Merge branch 'main' into main

fortran-lang · Jun 22, 2023 · 523f885 · 523f885
2 parents 1263396 + 97209f2
commit 523f885
Show file tree

Hide file tree

Showing 10 changed files with 112 additions and 17 deletions.
diff --git a/flask/documentation/get_namespace_admins.yaml b/flask/documentation/get_namespace_admins.yaml
@@ -1,18 +1,26 @@
-description: Get admins of a namespace.
+description: Verifies by uuid of the user and gets the namespace admins.
+
 parameters:
   - name: namespace
     in: path
     description: Namespace name
     required: true
     type: string
+
+  - name: uuid
+    in: formData
+    required: true
+    type: string
+    description: UUID of the user
+
 responses:
   200:
     description: Admins found
     schema:
       type: object
       properties:
         code:
-          type: string
+          type: integer
           description: Response status code
         admins:
           type: array
@@ -32,7 +40,7 @@ responses:
       type: object
       properties:
         code:
-          type: string
+          type: integer
           description: Response status code
         message:
           type: string

diff --git a/flask/documentation/get_namespace_maintainers.yaml b/flask/documentation/get_namespace_maintainers.yaml
@@ -1,10 +1,18 @@
-description: Get maintainers of a namespace.
+description: Verifies using uuid of the user and gets the namespace maintainers.
+
 parameters:
   - name: namespace
     in: path
     description: Namespace name
     required: true
     type: string
+
+  - name: uuid
+    in: formData
+    description: UUID of the user
+    required: true
+    type: string
+
 responses:
   200:
     description: Maintainers found
@@ -32,8 +40,20 @@ responses:
       type: object
       properties:
         code:
-          type: string
+          type: integer
           description: Response status code
         message:
           type: string
           description: Error message
+
+  401:
+    description: Unauthorized access
+    schema:
+      type: object
+      properties:
+        code:
+          type: integer
+          description: Response status code
+        message:
+          type: string
+          description: Unauthorized access
diff --git a/flask/documentation/package_maintainers.yaml b/flask/documentation/package_maintainers.yaml
@@ -1,4 +1,4 @@
-description: Gets package maintainers of a package.
+description: Verifies by uuid and gets the package maintainers.
 
 parameters:
   - name: namespace
@@ -13,6 +13,12 @@ parameters:
     required: true
     type: string
 
+  - name: uuid
+    in: formData
+    required: true
+    type: string
+    description: UUID of the user
+
 responses:
   200:
     description: Package Found.
@@ -46,3 +52,15 @@ responses:
         message:
           type: string
           description: Package or Namespace not found.
+
+  401:
+    description: Unauthorized access
+    schema:
+      type: object
+      properties:
+        code:
+          type: integer
+          description: response status code
+        message:
+          type: string
+          description: Unauthorized access
diff --git a/flask/namespaces.py b/flask/namespaces.py
@@ -183,14 +183,27 @@ def namespace_packages(namespace):
         200,
     )
 
-@app.route("/namespace/<namespace>/admins", methods=["GET"])
-@swag_from("documentation/get_namespace_admins.yaml", methods=["GET"])
+@app.route("/namespaces/<namespace>/admins", methods=["POST"])
+@swag_from("documentation/get_namespace_admins.yaml", methods=["POST"])
 def namespace_admins(namespace):
+    uuid = request.form.get("uuid")
+
+    if not uuid:
+        return jsonify({"code": 401, "message": "Unauthorized"}), 401
+
+    user = db.users.find_one({"uuid": uuid})
+
+    if not user:
+        return jsonify({"code": 404, "message": "User not found"}), 404
+
     namespace_doc = db.namespaces.find_one({"namespace": namespace})
 
     if not namespace_doc:
         return jsonify({"code": 404, "message": "Namespace not found"}), 404
 
+    if not user["_id"] in namespace_doc["admins"] and not user["_id"] in namespace_doc["maintainers"]:
+        return jsonify({"code": 401, "message": "Unauthorized"}), 401
+
     admins = []
 
     for i in namespace_doc["admins"]:
@@ -202,14 +215,27 @@ def namespace_admins(namespace):
 
     return jsonify({"code": 200, "users": admins}), 200
 
-@app.route("/namespace/<namespace>/maintainers", methods=["GET"])
-@swag_from("documentation/get_namespace_maintainers.yaml", methods=["GET"])
+@app.route("/namespaces/<namespace>/maintainers", methods=["POST"])
+@swag_from("documentation/get_namespace_maintainers.yaml", methods=["POST"])
 def namespace_maintainers(namespace):
+    uuid = request.form.get("uuid")
+
+    if not uuid:
+        return jsonify({"code": 401, "message": "Unauthorized"}), 401
+
+    user = db.users.find_one({"uuid": uuid})
+
+    if not user:
+        return jsonify({"code": 404, "message": "User not found"}), 404
+
     namespace_doc = db.namespaces.find_one({"namespace": namespace})
 
     if not namespace_doc:
         return jsonify({"code": 404, "message": "Namespace not found"}), 404
 
+    if not user["_id"] in namespace_doc["admins"] and not user["_id"] in namespace_doc["maintainers"]:
+        return jsonify({"code": 401, "message": "Unauthorized"}), 401    
+
     maintainers = []
 
     for i in namespace_doc["maintainers"]:

diff --git a/flask/packages.py b/flask/packages.py
@@ -740,10 +740,19 @@ def create_token_upload_token_package(namespace_name, package_name):
         200,
     )
 
