diff --git a/flask/documentation/get_namespace_admins.yaml b/flask/documentation/get_namespace_admins.yaml index 57344176..4cce51f4 100644 --- a/flask/documentation/get_namespace_admins.yaml +++ b/flask/documentation/get_namespace_admins.yaml @@ -1,10 +1,18 @@ -description: Get admins of a namespace. +description: Verifies by uuid of the user and gets the namespace admins. + parameters: - name: namespace in: path description: Namespace name required: true type: string + + - name: uuid + in: formData + required: true + type: string + description: UUID of the user + responses: 200: description: Admins found @@ -12,7 +20,7 @@ responses: type: object properties: code: - type: string + type: integer description: Response status code admins: type: array @@ -32,7 +40,7 @@ responses: type: object properties: code: - type: string + type: integer description: Response status code message: type: string diff --git a/flask/documentation/get_namespace_maintainers.yaml b/flask/documentation/get_namespace_maintainers.yaml index 014fbfb7..152c9255 100644 --- a/flask/documentation/get_namespace_maintainers.yaml +++ b/flask/documentation/get_namespace_maintainers.yaml @@ -1,10 +1,18 @@ -description: Get maintainers of a namespace. +description: Verifies using uuid of the user and gets the namespace maintainers. + parameters: - name: namespace in: path description: Namespace name required: true type: string + + - name: uuid + in: formData + description: UUID of the user + required: true + type: string + responses: 200: description: Maintainers found @@ -32,8 +40,20 @@ responses: type: object properties: code: - type: string + type: integer description: Response status code message: type: string description: Error message + + 401: + description: Unauthorized access + schema: + type: object + properties: + code: + type: integer + description: Response status code + message: + type: string + description: Unauthorized access diff --git a/flask/documentation/package_maintainers.yaml b/flask/documentation/package_maintainers.yaml index 2fa87836..2565d3a8 100644 --- a/flask/documentation/package_maintainers.yaml +++ b/flask/documentation/package_maintainers.yaml @@ -1,4 +1,4 @@ -description: Gets package maintainers of a package. +description: Verifies by uuid and gets the package maintainers. parameters: - name: namespace @@ -13,6 +13,12 @@ parameters: required: true type: string + - name: uuid + in: formData + required: true + type: string + description: UUID of the user + responses: 200: description: Package Found. @@ -46,3 +52,15 @@ responses: message: type: string description: Package or Namespace not found. + + 401: + description: Unauthorized access + schema: + type: object + properties: + code: + type: integer + description: response status code + message: + type: string + description: Unauthorized access diff --git a/flask/namespaces.py b/flask/namespaces.py index 7f66c4d8..c7ba18f9 100644 --- a/flask/namespaces.py +++ b/flask/namespaces.py @@ -183,14 +183,27 @@ def namespace_packages(namespace): 200, ) -@app.route("/namespace//admins", methods=["GET"]) -@swag_from("documentation/get_namespace_admins.yaml", methods=["GET"]) +@app.route("/namespaces//admins", methods=["POST"]) +@swag_from("documentation/get_namespace_admins.yaml", methods=["POST"]) def namespace_admins(namespace): + uuid = request.form.get("uuid") + + if not uuid: + return jsonify({"code": 401, "message": "Unauthorized"}), 401 + + user = db.users.find_one({"uuid": uuid}) + + if not user: + return jsonify({"code": 404, "message": "User not found"}), 404 + namespace_doc = db.namespaces.find_one({"namespace": namespace}) if not namespace_doc: return jsonify({"code": 404, "message": "Namespace not found"}), 404 + if not user["_id"] in namespace_doc["admins"] and not user["_id"] in namespace_doc["maintainers"]: + return jsonify({"code": 401, "message": "Unauthorized"}), 401 + admins = [] for i in namespace_doc["admins"]: @@ -202,14 +215,27 @@ def namespace_admins(namespace): return jsonify({"code": 200, "users": admins}), 200 -@app.route("/namespace//maintainers", methods=["GET"]) -@swag_from("documentation/get_namespace_maintainers.yaml", methods=["GET"]) +@app.route("/namespaces//maintainers", methods=["POST"]) +@swag_from("documentation/get_namespace_maintainers.yaml", methods=["POST"]) def namespace_maintainers(namespace): + uuid = request.form.get("uuid") + + if not uuid: + return jsonify({"code": 401, "message": "Unauthorized"}), 401 + + user = db.users.find_one({"uuid": uuid}) + + if not user: + return jsonify({"code": 404, "message": "User not found"}), 404 + namespace_doc = db.namespaces.find_one({"namespace": namespace}) if not namespace_doc: return jsonify({"code": 404, "message": "Namespace not found"}), 404 + if not user["_id"] in namespace_doc["admins"] and not user["_id"] in namespace_doc["maintainers"]: + return jsonify({"code": 401, "message": "Unauthorized"}), 401 + maintainers = [] for i in namespace_doc["maintainers"]: diff --git a/flask/packages.py b/flask/packages.py index 156a5842..c38a6204 100644 --- a/flask/packages.py +++ b/flask/packages.py @@ -740,10 +740,19 @@ def create_token_upload_token_package(namespace_name, package_name): 200, ) - @app.route("/packages///maintainers", methods=["GET"]) @swag_from("documentation/package_maintainers.yaml", methods=["GET"]) def package_maintainers(namespace, package): + uuid = request.form.get("uuid") + + if not uuid: + return jsonify({"code": 401, "message": "Unauthorized"}), 401 + + user = db.users.find_one({"uuid": uuid}) + + if not user: + return jsonify({"code": 401, "message": "Unauthorized"}), 401 + namespace_doc = db.namespaces.find_one({"namespace": namespace}) if not namespace_doc: diff --git a/registry/src/pages/showUserListDialog.js b/registry/src/pages/showUserListDialog.js index b99f29bb..0d69d758 100644 --- a/registry/src/pages/showUserListDialog.js +++ b/registry/src/pages/showUserListDialog.js @@ -6,6 +6,9 @@ import { MDBIcon } from "mdbreact"; const ShowUserListDialog = (props) => { const users = useSelector((state) => state.userList.users); + const uuid = useSelector((state) => state.auth.uuid); + const error = useSelector((state) => state.userList.error); + const dispatch = useDispatch(); useEffect(() => { @@ -20,6 +23,7 @@ const ShowUserListDialog = (props) => { packageMaintainers: props.packagemaintainers, namespace: props.namespace, packageName: props.package, + uuid: uuid, }) ); }, [props.show]); @@ -36,6 +40,7 @@ const ShowUserListDialog = (props) => { + {error ?

