tea/browsertrix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add id-slug lookup and restrict slugs endpoints to superadmins (#1279)

Browse Source 
Fixes #1278 
- Adds `GET /orgs/slug-lookup` endpoint returning `{id: slug}` for all
orgs
- Restricts new endpoint and existing `GET /orgs/slugs` to superadmins
This commit is contained in:
Tessa Walsh 2023-10-13 20:02:19 -04:00 committed by GitHub
parent 8466caf1d9
commit c5ca250f37
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 42 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
backend/btrixcloud/orgs.py
View File

@ -402,6 +402,13 @@ class OrgOps:
slugs = await self.orgs.distinct("slug", {}) slugs = await self.orgs.distinct("slug", {})
return {"slugs": slugs} return {"slugs": slugs}
async def get_all_org_slugs_with_ids(self):
"""Return dict with {id: slug} for all orgs."""
slug_id_map = {}
async for org in self.orgs.find({}):
slug_id_map[org["_id"]] = org["slug"]
return slug_id_map
# ============================================================================ # ============================================================================
# pylint: disable=too-many-statements # pylint: disable=too-many-statements
@ -671,7 +678,15 @@ def init_orgs_api(app, mdb, user_manager, invites, user_dep):
return await ops.get_org_metrics(org) return await ops.get_org_metrics(org)
@app.get("/orgs/slugs", tags=["organizations"]) @app.get("/orgs/slugs", tags=["organizations"])
async def get_all_org_slugs(): async def get_all_org_slugs(user: User = Depends(user_dep)):
if not user.is_superuser:
raise HTTPException(status_code=403, detail="Not Allowed")
return await ops.get_all_org_slugs() return await ops.get_all_org_slugs()
@app.get("/orgs/slug-lookup", tags=["organizations"])
async def get_all_org_slugs_with_ids(user: User = Depends(user_dep)):
if not user.is_superuser:
raise HTTPException(status_code=403, detail="Not Allowed")
return await ops.get_all_org_slugs_with_ids()
return ops return ops

26
backend/test/test_org.py
View File

@ -409,3 +409,29 @@ def test_get_org_slugs(admin_auth_headers):
assert len(slugs) == org_count assert len(slugs) == org_count
for slug in slugs: for slug in slugs:
assert slug in org_slugs assert slug in org_slugs
def test_get_org_slugs_non_superadmin(crawler_auth_headers):
r = requests.get(f"{API_PREFIX}/orgs/slugs", headers=crawler_auth_headers)
assert r.status_code == 403
assert r.json()["detail"] == "Not Allowed"
def test_get_org_slug_lookup(admin_auth_headers):
# Build an expected return from /orgs list to compare against
expected_return = {}
r = requests.get(f"{API_PREFIX}/orgs", headers=admin_auth_headers)
assert r.status_code == 200
for org in r.json()["items"]:
expected_return[org["id"]] = org["slug"]
# Fetch data from /orgs/slug-lookup and verify data is correct
r = requests.get(f"{API_PREFIX}/orgs/slug-lookup", headers=admin_auth_headers)
assert r.status_code == 200
assert r.json() == expected_return
def test_get_org_slug_lookup_non_superadmin(crawler_auth_headers):
r = requests.get(f"{API_PREFIX}/orgs/slug-lookup", headers=crawler_auth_headers)
assert r.status_code == 403
assert r.json()["detail"] == "Not Allowed"