Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

741 refactoring. dataall.core.groups #1113

Merged
merged 3 commits into from
Mar 26, 2024

Conversation

SofiaSazonova
Copy link
Contributor

Feature or Bugfix

  • Refactoring

Detail

  • logic of group-listing was moved to services.group_service.py

Relates

Security

Please answer the questions below briefly where applicable, or write N/A. Based on
OWASP 10.

  • Does this PR introduce or modify any input fields or queries - this includes
    fetching data from storage outside the application (e.g. a database, an S3 bucket)? N/A
  • Does this PR introduce any functionality or component that requires authorization? N/A
  • Are you using or adding any cryptographic features? N/A
  • Are you introducing any new policies/roles/users? N/A

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@SofiaSazonova SofiaSazonova changed the title refactoring. dataall.core.groups 741 refactoring. dataall.core.groups Mar 20, 2024
@dlpzx
Copy link
Contributor

dlpzx commented Mar 20, 2024

Overall it looks great. There is one additional thing that we should modify on the resolvers dataall/core/groups/api/resolvers.py. As you might have noticed, we are passing context as input to all API calls, sometimes it is needed and sometimes it is not, but we still have to pass it to all calls. In addition, we are opening a session directly in the resolver and pass it to the service which then passes it on the db layer. The api layer should not start a session, should only validate input/output, then service layer validates permissions and then we can start a session. I think it is easier to see with an example. In this function, we are opening the session, before validating the permissions in the service layer. (for groups there are no permissions, but in general services validates permissions.

def list_groups(context, source, filter: dict = None):
    with context.engine.scoped_session() as session:
        return GroupService.list_groups_without_invited(session, filter)

To avoid 1. passing the context as input to all APIs and 2. starting a session before validating permissions, we released a way of accessing the context of the API at any moment. With that in mind, we should change the resolver to:

def list_groups(context, source, filter: dict = None):
      if not filter:
        filter = {}
    return GroupService.list_groups_without_invited(filter)

Note that I have added some validation for filter, because if it is None it might fail in dataall.core.groups.services.group_service.GroupService.list_invited_groups

    def list_invited_groups(session, filter: dict = None):
        category, category_uri = filter.get('type'), filter.get('uri')

Then in dataall/core/groups/services/group_service.py we should import from dataall.base.context import get_context
and use it to open a sql alchemy session.

    @staticmethod
    def list_groups_without_invited(session, filter: dict = None):
        with get_context().db_engine.scoped_session() as session:
            cognito_groups = GroupService.list_cognito_groups()
            invited_groups = GroupService.list_invited_groups(session, filter)
    
            groups = []
            for group in cognito_groups:
                if group not in invited_groups:
                    groups.append({'groupName': group})
    
            return groups

@SofiaSazonova SofiaSazonova requested a review from dlpzx March 22, 2024 17:14
Copy link
Contributor

@dlpzx dlpzx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Re-reviewed! It is ready to be merged :)

@SofiaSazonova SofiaSazonova merged commit 20ac6e7 into data-dot-all:main Mar 26, 2024
8 checks passed
@SofiaSazonova SofiaSazonova deleted the 741-groups-refactoring branch October 3, 2024 13:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants