Commit 393ca926 authored by Alexander Lercher's avatar Alexander Lercher

Merge branch 'feature/swagger-improvements' into 'develop'

Deletion security

See merge request !39
parents 5c630a95 dbf26968
...@@ -5,7 +5,7 @@ paths: ...@@ -5,7 +5,7 @@ paths:
/use-cases: /use-cases:
post: post:
security: security:
- JwtRegular: [] - JwtAdmin: []
operationId: "routes.use_case.add" operationId: "routes.use_case.add"
tags: tags:
- "Use-Cases" - "Use-Cases"
...@@ -46,9 +46,18 @@ paths: ...@@ -46,9 +46,18 @@ paths:
- "Use-Cases" - "Use-Cases"
summary: "Delete all Use-Cases" summary: "Delete all Use-Cases"
description: "Delete all Use-Cases" description: "Delete all Use-Cases"
parameters:
- name: "confirmation"
desciption: "'yes' to confirm deletion"
in: "query"
required: true
schema:
type: "string"
responses: responses:
'200': '200':
description: "Successful Request" description: "Successful Request"
'403':
description: "Confirmation required"
##### #####
# TABLES # TABLES
##### #####
...@@ -66,15 +75,24 @@ paths: ...@@ -66,15 +75,24 @@ paths:
description: "Successful Request" description: "Successful Request"
delete: delete:
security: security:
- JwtRegular: [] - JwtAdmin: []
operationId: "routes.tables.delete_all" operationId: "routes.tables.delete_all"
tags: tags:
- "Tables" - "Tables"
summary: "Delete all Tables" summary: "Delete all Tables"
description: "Delete all Tables" description: "Delete all Tables"
parameters:
- name: "confirmation"
desciption: "'yes' to confirm deletion"
in: "query"
required: true
schema:
type: "string"
responses: responses:
'200': '200':
description: "Successful Request" description: "Successful Request"
'403':
description: "Confirmation required"
/use-cases/{use_case}/tables: /use-cases/{use_case}/tables:
get: get:
security: security:
...@@ -95,7 +113,7 @@ paths: ...@@ -95,7 +113,7 @@ paths:
description: "Successful Request" description: "Successful Request"
post: post:
security: security:
- JwtRegular: [] - JwtAdmin: []
operationId: "routes.tables.add_complete" operationId: "routes.tables.add_complete"
tags: tags:
- "Tables" - "Tables"
...@@ -131,15 +149,23 @@ paths: ...@@ -131,15 +149,23 @@ paths:
description: "Name of the Use-Case the Table belongs to" description: "Name of the Use-Case the Table belongs to"
required: true required: true
type: "string" type: "string"
- name: "confirmation"
desciption: "'yes' to confirm deletion"
in: "query"
required: true
schema:
type: "string"
responses: responses:
'200': '200':
description: "Successful Request" description: "Successful Request"
'400': '400':
description: "Table with the name already exists or missing fields in the request." description: "Table with the name already exists or missing fields in the request."
'403':
description: "Confirmation required"
/use-cases/{use_case}/tables/{name}/mapping: /use-cases/{use_case}/tables/{name}/mapping:
put: put:
security: security:
- JwtRegular: [] - JwtAdmin: []
operationId: "routes.tables.put_mapping" operationId: "routes.tables.put_mapping"
tags: tags:
- "Tables" - "Tables"
...@@ -193,12 +219,21 @@ paths: ...@@ -193,12 +219,21 @@ paths:
- "Layers" - "Layers"
summary: "Delete all Layers from the DB" summary: "Delete all Layers from the DB"
description: "Delete all Layers from the DB" description: "Delete all Layers from the DB"
parameters:
- name: "confirmation"
desciption: "'yes' to confirm deletion"
in: "query"
required: true
schema:
type: "string"
responses: responses:
'200': '200':
description: "Successful Request" description: "Successful Request"
'403':
description: "confirmation required"
post: post:
security: security:
- JwtRegular: [] - JwtAdmin: []
