diff --git a/backend/dataall/modules/dashboards/__init__.py b/backend/dataall/modules/dashboards/__init__.py index ffbc8e92d..068a1f97f 100644 --- a/backend/dataall/modules/dashboards/__init__.py +++ b/backend/dataall/modules/dashboards/__init__.py @@ -5,7 +5,6 @@ from dataall.base.loader import ImportMode, ModuleInterface - log = logging.getLogger(__name__) @@ -33,8 +32,9 @@ def __init__(self): from dataall.modules.catalog.indexers.registry import GlossaryRegistry, GlossaryDefinition from dataall.modules.vote.services.vote_service import add_vote_type from dataall.modules.dashboards.indexers.dashboard_indexer import DashboardIndexer + from dataall.modules.dashboards.services.dashboard_permissions import GET_DASHBOARD - FeedRegistry.register(FeedDefinition('Dashboard', Dashboard)) + FeedRegistry.register(FeedDefinition('Dashboard', Dashboard, GET_DASHBOARD)) GlossaryRegistry.register( GlossaryDefinition( diff --git a/backend/dataall/modules/datapipelines/__init__.py b/backend/dataall/modules/datapipelines/__init__.py index 7b1a56334..171a6a311 100644 --- a/backend/dataall/modules/datapipelines/__init__.py +++ b/backend/dataall/modules/datapipelines/__init__.py @@ -35,7 +35,7 @@ def __init__(self): ) import dataall.modules.datapipelines.api - FeedRegistry.register(FeedDefinition('DataPipeline', DataPipeline)) + FeedRegistry.register(FeedDefinition('DataPipeline', DataPipeline, GET_PIPELINE)) TargetType('pipeline', GET_PIPELINE, UPDATE_PIPELINE, MANAGE_PIPELINES) TargetType('cdkpipeline', GET_PIPELINE, UPDATE_PIPELINE, MANAGE_PIPELINES) diff --git a/backend/dataall/modules/feed/api/registry.py b/backend/dataall/modules/feed/api/registry.py index 3fe72f245..8db914263 100644 --- a/backend/dataall/modules/feed/api/registry.py +++ b/backend/dataall/modules/feed/api/registry.py @@ -10,6 +10,7 @@ class FeedDefinition: target_type: str model: Type[Resource] + permission: str class FeedRegistry(UnionTypeRegistry): @@ -25,6 +26,10 @@ def register(cls, definition: FeedDefinition): def find_model(cls, target_type: str): return cls._DEFINITIONS[target_type].model + @classmethod + def find_permission(cls, target_type: str): + return cls._DEFINITIONS[target_type].permission + @classmethod def find_target(cls, obj: Resource): for target_type, definition in cls._DEFINITIONS.items(): diff --git a/backend/dataall/modules/feed/api/resolvers.py b/backend/dataall/modules/feed/api/resolvers.py index a3bcca622..e971d90bf 100644 --- a/backend/dataall/modules/feed/api/resolvers.py +++ b/backend/dataall/modules/feed/api/resolvers.py @@ -43,4 +43,4 @@ def resolve_feed_messages(context: Context, source: Feed, filter: dict = None): _required_uri(source.targetUri) if not filter: filter = {} - return FeedService.list_feed_messages(targetUri=source.targetUri, filter=filter) + return FeedService.list_feed_messages(targetUri=source.targetUri, targetType=source.targetType, filter=filter) diff --git a/backend/dataall/modules/feed/services/feed_service.py b/backend/dataall/modules/feed/services/feed_service.py index 364b2a575..69d271186 100644 --- a/backend/dataall/modules/feed/services/feed_service.py +++ b/backend/dataall/modules/feed/services/feed_service.py @@ -6,8 +6,10 @@ import logging from dataall.base.context import get_context +from dataall.core.permissions.services.resource_policy_service import ResourcePolicyService from dataall.modules.feed.db.feed_models import FeedMessage from dataall.modules.feed.db.feed_repository import FeedRepository +from dataall.modules.feed.api.registry import FeedRegistry logger = logging.getLogger(__name__) @@ -27,10 +29,6 @@ def targetType(self): return self._targetType -def _session(): - return get_context().db_engine.scoped_session() - - class FeedService: """ Encapsulate the logic of interactions with Feeds. @@ -41,6 +39,15 @@ def get_feed( targetUri: