {Tab} from '@headlessui/react'
import clsx from "clsx"
import WorkflowRuns from "./VLabAssets/WorkflowRuns";
Expand All @@ -9,8 +8,6 @@ import {Fragment} from "react";

type Props = {
slug: string | string[] | undefined,
isAuthenticated: boolean,
token: JWT,
}

const tabs = [
Expand All @@ -28,7 +25,7 @@ const tabs = [
},
]

const VLabAssets: React.FC<Props> = ({slug, isAuthenticated, token}) => {
const VLabAssets: React.FC<Props> = ({slug}) => {

return (
<div className="space-y-8">
Expand Down Expand Up @@ -57,7 +54,7 @@ const VLabAssets: React.FC<Props> = ({slug, isAuthenticated, token}) => {
{tabs.map((tab) => {
return (
<Tab.Panel as={Fragment} key={tab.title}>
<tab.panelComponent slug={slug} isAuthenticated={isAuthenticated} token={token}/>
<tab.panelComponent slug={slug}/>
</Tab.Panel>
)
})}
Expand Down
18 changes: 4 additions & 14 deletions vre-panel/components/VLabAssets/DataProducts.tsx
Original file line number Diff line number Diff line change
@@ -1,16 +1,13 @@
import React, {useEffect, useState} from "react";
import getConfig from "next/config";
import {JWT} from "next-auth/jwt";
import clsx from "clsx";


type Props = {
slug: string | string[] | undefined,
isAuthenticated: boolean,
token: JWT,
}

const DataProducts: React.FC<Props> = ({slug, isAuthenticated, token}) => {
const DataProducts: React.FC<Props> = ({slug}) => {

const {publicRuntimeConfig} = getConfig()

Expand All @@ -22,15 +19,8 @@ const DataProducts: React.FC<Props> = ({slug, isAuthenticated, token}) => {

setLoadingAssets(true);

var requestOptions: RequestInit = {
method: "GET",
headers: {
"Authorization": "Bearer: " + token.accessToken
},
};

const apiUrl = `${window.location.origin}/${publicRuntimeConfig.apiBasePath}`
const res = await fetch(`${apiUrl}/dataprods?vlab_slug=${slug}`, requestOptions);
const res = await fetch(`${apiUrl}/dataprods?vlab_slug=${slug}`);
setLoadingAssets(false);

try {
Expand All @@ -43,10 +33,10 @@ const DataProducts: React.FC<Props> = ({slug, isAuthenticated, token}) => {
}

useEffect(() => {
if (isAuthenticated) {
if (slug) {
Promise.all([fetchAssets()])
}
}, [isAuthenticated]);
}, [slug]);

return (
<div>
Expand Down
3 changes: 0 additions & 3 deletions vre-panel/components/VLabAssets/GeoDataProducts.tsx
Original file line number Diff line number Diff line change
@@ -1,11 +1,8 @@
import {JWT} from "next-auth/jwt";
import dynamic from "next/dynamic";
const CatalogMapView = dynamic(() => import("./catalog_map"), {ssr: false})

type Props = {
slug: string | string[] | undefined,
isAuthenticated: boolean,
token: JWT,
}

const GeoDataProducts: React.FC<Props> = ({slug}) => {
Expand Down
18 changes: 4 additions & 14 deletions vre-panel/components/VLabAssets/WorkflowRuns.tsx
Original file line number Diff line number Diff line change
@@ -1,16 +1,13 @@
import React, {useEffect, useState} from "react";
import getConfig from "next/config";
import {JWT} from "next-auth/jwt";
import clsx from "clsx";


type Props = {
slug: string | string[] | undefined,
isAuthenticated: boolean,
token: JWT,
}

const WorkflowRuns: React.FC<Props> = ({slug, isAuthenticated, token}) => {
const WorkflowRuns: React.FC<Props> = ({slug}) => {

const {publicRuntimeConfig} = getConfig()