-
 @app.route("/packages/<namespace>/<package>/maintainers", methods=["GET"])
 @swag_from("documentation/package_maintainers.yaml", methods=["GET"])
 def package_maintainers(namespace, package):
+    uuid = request.form.get("uuid")
+
+    if not uuid:
+        return jsonify({"code": 401, "message": "Unauthorized"}), 401
+
+    user = db.users.find_one({"uuid": uuid})
+
+    if not user:
+        return jsonify({"code": 401, "message": "Unauthorized"}), 401
+
     namespace_doc = db.namespaces.find_one({"namespace": namespace})
 
     if not namespace_doc:

diff --git a/registry/src/pages/showUserListDialog.js b/registry/src/pages/showUserListDialog.js
@@ -6,6 +6,9 @@ import { MDBIcon } from "mdbreact";
 
 const ShowUserListDialog = (props) => {
   const users = useSelector((state) => state.userList.users);
+  const uuid = useSelector((state) => state.auth.uuid);
+  const error = useSelector((state) => state.userList.error);
+
   const dispatch = useDispatch();
 
   useEffect(() => {
@@ -20,6 +23,7 @@ const ShowUserListDialog = (props) => {
         packageMaintainers: props.packagemaintainers,
         namespace: props.namespace,
         packageName: props.package,
+        uuid: uuid,
       })
     );
   }, [props.show]);
@@ -36,6 +40,7 @@ const ShowUserListDialog = (props) => {
         </Modal.Header>
 
         <Modal.Body>
+          {error ? <p className="error">{error}</p> : null}
           {users && users.length === 0 ? <p>No users found</p> : null}
           {users &&
             users.map((user, index) => {

diff --git a/registry/src/store/actions/userListActions.js b/registry/src/store/actions/userListActions.js
@@ -10,23 +10,27 @@ export const fetchUserListData = ({
   packageMaintainers = false,
   namespace,
   packageName,
+  uuid,
 }) => {
   return async (dispatch) => {
     dispatch({ type: FETCH_USERS_LIST });
     let url;
+    let formData = new FormData();
+    formData.append("uuid", uuid);
 
     if (namespaceAdmins) {
-      url = `${process.env.REACT_APP_REGISTRY_API_URL}/namespace/${namespace}/admins`;
+      url = `${process.env.REACT_APP_REGISTRY_API_URL}/namespaces/${namespace}/admins`;
     } else if (namespaceMaintainers) {
-      url = `${process.env.REACT_APP_REGISTRY_API_URL}/namespace/${namespace}/maintainers`;
+      url = `${process.env.REACT_APP_REGISTRY_API_URL}/namespaces/${namespace}/maintainers`;
     } else if (packageMaintainers) {
       url = `${process.env.REACT_APP_REGISTRY_API_URL}/packages/${namespace}/${packageName}/maintainers`;
     }
 
     try {
       const result = await axios({
-        method: "get",
+        method: "post",
         url: url,
+        data: formData,
       });
 
       dispatch({
@@ -36,6 +40,7 @@ export const fetchUserListData = ({
         },
       });
     } catch (error) {
+      console.log(error);
       dispatch({
         type: FETCH_USERS_LIST_ERROR,
         payload: {

diff --git a/registry/src/store/reducers/userListReducer.js b/registry/src/store/reducers/userListReducer.js
@@ -7,6 +7,7 @@ import {
 const initialState = {
   users: null,
   isLoading: true,
+  error: null,
 };
 
 const userListReducer = (state = initialState, action) => {
@@ -15,17 +16,20 @@ const userListReducer = (state = initialState, action) => {
       return {
         ...state,
         isLoading: true,
+        error: null,
       };
     case FETCH_USERS_LIST_SUCCESS:
       return {
         ...state,
         users: action.payload.users,
         isLoading: false,
+        error: null,
       };
     case FETCH_USERS_LIST_ERROR:
       return {
         ...state,
         isLoading: false,
+        error: action.payload.message,
       };
     default:
       return state;

diff --git a/tests/test_namespaces.py b/tests/test_namespaces.py
@@ -167,7 +167,7 @@ def test_namespace_maintainers_list(self):
         namespace_name = TestNamespaces.test_namespace_data['namespace']
 
         # Get the list of maintainers.
-        response = self.client.get(f"/namespace/{namespace_name}/maintainers")
+        response = self.client.post(f"/namespaces/{namespace_name}/maintainers", data={"uuid": uuid})
         self.assertEqual(200, response.json["code"])
         self.assertEqual(1, len(response.json["users"]))
 
@@ -198,6 +198,6 @@ def test_namespace_admins_list(self):
         namespace_name = TestNamespaces.test_namespace_data['namespace']
 
         # Get the list of admins.
-        response = self.client.get(f"/namespace/{namespace_name}/admins")
+        response = self.client.post(f"/namespaces/{namespace_name}/admins", data={"uuid": uuid})
         self.assertEqual(200, response.json["code"])
         self.assertEqual(1, len(response.json["users"]))
diff --git a/tests/test_packages.py b/tests/test_packages.py
@@ -521,5 +521,5 @@ def test_package_maintainers(self):
         response = self.client.post("/packages", data=TestPackages.test_package_data)
         self.assertEqual(200, response.json["code"])
 
-        response = self.client.get(f"/packages/{TestPackages.test_namespace_data['namespace']}/{TestPackages.test_package_data['package_name']}/maintainers")
+        response = self.client.post(f"/packages/{TestPackages.test_namespace_data['namespace']}/{TestPackages.test_package_data['package_name']}/maintainers", data={"uuid": uuid})
         self.assertEqual(200, response.json["code"])