{error}

: null} {users && users.length === 0 ?

No users found

: null} {users && users.map((user, index) => { diff --git a/registry/src/store/actions/userListActions.js b/registry/src/store/actions/userListActions.js index c66d4356..2828d61e 100644 --- a/registry/src/store/actions/userListActions.js +++ b/registry/src/store/actions/userListActions.js @@ -10,23 +10,27 @@ export const fetchUserListData = ({ packageMaintainers = false, namespace, packageName, + uuid, }) => { return async (dispatch) => { dispatch({ type: FETCH_USERS_LIST }); let url; + let formData = new FormData(); + formData.append("uuid", uuid); if (namespaceAdmins) { - url = `${process.env.REACT_APP_REGISTRY_API_URL}/namespace/${namespace}/admins`; + url = `${process.env.REACT_APP_REGISTRY_API_URL}/namespaces/${namespace}/admins`; } else if (namespaceMaintainers) { - url = `${process.env.REACT_APP_REGISTRY_API_URL}/namespace/${namespace}/maintainers`; + url = `${process.env.REACT_APP_REGISTRY_API_URL}/namespaces/${namespace}/maintainers`; } else if (packageMaintainers) { url = `${process.env.REACT_APP_REGISTRY_API_URL}/packages/${namespace}/${packageName}/maintainers`; } try { const result = await axios({ - method: "get", + method: "post", url: url, + data: formData, }); dispatch({ @@ -36,6 +40,7 @@ export const fetchUserListData = ({ }, }); } catch (error) { + console.log(error); dispatch({ type: FETCH_USERS_LIST_ERROR, payload: { diff --git a/registry/src/store/reducers/userListReducer.js b/registry/src/store/reducers/userListReducer.js index c33f0d15..85e12a1a 100644 --- a/registry/src/store/reducers/userListReducer.js +++ b/registry/src/store/reducers/userListReducer.js @@ -7,6 +7,7 @@ import { const initialState = { users: null, isLoading: true, + error: null, }; const userListReducer = (state = initialState, action) => { @@ -15,17 +16,20 @@ const userListReducer = (state = initialState, action) => { return { ...state, isLoading: true, + error: null, }; case FETCH_USERS_LIST_SUCCESS: return { ...state, users: action.payload.users, isLoading: false, + error: null, }; case FETCH_USERS_LIST_ERROR: return { ...state, isLoading: false, + error: action.payload.message, }; default: return state; diff --git a/tests/test_namespaces.py b/tests/test_namespaces.py index f049deaa..b6dbae3e 100644 --- a/tests/test_namespaces.py +++ b/tests/test_namespaces.py @@ -167,7 +167,7 @@ def test_namespace_maintainers_list(self): namespace_name = TestNamespaces.test_namespace_data['namespace'] # Get the list of maintainers. - response = self.client.get(f"/namespace/{namespace_name}/maintainers") + response = self.client.post(f"/namespaces/{namespace_name}/maintainers", data={"uuid": uuid}) self.assertEqual(200, response.json["code"]) self.assertEqual(1, len(response.json["users"])) @@ -198,6 +198,6 @@ def test_namespace_admins_list(self): namespace_name = TestNamespaces.test_namespace_data['namespace'] # Get the list of admins. - response = self.client.get(f"/namespace/{namespace_name}/admins") + response = self.client.post(f"/namespaces/{namespace_name}/admins", data={"uuid": uuid}) self.assertEqual(200, response.json["code"]) self.assertEqual(1, len(response.json["users"])) \ No newline at end of file diff --git a/tests/test_packages.py b/tests/test_packages.py index 96ee171f..9b0d7c6a 100644 --- a/tests/test_packages.py +++ b/tests/test_packages.py @@ -521,5 +521,5 @@ def test_package_maintainers(self): response = self.client.post("/packages", data=TestPackages.test_package_data) self.assertEqual(200, response.json["code"]) - response = self.client.get(f"/packages/{TestPackages.test_namespace_data['namespace']}/{TestPackages.test_package_data['package_name']}/maintainers") + response = self.client.post(f"/packages/{TestPackages.test_namespace_data['namespace']}/{TestPackages.test_package_data['package_name']}/maintainers", data={"uuid": uuid}) self.assertEqual(200, response.json["code"]) \ No newline at end of file