WIP

ITISFoundation · Aug 14, 2024 · ddfda2d · ddfda2d
1 parent 760ff64
commit ddfda2d
Show file tree

Hide file tree

Showing 3 changed files with 48 additions and 13 deletions.
diff --git a/services/storage/src/simcore_service_storage/db_access_layer.py b/services/storage/src/simcore_service_storage/db_access_layer.py
@@ -45,6 +45,7 @@
 from models_library.projects import ProjectID
 from models_library.projects_nodes_io import StorageFileID
 from models_library.users import GroupID, UserID
+from simcore_postgres_database.models.projects import projects
 from simcore_postgres_database.storage_models import file_meta_data, user_to_groups
 
 logger = logging.getLogger(__name__)
@@ -154,6 +155,24 @@ async def list_projects_access_rights(
     return projects_access_rights
 
 
+def _get_project_access_rights_stmt(user_id: UserID, project_id: ProjectID):
+    user_gids = (
+        sa.select(sa.func.array_agg(sa.cast(user_to_groups.c.gid, sa.String)))
+        .where(user_to_groups.c.uid == f"{user_id}")
+        .group_by(user_to_groups.c.uid)
+    )
+
+    return sa.select(projects.c.prj_owner, projects.c.access_rights).where(
+        (projects.c.uuid == f"{project_id}")
+        & (
+            (projects.c.prj_owner == f"{user_id}")
+            | sa.func.jsonb_exists_any(
+                projects.c.access_rights, user_gids.scalar_subquery()
+            )
+        )
+    )
+
+
 async def get_project_access_rights(
     conn: SAConnection, user_id: UserID, project_id: ProjectID
 ) -> AccessRights:

diff --git a/...s/storage/tests/unit/test_access_layer.py → ...torage/tests/unit/test_db_access_layer.py b/...s/storage/tests/unit/test_access_layer.py → ...torage/tests/unit/test_db_access_layer.py
@@ -1,11 +1,9 @@
-# pylint:disable=unused-variable
-# pylint:disable=unused-argument
-# pylint:disable=redefined-outer-name
+# pylint: disable=redefined-outer-name
+# pylint: disable=unused-argument
+# pylint: disable=unused-variable
+# pylint: disable=too-many-arguments
 
 
-from typing import Iterable
-
-import pytest
 from aiopg.sa.engine import Engine
 from models_library.projects import ProjectID
 from models_library.users import UserID
@@ -18,13 +16,6 @@
 pytest_simcore_core_services_selection = ["postgres"]
 
 
-@pytest.fixture
-async def filemeta_id(
-    user_id: UserID, project_id: ProjectID, aiopg_engine: Engine
-) -> Iterable[str]:
-    raise NotImplementedError()
-
-
 async def test_access_rights_on_owned_project(
     user_id: UserID, project_id: ProjectID, aiopg_engine: Engine
 ):

diff --git a/services/storage/tests/unit/test_db_access_layer_sql.py b/services/storage/tests/unit/test_db_access_layer_sql.py
@@ -0,0 +1,25 @@
+# pylint: disable=redefined-outer-name
+# pylint: disable=unused-argument
+# pylint: disable=unused-variable
+# pylint: disable=too-many-arguments
+
+
+from faker import Faker
+from simcore_postgres_database.utils import as_postgres_sql_query_str
+from simcore_service_storage.db_access_layer import _get_project_access_rights_stmt
+
+
+def test_build_access_rights_sql_statements(faker: Faker):
+    def _check(func_smt, **kwargs):
+        print()
+        print(f"{func_smt.__name__:*^100}")
+        stmt = func_smt(**kwargs)
+        print()
+        print(as_postgres_sql_query_str(stmt))
+        print()
+
+    _check(
+        _get_project_access_rights_stmt,
+        user_id=42,
+        project_id=faker.uuid4(),
+    )