From 0467efb111249e628b99969863aba6a49c2542cf Mon Sep 17 00:00:00 2001 From: Andres Garcia Mangas Date: Mon, 7 Oct 2024 12:04:42 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=9B=82=20Deny=20update=20and=20delete=20t?= =?UTF-8?q?o=20regular=20users=20on=20workflow=20jobs?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- moderate_api/authz/casbin_policy_static.csv | 4 ++-- moderate_api/entities/job/models.py | 2 +- moderate_api/entities/job/router.py | 4 ++-- tests/conftest.py | 2 +- tests/test_job.py | 5 +++++ 5 files changed, 11 insertions(+), 6 deletions(-) diff --git a/moderate_api/authz/casbin_policy_static.csv b/moderate_api/authz/casbin_policy_static.csv index 51f87df..114bd18 100644 --- a/moderate_api/authz/casbin_policy_static.csv +++ b/moderate_api/authz/casbin_policy_static.csv @@ -12,6 +12,6 @@ p, apisix:api_basic_access, access_request, update, allow p, apisix:api_basic_access, access_request, delete, allow p, apisix:api_basic_access, workflow_job, create, allow p, apisix:api_basic_access, workflow_job, read, allow -p, apisix:api_basic_access, workflow_job, update, allow -p, apisix:api_basic_access, workflow_job, delete, allow +p, apisix:api_basic_access, workflow_job, update, deny +p, apisix:api_basic_access, workflow_job, delete, deny g, apisix:api_admin, apisix:api_basic_access \ No newline at end of file diff --git a/moderate_api/entities/job/models.py b/moderate_api/entities/job/models.py index ef28a46..335d2cc 100644 --- a/moderate_api/entities/job/models.py +++ b/moderate_api/entities/job/models.py @@ -47,7 +47,7 @@ class WorkflowJobCreate(SQLModel): class WorkflowJobUpdate(SQLModel): - results: Optional[Dict] + results: Dict finalised_at: Optional[datetime] diff --git a/moderate_api/entities/job/router.py b/moderate_api/entities/job/router.py index 95cb989..bba826d 100644 --- a/moderate_api/entities/job/router.py +++ b/moderate_api/entities/job/router.py @@ -181,7 +181,7 @@ async def create_workflow_job( if not await can_user_create_job(user=user, job_create=entity, session=session): raise HTTPException( status_code=status.HTTP_400_BAD_REQUEST, - detail="A job was created too recently. Please wait before creating another job.", + detail="Not allowed to create job. Please try again later.", ) args_model = ARGUMENTS_TYPE_MAP.get(entity.job_type.value) @@ -210,7 +210,7 @@ async def create_workflow_job( entity_create_patch = await build_create_patch(user=user, session=session) - workflow_job = await create_one( + workflow_job: WorkflowJob = await create_one( user=user, entity=_ENTITY, sql_model=WorkflowJob, diff --git a/tests/conftest.py b/tests/conftest.py index 08995ee..58c4c57 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -56,7 +56,7 @@ _ENV_LOG_LEVEL: "DEBUG", _ENV_POSTGRES_URL: os.getenv( ENV_TESTS_POSTGRES_URL, - "postgresql://postgres:postgres@localhost:5432/testsmoderateapi", + "postgresql+asyncpg://postgres:postgres@localhost:5432/testsmoderateapi", ), _ENV_S3_ACCESS_KEY: os.getenv("TESTS_MINIO_ROOT_USER", "minio"), _ENV_S3_SECRET_KEY: os.getenv("TESTS_MINIO_ROOT_PASSWORD", "minio123"), diff --git a/tests/test_job.py b/tests/test_job.py index bda8218..f08e3db 100644 --- a/tests/test_job.py +++ b/tests/test_job.py @@ -45,6 +45,11 @@ async def _wait_for_matrix_profile_message( @pytest.mark.asyncio +@pytest.mark.parametrize( + "access_token", + [{"is_admin": True}], + indirect=True, +) async def test_matrix_profile_workflow_job(access_token): async with with_rabbit() as rabbit: if rabbit is None: