Add specialised route for adding creators to items

datalab-org · Aug 4, 2024 · 6fa9afc · 6fa9afc
1 parent 93dd3c6
commit 6fa9afc
Showing 1 changed file with 65 additions and 0 deletions.
diff --git a/pydatalab/pydatalab/routes/v0_1/items.py b/pydatalab/pydatalab/routes/v0_1/items.py
@@ -604,6 +604,71 @@ def create_samples():
     )  # 207: multi-status
 
 
+@ITEMS.route("/items/<refcode>/permissions", methods=["PATCH"])
+def update_item_permissions(refcode: str):
+    """Update the permissions of an item with the given refcode."""
+
+    request_json = request.get_json()
+    creator_ids: list[ObjectId] = []
+
+    if not len(refcode.split(":")) == 2:
+        refcode = f"{CONFIG.IDENTIFIER_PREFIX}:{refcode}"
+
+    current_item = flask_mongo.db.items.find_one(
+        {"refcode": refcode, **get_default_permissions(user_only=True)},
+        {"_id": 1, "creator_ids": 1},
+    )  # type: ignore
+
+    if not current_item:
+        return (
+            jsonify(
+                {
+                    "status": "error",
+                    "message": f"No valid item found with the given {refcode=}.",
+                }
+            ),
+            401,
+        )
+
+    current_creator_ids = current_item["creator_ids"]
+
+    if "creators" in request_json:
+        creator_ids = [
+            ObjectId(creator.get("immutable_id", None))
+            for creator in request_json["creators"]
+            if creator.get("immutable_id", None) is not None
+        ]
+
+    # Validate all creator IDs are present in the database
+    found_ids = [d for d in flask_mongo.db.users.find({"_id": {"$in": creator_ids}}, {"_id": 1})]  # type: ignore
+    if not len(found_ids) == len(creator_ids):
+        return (
+            jsonify(
+                {
+                    "status": "error",
+                    "message": "One or more creator IDs not found in the database.",
+                }
+            ),
+            400,
+        )
+
+    if current_creator_ids:
+        base_owner = current_creator_ids[0]
+        if base_owner not in creator_ids:
+            creator_ids.append(base_owner)
+
+    LOGGER.warning("Setting permissions for item %s to %s", refcode, creator_ids)
+    result = flask_mongo.db.items.update_one(
+        {"refcode": refcode, **get_default_permissions(user_only=True)},
+        {"$set": {"creator_ids": creator_ids}},
+    )
+
+    if not result.modified_count == 1:
+        return jsonify({"status": "error", "message": "Failed to update permissions"}), 400
+
+    return jsonify({"status": "success"}), 200
+
+
 @ITEMS.route("/items/<refcode>", methods=["DELETE"])
 @ITEMS.route("/delete-sample/", methods=["POST"])
 def delete_sample(refcode: str | None = None, item_id: str | None = None):