operationId: "routes.layer.add_complete" operationId: "routes.layer.add_complete"
tags: tags:
- "Layers" - "Layers"
...@@ -243,7 +278,7 @@ paths: ...@@ -243,7 +278,7 @@ paths:
/use-cases/{use_case}/tables/{table}/layers/{name}/cluster-mapping: /use-cases/{use_case}/tables/{table}/layers/{name}/cluster-mapping:
put: put:
security: security:
- JwtRegular: [] - JwtAdmin: []
operationId: "routes.layer.add_cluster_mapping" operationId: "routes.layer.add_cluster_mapping"
tags: tags:
- "Layers" - "Layers"
...@@ -284,7 +319,7 @@ paths: ...@@ -284,7 +319,7 @@ paths:
description: "Field in request is missing or attribute does not exist in the Layer" description: "Field in request is missing or attribute does not exist in the Layer"
delete: delete:
security: security:
- JwtRegular: [] - JwtAdmin: []
operationId: "routes.layer.delete_cluster_mapping" operationId: "routes.layer.delete_cluster_mapping"
tags: tags:
- "Layers" - "Layers"
...@@ -316,6 +351,12 @@ paths: ...@@ -316,6 +351,12 @@ paths:
type: string type: string
example: "end_time" example: "end_time"
description: "Internal name of the attribute" description: "Internal name of the attribute"
- name: "confirmation"
desciption: "'yes' to confirm deletion"
in: "query"
required: true
schema:
type: "string"
responses: responses:
'200': '200':
description: "Successful Request" description: "Successful Request"
...@@ -323,6 +364,8 @@ paths: ...@@ -323,6 +364,8 @@ paths:
description: "Layer does not exist" description: "Layer does not exist"
'400': '400':
description: "Field in request is missing or attribute does not exist in the Layer" description: "Field in request is missing or attribute does not exist in the Layer"
'403':
description: "Confirmation required"
/use-cases/{use_case}/layers: /use-cases/{use_case}/layers:
get: get:
security: security:
...@@ -375,7 +418,7 @@ paths: ...@@ -375,7 +418,7 @@ paths:
description: "Layer does not exist" description: "Layer does not exist"
delete: delete:
security: security:
- JwtRegular: [] - JwtAdmin: []
operationId: "routes.layer.delete_one" operationId: "routes.layer.delete_one"
tags: tags:
- "Layers" - "Layers"
...@@ -397,15 +440,23 @@ paths: ...@@ -397,15 +440,23 @@ paths:
description: "Name of the Layer" description: "Name of the Layer"
required: true required: true
type: "string" type: "string"
- name: "confirmation"
desciption: "'yes' to confirm deletion"
in: "query"
required: true
schema:
type: "string"
responses: responses:
'200': '200':
description: "Successful Request" description: "Successful Request"
'404': '404':
description: "Layer does not exist" description: "Layer does not exist"
'403':
description: "Confirmation required"
/use-cases/{use_case}/layers/{name}/mapping: /use-cases/{use_case}/layers/{name}/mapping:
put: put:
security: security:
- JwtRegular: [] - JwtAdmin: []
operationId: "routes.layer.add_mapping" operationId: "routes.layer.add_mapping"
tags: tags:
- "Layers" - "Layers"
...@@ -458,6 +509,12 @@ paths: ...@@ -458,6 +509,12 @@ paths:
required: true required: true
schema: schema:
$ref: '#/definitions/LayerMapping' $ref: '#/definitions/LayerMapping'
- name: "confirmation"
desciption: "'yes' to confirm deletion"
in: "query"
required: true
schema:
type: "string"
responses: responses:
'200': '200':
description: "Successful Request" description: "Successful Request"
...@@ -465,6 +522,8 @@ paths: ...@@ -465,6 +522,8 @@ paths:
description: "Layer does not exist" description: "Layer does not exist"
'400': '400':
description: "Field in request is missing" description: "Field in request is missing"
'403':
description: "Confirmation required"
definitions: definitions:
LayerMapping: LayerMapping:
......
