Feature/grdm 202403 step3/2.2.1 service access control setting re create branch

addons/binderhub/static/node-cfg.js

@@ -99,6 +99,9 @@ function NodeSettings() {
         callback();
       }
     }).fail(function(xhr, status, error) {
+      if (osfHelpers.handleErrorResponse(xhr) === false) {
+        return;
+      }
       Raven.captureMessage('Error while retrieving addon info', {
         extra: {
           url: url,

admin/base/schemas/config-schema.json

@@ -0,0 +1,34 @@
+{
+  "type": "object",
+  "patternProperties": {
+    "^[^\\n]+$": {
+      "type": "object",
+      "properties": {
+        "function_name": {
+          "type": "string",
+          "pattern": "\\S+"
+        },
+        "api_group": {
+          "type": "array",
+          "minItems": 1,
+          "items": {
+            "type": "object",
+            "properties": {
+              "api": {
+                "type": "string",
+                "pattern": "\\S+"
+              },
+              "method": {
+                "type": "string",
+                "pattern": "\\S+"
+              }
+            },
+            "required": ["api", "method"]
+          }
+        }
+      },
+      "required": ["function_name", "api_group"]
+    }
+  },
+  "additionalProperties": false
+}

admin/base/schemas/service-access-control-setting-schema.json

@@ -0,0 +1,55 @@
+{
+  "type": "object",
+  "properties": {
+    "data": {
+      "type": "array",
+      "minItems": 1,
+      "items": {
+        "type": "object",
+        "properties": {
+          "institution_id": {
+            "type": "string",
+            "maxLength": 255
+          },
+          "domain": {
+            "type": "string",
+            "maxLength": 255,
+            "pattern": "^(default)$|^(?!\\d+\\.)+(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\\.)+[a-z0-9]{0,62}[a-z0-9]$"
+          },
+          "is_ial2_or_aal2": {
+            "type": "boolean"
+          },
+          "user_domain": {
+            "type": "string",
+            "maxLength": 255,
+            "pattern": "^(default)$|^(@|\\.|)(?!\\d+\\.)+(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\\.)+[a-z0-9]{0,62}[a-z0-9]$"
+          },
+          "project_limit_number": {
+            "type": "integer",
+            "minimum": 1,
+            "maximum": 2147483647
+          },
+          "is_whitelist": {
+            "type": "boolean"
+          },
+          "function_codes": {
+            "type": "array",
+            "minItems": 1,
+            "items": {
+              "type": "string"
+            }
+          }
+        },
+        "required": [
+          "institution_id",
+          "domain",
+          "is_ial2_or_aal2",
+          "user_domain",
+          "is_whitelist",
+          "function_codes"
+        ]
+      }
+    }
+  },
+  "required": ["data"]
+}

admin/base/schemas/utils.py

@@ -1,5 +1,6 @@
 # -*- coding: utf-8 -*-
 import json
+import jsonschema
 import os
 
 here = os.path.split(os.path.abspath(__file__))[0]
@@ -8,3 +9,37 @@
 def from_json(file_name):
     with open(os.path.join(here, file_name)) as f:
         return json.load(f)
+
+
+def validate_json_schema(value, json_schema_name):
+    """ Validate JSON data with JSON schema """
+    # Load JSON schema file
+    json_schema = from_json(json_schema_name)
+    # Validate data with the JSON schema
+    jsonschema.validate(value, json_schema)
+
+
+def validate_config_schema(value, json_schema_name):
+    """ Validate the config JSON data with config JSON schema and additional logic"""
+    # Validate data with the JSON schema
+    validate_json_schema(value, json_schema_name)
+    # Additional validation for config JSON file
+    function_name_list = []
+    api_group_list = []
+    for json_key, json_value in value.items():
+        function_name = json_value.get('function_name')
+        api_group = json_value.get('api_group', [])
+        function_name_list.append(function_name)
+        api_group_list.extend([(item.get('api'), item.get('method'),) for item in api_group])
+
+    # Check if 'function_name' is unique
+    is_function_name_list_unique = len(function_name_list) == len(set(function_name_list))
+    if not is_function_name_list_unique:
+        # If 'function_name' is not unique, raise validation error
+        raise jsonschema.ValidationError('Config data is invalid: there are non-unique function_name')
+
+    # Check if 'api_group' is unique
+    is_api_group_list_unique = len(api_group_list) == len(set(api_group_list))
+    if not is_api_group_list_unique:
+        # If 'api_group' is not unique, raise validation error
+        raise jsonschema.ValidationError('Config data is invalid: there are non-unique api_group')

admin/base/settings/defaults.py

@@ -259,7 +259,7 @@
 WSGI_APPLICATION = 'admin.base.wsgi.application'
 ADMIN_BASE = ''
 STATIC_URL = '/static/'
-LOGIN_URL = 'account/login/'
+LOGIN_URL = '/account/login/'
 LOGIN_REDIRECT_URL = ADMIN_BASE
 