Expand All @@ -22,15 +19,8 @@ const WorkflowRuns: React.FC<Props> = ({slug, isAuthenticated, token}) => {

setLoadingAssets(true);

var requestOptions: RequestInit = {
method: "GET",
headers: {
"Authorization": "Bearer: " + token.accessToken
},
};

const apiUrl = `${window.location.origin}/${publicRuntimeConfig.apiBasePath}`
const res = await fetch(`${apiUrl}/workflows?vlab_slug=${slug}`, requestOptions);
const res = await fetch(`${apiUrl}/workflows?vlab_slug=${slug}`);
setLoadingAssets(false);

try {
Expand All @@ -44,10 +34,10 @@ const WorkflowRuns: React.FC<Props> = ({slug, isAuthenticated, token}) => {
}

useEffect(() => {
if (isAuthenticated) {
if (slug) {
Promise.all([fetchAssets()])
}
}, [isAuthenticated]);
}, [slug]);

return (
<div>
Expand Down
19 changes: 4 additions & 15 deletions vre-panel/components/VLabInstances.tsx
Original file line number Diff line number Diff line change
@@ -1,22 +1,19 @@
import React, {useEffect, useState} from "react";
import getConfig from "next/config";
import {JWT} from "next-auth/jwt";
import {VLab} from "../types/vlab";
import {useSession} from "next-auth/react";

type Props = {
vlab: VLab,
slug: string | string[] | undefined,
isAuthenticated: boolean,
token: JWT,
}

interface VLabInstance {
vlab: string,
username: string,
}

const VLabInstances: React.FC<Props> = ({vlab, slug, isAuthenticated, token}) => {
const VLabInstances: React.FC<Props> = ({vlab, slug}) => {

const {publicRuntimeConfig} = getConfig()

Expand All @@ -39,7 +36,6 @@ const VLabInstances: React.FC<Props> = ({vlab, slug, isAuthenticated, token}) =>
const requestOptions: RequestInit = {
method: "POST",
headers: {
"Authorization": "Bearer: " + token.accessToken,
"Content-Type": "application/json",
},
body: JSON.stringify({
Expand All @@ -54,15 +50,8 @@ const VLabInstances: React.FC<Props> = ({vlab, slug, isAuthenticated, token}) =>

const fetchVlabInstances = async () => {

var requestOptions: RequestInit = {
method: "GET",
headers: {
"Authorization": "Bearer: " + token.accessToken
},
};

const apiUrl = `${window.location.origin}/${publicRuntimeConfig.apiBasePath}`
const res = await fetch(`${apiUrl}/vlab_instances/?vlab_slug=${slug}`, requestOptions);
const res = await fetch(`${apiUrl}/vlab_instances/?vlab_slug=${slug}`);
try {
const dat = await res.json()
setVlabInstances(dat)
Expand All @@ -73,10 +62,10 @@ const VLabInstances: React.FC<Props> = ({vlab, slug, isAuthenticated, token}) =>
}

useEffect(() => {
if (isAuthenticated) {
if (slug) {
Promise.all([fetchVlabInstances()])
}
}, [isAuthenticated]);
}, [slug]);

return (
<div className="space-y-4">
Expand Down
41 changes: 7 additions & 34 deletions vre-panel/pages/vlabs/[slug].tsx
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
import {getToken} from "next-auth/jwt";
import {useRouter} from "next/router";
import VLabDescription from "../../components/VLabDescription";
import React, {useEffect, useState} from "react";
Expand All @@ -9,12 +8,7 @@ import VLabInstances from "../../components/VLabInstances";
import getConfig from "next/config";
import {VLab} from "../../types/vlab";


interface VLabDetailsProps {
token?: any;
}

const VLabDetails: React.FC<VLabDetailsProps> = ({token}) => {
const VLabDetails = () => {

const {publicRuntimeConfig} = getConfig()

