feat: allow to create regular apikeys for data observatory datasets

4 years ago · fdd24c6057
parent ffa1d7772f
commit fdd24c6057
4 changed files with 63 additions and 2 deletions
--- a/app/controllers/carto/api/api_key_presenter.rb
+++ b/app/controllers/carto/api/api_key_presenter.rb
@ -50,6 +50,13 @@ module Carto
          }
        end

+        if @api_key.data_observatory_datasets?
+          grants << {
+            type: 'data-observatory',
+            datasets: @api_key.data_observatory_datasets
+          }
+        end
+
        grants
      end

--- a/app/models/carto/api_key.rb
+++ b/app/models/carto/api_key.rb
@ -10,7 +10,7 @@ class ApiKeyGrantsValidator < ActiveModel::EachValidator

    record.errors[attribute] << 'only one apis section is allowed' unless value.count { |v| v[:type] == 'apis' } == 1

-    max_one_sections = ['database', 'dataservices', 'user']
+    max_one_sections = ['database', 'dataservices', 'user', 'data-observatory']
    max_one_sections.each do |section|
      if value.count { |v| v[:type] == section } > 1
        record.errors[attribute] << "only one #{section} section is allowed"
@ -255,6 +255,10 @@ module Carto
      @user_data ||= process_user_data_grants
    end

+    def data_observatory_datasets
+      @data_observatory_datasets ||= process_data_observatory_datasets
+    end
+
    def regenerate_token!
      if master?
        # Send all master key updates through the user model, avoid circular updates
@ -290,6 +294,10 @@ module Carto
      data_services.present?
    end

+    def data_observatory_datasets?
+      data_observatory_datasets.present?
+    end
+
    def valid_name_for_type
      if !master? && name == NAME_MASTER || !default_public? && name == NAME_DEFAULT_PUBLIC
        errors.add(:name, "api_key name cannot be #{NAME_MASTER} nor #{NAME_DEFAULT_PUBLIC}")
@ -455,6 +463,13 @@ module Carto
      dataset_metadata_grants.try(:[], :table_metadata)
    end

+    def process_data_observatory_datasets
+      data_observatory_grants = grants.find { |v| v[:type] == 'data-observatory' }
+      return nil unless data_observatory_grants.present?
+
+      data_observatory_grants[:datasets]
+    end
+
    def check_permissions
      # Only checks if no previous errors in JSON definition
      check_table_permissions
@ -613,6 +628,7 @@ module Carto
    def redis_hash_as_array
      hash = ['user', user.username, 'type', type, 'database_role', db_role, 'database_password', db_password]
      granted_apis.each { |api| hash += ["grants_#{api}", true] }
+      hash += ["data_observatory_datasets", data_observatory_datasets]
      hash
    end

--- a/lib/formats/carto/api_key/grants.json
+++ b/lib/formats/carto/api_key/grants.json
@ -13,7 +13,8 @@
          "apis",
          "database",
          "dataservices",
-          "user"
+          "user",
+          "data-observatory"
        ]
      },
      "apis": {
@ -115,6 +116,12 @@
      },
      "table_metadata": {
        "type": "array"
+      },
+      "datasets": {
+        "type": "array",
+        "items": {
+          "type": "string"
+        }
      }
    }
  }
--- a/spec/models/carto/api_key_spec.rb
+++ b/spec/models/carto/api_key_spec.rb
@ -82,6 +82,13 @@ describe Carto::ApiKey do
    }
  end

+  def data_observatory_datasets_grant(datasets = ['carto-do.here.pointsofinterest_pointsofinterest_usa_latlon_v1_quarterly_v1'])
+    {
+      type: 'data-observatory',
+      datasets: datasets
+    }
+  end
+
  def user_grant(data = ['profile'])
    {
      type: 'user',
@ -812,6 +819,30 @@ describe Carto::ApiKey do
      end
    end

+    describe 'data observatory datasets api key' do
+      before :each do
+        @db_role = Carto::DB::Sanitize.sanitize_identifier("carto_role_#{SecureRandom.hex}")
+        Carto::ApiKey.any_instance.stubs(:db_role).returns(@db_role)
+      end
+
+      after :each do
+        Carto::ApiKey.any_instance.unstub(:db_role)
+      end
+
+      it 'grants with data observatory datasets' do
+        grants = [apis_grant(['maps']), data_observatory_datasets_grant]
+        expected = ['carto-do.here.pointsofinterest_pointsofinterest_usa_latlon_v1_quarterly_v1']
+        api_key = @carto_user1.api_keys.create_regular_key!(name: 'data-observatory', grants: grants)
+
+        api_key.should be
+        api_key.data_observatory_datasets.should eq expected
+        data_observatory_datasets = $users_metadata.hget(api_key.send(:redis_key), :data_observatory_datasets)
+        expect(JSON.parse(data_observatory_datasets, symbolize_names: true)).to eql(expected)
+
+        api_key.destroy
+      end
+    end
+
    describe 'filter by type' do
      it 'filters just master' do
        api_keys = @carto_user1.api_keys.by_type([Carto::ApiKey::TYPE_MASTER])