 STATIC_ROOT = os.path.join(os.path.dirname(BASE_DIR), 'static_root')

admin/base/urls.py

@@ -49,6 +49,7 @@
             url(r'^institutional_storage_quota_control/', include('admin.institutional_storage_quota_control.urls',
                                                                   namespace='institutional_storage_quota_control')),
             url(r'^metadata/', include('admin.rdm_metadata.urls', namespace='metadata')),
+            url(r'^service_access_control/', include('admin.service_access_control_setting.urls', namespace='service_access_control_setting')),
         ]),
     ),
 ]

admin/service_access_control_setting/settings/config_data.json

@@ -0,0 +1,129 @@
+{
+    "function_001":{
+        "function_name":"プロジェクト作成",
+        "api_group":[
+            {
+                "api":"^\/v2\/nodes\/?$",
+                "method":"POST"
+            },
+            {
+                "api":"^\/api\/v1\/project\/[a-z0-9A-Z]+\/?$",
+                "method":"PUT"
+            },
+            {
+                "api":"^\/api\/v1\/project\/[a-z0-9A-Z]+\/?$",
+                "method":"DELETE"
+            },
+            {
+                "api":"^\/api\/v1\/project\/[a-z0-9A-Z]+\/edit\/?$",
+                "method":"POST"
+            },
+            {
+                "api":"^\/v2\/nodes\/[a-z0-9A-Z]+\/children\/?$",
+                "method":"POST"
+            },
+            {
+                "api":"^\/v2\/nodes\/[a-z0-9A-Z]+\/forks\/?$",
+                "method":"POST"
+            },
+            {
+                "api":"^\/api\/v1\/project\/new\/[a-z0-9A-Z]+\/?$",
+                "method":"POST"
+            },
+            {
+                "api":"^\/v2\/nodes\/[a-z0-9A-Z]+\/node_links\/?$",
+                "method":"POST"
+            },
+            {
+                "api":"^\/api\/v1\/project\/[a-z0-9A-Z]+\/pointer\/?$",
+                "method":"DELETE"
+            },
+            {
+                "api":"^\/v2\/nodes\/[a-z0-9A-Z]+\/?$",
+                "method":"PATCH"
+            },
+            {
+                "api":"^\/api\/v1\/pointer\/?$",
+                "method":"POST"
+            },
+            {
+                "api":"^\/v2\/collections\/[a-z0-9A-Z]+\/relationships\/linked_nodes\/?$",
+                "method":"DELETE"
+            },
+            {
+                "api":"^\/v2\/nodes\/?$",
+                "method":"PATCH"
+            },
+            {
+                "api":"^\/api\/v1\/project\/[a-z0-9A-Z]+\/invite_contributor\/?$",
+                "method":"POST"
+            },
+            {
+                "api":"^\/api\/v1\/project\/[a-z0-9A-Z]+\/contributors\/?$",
+                "method":"POST"
+            },
+            {
+                "api":"^\/api\/v1\/project\/[a-z0-9A-Z]+\/contributor\/remove\/?$",
+                "method":"POST"
+            },
+            {
+                "api":"^\/api\/v1\/project\/[a-z0-9A-Z]+\/contributors\/manage\/?$",
+                "method":"POST"
+            },
+            {
+                "api":"^\/api\/v1\/project\/[a-z0-9A-Z]+\/private_link\/?$",
+                "method":"POST"
+            },
+            {
+                "api":"^\/api\/v1\/project\/[a-z0-9A-Z]+\/private_link\/?$",
+                "method":"DELETE"
+            },
+            {
+                "api":"^\/v2\/nodes\/?$",
+                "method":"DELETE"
+            }
+        ]
+    },
+    "function_002":{
+        "function_name":"アドオン",
+        "api_group":[
+            {
+                "api":"^\/[a-z0-9A-Z]+\/addons\/?$",
+                "method":"GET"
+            },
+            {
+                "api":"^\/api\/v1\/project\/[a-z0-9A-Z]+\/settings\/addons\/?$",
+                "method":"POST"
+            },
+            {
+                "api":"^\/api\/v1\/settings\/[a-z0-9A-Z]+\/accounts\/?$",
+                "method":"POST"
+            },
+            {
+                "api":"^\/oauth\/connect\/[a-z0-9A-Z]+\/?$",
+                "method":"GET"
+            },
+            {
+                "api":"^\/api\/v1\/project\/[a-z0-9A-Z]+\/binderhub\/settings\/?$",
+                "method":"PUT"
+            }
+        ]
+    },
+    "function_003":{
+        "function_name":"検索",
+        "api_group":[
+            {
+                "api":"^\/search\/?",
+                "method":"GET"
+            },
+            {
+                "api":"^\/api\/v1\/search\/?$",
+                "method":"POST"
+            },
+            {
+                "api":"^\/api\/v1\/search\/[a-z0-9A-Z]+\/?$",
+                "method":"POST"
+            }
+        ]
+    }
+}

admin/service_access_control_setting/urls.py

@@ -0,0 +1,7 @@
+from django.conf.urls import url
+from . import views
+
+urlpatterns = [
+    url(r'^$', views.ServiceAccessControlSettingView.as_view(), name='list'),
+    url(r'^setting$', views.ServiceAccessControlSettingCreateView.as_view(), name='create_setting'),
+]