str = None, targetType: str = None, ) -> Feed: + context = get_context() + with context.db_engine.scoped_session() as session: + ResourcePolicyService.check_user_resource_permission( + session=session, + username=context.username, + groups=context.groups, + resource_uri=targetUri, + permission_name=FeedRegistry.find_permission(target_type=targetType), + ) return Feed(targetUri=targetUri, targetType=targetType) @staticmethod @@ -49,17 +56,33 @@ def post_feed_message( targetType: str = None, content: str = None, ): - with _session() as session: + context = get_context() + with context.db_engine.scoped_session() as session: + ResourcePolicyService.check_user_resource_permission( + session=session, + username=context.username, + groups=context.groups, + resource_uri=targetUri, + permission_name=FeedRegistry.find_permission(target_type=targetType), + ) m = FeedMessage( targetUri=targetUri, targetType=targetType, - creator=get_context().username, + creator=context.username, content=content, ) session.add(m) return m @staticmethod - def list_feed_messages(targetUri: str, filter: dict = None): - with _session() as session: + def list_feed_messages(targetUri: str, targetType: str, filter: dict = None): + context = get_context() + with context.db_engine.scoped_session() as session: + ResourcePolicyService.check_user_resource_permission( + session=session, + username=context.username, + groups=context.groups, + resource_uri=targetUri, + permission_name=FeedRegistry.find_permission(target_type=targetType), + ) return FeedRepository(session).paginated_feed_messages(uri=targetUri, filter=filter) diff --git a/backend/dataall/modules/redshift_datasets/__init__.py b/backend/dataall/modules/redshift_datasets/__init__.py index cd9e73f68..1a6f1344f 100644 --- a/backend/dataall/modules/redshift_datasets/__init__.py +++ b/backend/dataall/modules/redshift_datasets/__init__.py @@ -51,11 +51,16 @@ def __init__(self): FEED_REDSHIFT_DATASET_TABLE_NAME, VOTE_REDSHIFT_DATASET_NAME, ) - + from dataall.modules.redshift_datasets.services.redshift_dataset_permissions import ( + GET_REDSHIFT_DATASET, + GET_REDSHIFT_DATASET_TABLE, + ) import dataall.modules.redshift_datasets.api - FeedRegistry.register(FeedDefinition(FEED_REDSHIFT_DATASET_TABLE_NAME, RedshiftTable)) - FeedRegistry.register(FeedDefinition(FEED_REDSHIFT_DATASET_NAME, RedshiftDataset)) + FeedRegistry.register( + FeedDefinition(FEED_REDSHIFT_DATASET_TABLE_NAME, RedshiftTable, GET_REDSHIFT_DATASET_TABLE) + ) + FeedRegistry.register(FeedDefinition(FEED_REDSHIFT_DATASET_NAME, RedshiftDataset, GET_REDSHIFT_DATASET)) GlossaryRegistry.register( GlossaryDefinition( diff --git a/backend/dataall/modules/s3_datasets/__init__.py b/backend/dataall/modules/s3_datasets/__init__.py index dbd4f458c..42872063d 100644 --- a/backend/dataall/modules/s3_datasets/__init__.py +++ b/backend/dataall/modules/s3_datasets/__init__.py @@ -44,14 +44,16 @@ def __init__(self): from dataall.modules.s3_datasets.services.dataset_permissions import ( GET_DATASET, UPDATE_DATASET, + GET_DATASET_TABLE, + GET_DATASET_FOLDER, MANAGE_DATASETS, ) from dataall.modules.s3_datasets.db.dataset_repositories import DatasetRepository from dataall.modules.s3_datasets.db.dataset_models import DatasetStorageLocation, DatasetTable, S3Dataset - FeedRegistry.register(FeedDefinition('DatasetStorageLocation', DatasetStorageLocation)) - FeedRegistry.register(FeedDefinition('DatasetTable', DatasetTable)) - FeedRegistry.register(FeedDefinition('Dataset', S3Dataset)) + FeedRegistry.register(FeedDefinition('DatasetStorageLocation', DatasetStorageLocation, GET_DATASET_FOLDER)) + FeedRegistry.register(FeedDefinition('DatasetTable', DatasetTable, GET_DATASET_TABLE)) + FeedRegistry.register(FeedDefinition('Dataset', S3Dataset, GET_DATASET)) GlossaryRegistry.register( GlossaryDefinition(