Expand All @@ -25,24 +19,16 @@ const VLabDetails: React.FC<VLabDetailsProps> = ({token}) => {
endpoint: ""
}

const isAuthenticated = useAuth(true);
useAuth(true);
const router = useRouter();
const {slug} = router.query;

const [vlab, setVlab] = useState(vlabPlaceholder)
const [backendError, setBackendError] = useState(false)

const fetchVlab = async () => {

var requestOptions: RequestInit = {
method: "GET",
headers: {
"Authorization": "Bearer: " + token.accessToken
},
};

const apiUrl = `${window.location.origin}/${publicRuntimeConfig.apiBasePath}`
const res = await fetch(`${apiUrl}/vlabs/${slug}`, requestOptions);
const res = await fetch(`${apiUrl}/vlabs/${slug}`);
try {
const dat = await res.json()
setVlab(dat)
Expand All @@ -53,10 +39,10 @@ const VLabDetails: React.FC<VLabDetailsProps> = ({token}) => {
}

useEffect(() => {
if (isAuthenticated) {
if (slug) {
Promise.all([fetchVlab()])
}
}, [isAuthenticated]);
}, [slug]);


return (
Expand All @@ -67,28 +53,15 @@ const VLabDetails: React.FC<VLabDetailsProps> = ({token}) => {
</div>

<div className="rounded shadow-lg bg-white p-8">
<VLabInstances vlab={vlab} slug={slug} isAuthenticated={isAuthenticated} token={token}/>
<VLabInstances vlab={vlab} slug={slug}/>
</div>

<div className="rounded shadow-lg bg-white p-8">
<VLAbAssets slug={slug} isAuthenticated={isAuthenticated} token={token}/>
<VLAbAssets slug={slug}/>
</div>

</PageLayout>
)
}

export default VLabDetails;

export async function getServerSideProps(context: any) {

const {req} = context;
const secret = process.env.SECRET;
const token = await getToken({req, secret});
console.log(token)
return {
props: {
token: token
}
};
}
14 changes: 10 additions & 4 deletions vreapis/cells/views.py
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
from django.shortcuts import render
from requests import Response
from rest_framework import mixins, viewsets, status
from rest_framework.decorators import action
from rest_framework import mixins, viewsets
from rest_framework.permissions import IsAuthenticated

from vreapis.views import GetSerializerMixin

from . import models, serializers
Expand All @@ -19,6 +18,13 @@ class CellsViewSet(GetSerializerMixin,
'list': serializers.CellSerializer
}

def get_permissions(self):
if self.action in ['list', 'retrieve']:
permission_classes = []
else:
permission_classes = [IsAuthenticated]
return [permission() for permission in permission_classes]

def create(self, request, *args, **kwargs):
print(request.data)
return super().create(request)
16 changes: 16 additions & 0 deletions vreapis/data_products/views.py
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
from rest_framework import mixins, viewsets
from rest_framework.permissions import IsAuthenticated
from rest_framework_gis import filters

from vreapis.views import GetSerializerMixin
Expand All @@ -22,6 +23,13 @@ class DataProductsViewSet(
'list': serializers.DataProductSerializer,
}

def get_permissions(self):
if self.action in ['list', 'retrieve']:
permission_classes = []
else:
permission_classes = [IsAuthenticated]
return [permission() for permission in permission_classes]

def create(self, request, *args, **kwargs):
print(request.data)
return super().create(request)
Expand All @@ -34,6 +42,7 @@ def get_queryset(self):
return self.model.objects.all()



class GeoDataProductsViewSet(DataProductsViewSet):
model = models.GeoDataProduct
queryset = model.objects.all()
Expand All @@ -44,3 +53,10 @@ class GeoDataProductsViewSet(DataProductsViewSet):
bbox_filter_field = 'spatial_coverage'
bbox_filter_include_overlapping = True
filter_backends = (filters.InBBoxFilter,)

def get_permissions(self):
if self.action in ['list', 'retrieve']:
permission_classes = []
else:
permission_classes = [IsAuthenticated]
return [permission() for permission in permission_classes]
1 change: 1 addition & 0 deletions vreapis/paas_configuration/views.py
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
from rest_framework import viewsets

from vreapis.views import GetSerializerMixin

from .models import PaasConfiguration
Expand Down
3 changes: 3 additions & 0 deletions vreapis/virtual_labs/models.py
Original file line number Diff line number Diff line change
Expand Up @@ -119,3 +119,6 @@ class Meta:
class VirtualLabInstance(models.Model):
vlab = models.ForeignKey(VirtualLab, on_delete=models.CASCADE, null=True)
username = models.CharField(max_length=100, null=True)

def __str__(self):
return f'{self.username} on {self.vlab.slug}'
Loading

0 comments on commit 69532bb

Please sign in to comment.