...@@ -16,10 +16,16 @@ def all(): ...@@ -16,10 +16,16 @@ def all():
return [layer.to_serializable_dict() for layer in layer_repository.all()] return [layer.to_serializable_dict() for layer in layer_repository.all()]
def delete_all_layers(): def delete_all_layers(confirmation: str):
''' '''
delete all layers from the DB delete all layers from the DB
@params:
confirmation - Required : "yes" to confirm deletion
''' '''
if confirmation != "yes"
return Response(status=403)
layer_repository.delete_all() layer_repository.delete_all()
return Response(status=200) return Response(status=200)
...@@ -142,7 +148,7 @@ def one(use_case: str, table: str, name: str): ...@@ -142,7 +148,7 @@ def one(use_case: str, table: str, name: str):
return Response(status=200, response=json.dumps(layer.to_serializable_dict())) return Response(status=200, response=json.dumps(layer.to_serializable_dict()))
def delete_mapping(use_case: str, table: str, name: str): def delete_mapping(use_case: str, table: str, name: str, confirmation: str):
''' '''
delete a mapping from the layer identified by the internal representation delete a mapping from the layer identified by the internal representation
...@@ -150,6 +156,7 @@ def delete_mapping(use_case: str, table: str, name: str): ...@@ -150,6 +156,7 @@ def delete_mapping(use_case: str, table: str, name: str):
use_case - Required : String-identifier for the Use-Case the Layer belongs to use_case - Required : String-identifier for the Use-Case the Layer belongs to
table - Required : unique identifier of the Table the Layer belongs to table - Required : unique identifier of the Table the Layer belongs to
name - Required : unique identifier for the Layer name - Required : unique identifier for the Layer
confirmation- Required : "yes" to confirm deletion
''' '''
use_case_repository.put(use_case) use_case_repository.put(use_case)
...@@ -206,7 +213,7 @@ def add_mapping(name: str, table: str, use_case: str): ...@@ -206,7 +213,7 @@ def add_mapping(name: str, table: str, use_case: str):
return Response(status=200) return Response(status=200)
def delete_one(use_case: str, table: str, name: str): def delete_one(use_case: str, table: str, name: str, confirmation: str):
''' '''
delete a layer and all its mappings from the Db delete a layer and all its mappings from the Db
...@@ -214,8 +221,11 @@ def delete_one(use_case: str, table: str, name: str): ...@@ -214,8 +221,11 @@ def delete_one(use_case: str, table: str, name: str):
use_case - Required : String-identifier for the Use-Case the Layer belongs to use_case - Required : String-identifier for the Use-Case the Layer belongs to
table - Required : unique identifier of the Table the Layer belongs to table - Required : unique identifier of the Table the Layer belongs to
name - Required : unique identifier for the Layer name - Required : unique identifier for the Layer
confirmation- Required : "yes" to confirm deletion
''' '''
if confirmation != "yes"
return Response(status=403)
layer = layer_repository.one(name, use_case, table) layer = layer_repository.one(name, use_case, table)
if layer == None: if layer == None:
......
...@@ -51,10 +51,18 @@ def add_complete(use_case: str): ...@@ -51,10 +51,18 @@ def add_complete(use_case: str):
return Response(status=200) return Response(status=200)
def delete_all_for_use_case(use_case: str): def delete_all_for_use_case(use_case: str, confirmation: str):
if confirmation != "yes"
return Response(status=403)
table_repository.delete_for_use_case(use_case) table_repository.delete_for_use_case(use_case)
return Response(status=200) return Response(status=200)
def delete_all(): def delete_all():
if confirmation != "yes"
return Response(status=403)
table_repository.delete_all() table_repository.delete_all()
return Response(status=200) return Response(status=200)
\ No newline at end of file
...@@ -15,7 +15,11 @@ repository = Repository() ...@@ -15,7 +15,11 @@ repository = Repository()
def all(): def all():
return [use_case.to_serializable_dict() for use_case in use_case_repository.all()] return [use_case.to_serializable_dict() for use_case in use_case_repository.all()]
def delete_all(): def delete_all(confirmation: str):
if confirmation != "yes"
return Response(status=403)
use_case_repository.delete_all() use_case_repository.delete_all()
repository.delete_all() repository.delete_all()
table_repository.delete_all() table_repository.delete_all()
......
...@@ -17,4 +17,4 @@ def receive(): ...@@ -17,4 +17,4 @@ def receive():
def isBlockchainTraceValid(trace) -> bool: def isBlockchainTraceValid(trace) -> bool:
# different for every use case, no global schema # different for every use case, no global schema
return 'ApplicationType' in trace return 'ApplicationType' in trace and 'docType' in trace
...@@ -52,7 +52,7 @@ def delete(username): ...@@ -52,7 +52,7 @@ def delete(username):
return Response(status = 204) return Response(status = 204)
except ValueError as e: except ValueError as e:
# return 400 if the user already exists # return 400 if the user does not exist
return Response(status = 400, response=str(e)) return Response(status = 400, response=str(e))
def add(): def add():
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment