Merge pull request #45 from SciCatProject/202402-updates

202402 updates

Author: nitrosx

Diff for: Development/v4.x/backend/authorization/authorization_samples.md

@@ -27,7 +27,7 @@ This is the list of the permissions methods available for Samples and all their
 - SampleUpdateAny
 - SampleDeleteOwner
 - SampleDeleteAny
-- SampleAttachmentCreateOnwer
+- SampleAttachmentCreateOwner
 - SampleAttachmentCreateAny
 - SampleAttachmentReadManyPublic
 - SampleAttachmentReadManyAccess
@@ -59,8 +59,8 @@ graph LR;
     SampleUpdateOwner-->SampleUpdateAny;
     SampleDelete-->SampleDeleteOwner;
     SampleDeleteOwner-->SampleDeleteAny;
-    SampleAttachmentCreate-->SampleAttachmentCreateOnwer;
-    SampleAttachmentCreateOnwer-->SampleAttachmentCreateAny;
+    SampleAttachmentCreate-->SampleAttachmentCreateOwner;
+    SampleAttachmentCreateOwner-->SampleAttachmentCreateAny;
     SampleAttachmentRead-->SampleAttachmentReadManyPublic;
     SampleAttachmentReadManyPublic-->SampleAttachmentReadManyAccess;
     SampleAttachmentReadManyAccess-->SampleAttachmentReadManyOwner;
@@ -76,20 +76,19 @@ graph LR;
 ```
 
 #### Authorization table
-| HTTP method | Endpoint | Endpoint Authentication | Anonymous | Authenticated User | Sample Groups | Admin Groups | Delete Groups | Notes |
-| -------- | ------- | ------- | ------- | ------- | ------- | ------- | ------- | ------- | 
-| POST | Samples | _SampleCreate_ | __no__ | __no__ | Any<br>_SampleCreateAny_ | Any<br>_SampleCreateAny_ | __no__ |  |
-| GET | Samples | _SampleRead_ | Public<br/>_SampleReadManyPublic_ | Has Access<br/>_SampleReadManyAccess_ | Has Access<br/>_SampleReadManyAccess_ | Any<br/>_SampleReadAny_ |  __no__  |  |
-| GET | Samples/fullquery | _SampleRead_ | Public<br/>_SampleReadManyPublic_ | Has Access<br/>_SampleReadManyAccess_ | Has Access<br/>_SampleReadManyAccess_ | Any<br/>_SampleReadAny_ |  __no__  |  |
-| GET | Samples/fullfacet | _SampleRead_ | Public<br/>_SampleReadManyPublic_ | Has Access<br/>_SampleReadManyAccess_ | Has Access<br/>_SampleReadManyAccess_ | Any<br/>_SampleReadAny_ |  __no__  |  |
-| GET | Samples/_pid_ | _SampleRead_ | Public<br/>_SampleReadOnePublic_ | Has Access<br/>_SampleReadOneAccess_ | Has Access<br/>_SampleReadOneAccess_ | Any<br/>_SampleReadAny_ |  __no__  |  |
-| GET | Samples/fullquery | _SampleRead_ | Public<br/>_SampleReadOnePublic_ | Has Access<br/>_SampleReadOneAccess_ | Has Access<br/>_SampleReadOneAccess_ | Any<br/>_SampleReadAny_ |  __no__  |  |
-| PATCH | Samples/_pid_ | _SampleUpdate_ | __no__ | __no__ | Owner<br/>_SampleUpdateOwn_ | Any<br/>_SampleUpdateAny_ | __no__ | |
-| DELETE | Samples/_pid_ | _SampleDelete_ | __no__ | __no__ | __no__ | __no__ | Any<br/>_SampleDeleteAny_ |  |
+| HTTP method | Endpoint | Endpoint Authentication | Anonymous | Authenticated User | Sample Groups | Sample Privileged Groups | Admin Groups | Delete Groups | Notes |
+| -------- | ------- | ------- | ------- | ------- | ------- | ------- | ------- | ------- | ------- |
+| POST | Samples | _SampleCreate_ | __no__ | __no__ | Owner<br>_SampleCreateOwner_ | Any<br>_SampleCreateAny_ | Any<br>_SampleCreateAny_ | __no__ |  |
+| GET | Samples | _SampleRead_ | Public<br/>_SampleReadManyPublic_ | Has Access<br/>_SampleReadManyAccess_ | Has Access<br/>_SampleReadManyAccess_ | Has Access<br/>_SampleReadManyAccess_ | Any<br/>_SampleReadAny_ |  __no__  |  |
+| GET | Samples/fullquery | _SampleRead_ | Public<br/>_SampleReadManyPublic_ | Has Access<br/>_SampleReadManyAccess_ | Has Access<br/>_SampleReadManyAccess_ | Has Access<br/>_SampleReadManyAccess_ | Any<br/>_SampleReadAny_ |  __no__  |  |
+| GET | Samples/fullfacet | _SampleRead_ | Public<br/>_SampleReadManyPublic_ | Has Access<br/>_SampleReadManyAccess_ | Has Access<br/>_SampleReadManyAccess_ | Has Access<br/>_SampleReadManyAccess_ | Any<br/>_SampleReadAny_ |  __no__  |  |
+| GET | Samples/_pid_ | _SampleRead_ | Public<br/>_SampleReadOnePublic_ | Has Access<br/>_SampleReadOneAccess_ | Has Access<br/>_SampleReadOneAccess_ | Has Access<br/>_SampleReadOneAccess_ | Any<br/>_SampleReadAny_ |  __no__  |  |
+| GET | Samples/fullquery | _SampleRead_ | Public<br/>_SampleReadOnePublic_ | Has Access<br/>_SampleReadOneAccess_ | Has Access<br/>_SampleReadOneAccess_ | Has Access<br/>_SampleReadOneAccess_ | Any<br/>_SampleReadAny_ |  __no__  |  |
+| PATCH | Samples/_pid_ | _SampleUpdate_ | __no__ | __no__ | Owner<br/>_SampleUpdateOwn_ | Owner<br/>_SampleUpdateOwn_ | Any<br/>_SampleUpdateAny_ | __no__ | |
+| DELETE | Samples/_pid_ | _SampleDelete_ | __no__ | __no__ | __no__ | __no__ | __no__ | Any<br/>_SampleDeleteAny_ |  |
 |||||
-| POST | Samples/_pid_/attachements | _SampleAttachementCreate_ | __no__ | __no__ | Any<br>_SampleAttachmentCreateAny_ | Any<br>_SampleAttachmentCreateAny_ | __no__ |  |
-| GET | Samples/_pid_/attachements | _SampleAttachmentRead_ | Public<br/>_SampleAttachmentReadManyPublic_ | Has Access<br/>_SampleAttachmentReadManyAccess_ | Has Access<br/>_SampleAttachmentReadManyAccess_ | Any<br/>_SampleAttachmentReadManyAny_ | __no__ | |
-| PATCH | Samples/_pid_/attachments/_aid_ | _SampleAttachmentUpdate_ | __no__ | __no__ | Owner<br/>_SampleAttachmentUpdateOwner_ | Any<br/>_SampleAttachmentUpdateAny_ | __no__ | |
-| DELETE | Samples/_pid_/attachment/_aid_ | _SampleAttachmentDelete_ | __no__ | __no__ | Onwer<br/>_SampleAttachmentDeleteOwner_ | Any<br/>_SampleAttachmentDeleteAny_ | __no__ | |
+| POST | Samples/_pid_/Attachments | _SampleAttachmentCreate_ | __no__ | __no__ | Owner<br>_SampleAttachmentCreateOwner_ | Any<br>_SampleAttachmentCreateAny_ | Any<br>_SampleAttachmentCreateAny_ | __no__ |  |
+| GET | Samples/_pid_/Attachments | _SampleAttachmentRead_ | Public<br/>_SampleAttachmentReadManyPublic_ | Has Access<br/>_SampleAttachmentReadManyAccess_ | Has Access<br/>_SampleAttachmentReadManyAccess_ | Has Access<br/>_SampleAttachmentReadManyAccess_ | Any<br/>_SampleAttachmentReadManyAny_ | __no__ | |
+| DELETE | Samples/_pid_/attachment/_aid_ | _SampleAttachmentDelete_ | __no__ | __no__ | Owner<br/>_SampleAttachmentDeleteOwner_ | Owner<br/>_SampleAttachmentDeleteOwner_ | Any<br/>_SampleAttachmentDeleteAny_ | Any<br/>_SampleAttachmentDeleteAny_ | |
 |||||
-| GET | Samples/_pid_/datasets | _SampleDatasetRead_ | Public<br/>_SampleDatasetReadOnePublic_ | Has Access<br/>_SampleDatasetReadOneAccess_ | Has Access<br/>_SampleDatasetReadOneAccess_ | Any<br/>_SampleDatasetReadOneAny_ | __no__ | |
+| GET | Samples/_pid_/datasets | _SampleDatasetRead_ | Public<br/>_SampleDatasetReadOnePublic_ | Has Access<br/>_SampleDatasetReadOneAccess_ | Has Access<br/>_SampleDatasetReadOneAccess_ | Has Access<br/>_SampleDatasetReadOneAccess_ | Any<br/>_SampleDatasetReadOneAny_ | __no__ | |

Diff for: Development/v4.x/backend/configuration.md

@@ -37,6 +37,22 @@ The list is compiled according to the configuration class defined in _src/config
   _default_: ""  
   _format_: comma separated list of strings. Leading and trailing spaces are trimmed  
 
+- PROPOSAL\_GROUPS:  
+  list of non admin groups that are allowed to create and update proposals for groups they do not belong to. If set to "#all", all users can create a dataset belonging to any group with explicit pid.  
+  _default_: ""  
+  _format_: comma separated list of strings. Leading and trailing spaces are trimmed  
+
+- SAMPLE\_GROUPS:  
+  list of non admin groups that are allowed to create and update samples for the groups they belong to. If set to "#all", all users can create a dataset belonging to their group.  
+  _default_: ""  
+  _format_: comma separated list of strings. Leading and trailing spaces are trimmed  
+
+- SAMPLE\_PRIVILEGED\_GROUPS:  
+  list of non admin groups that are allowed to create samples for any groups, but can only update samples belonging to groups they belong to.
+  _default_: ""  
+  _format_: comma separated list of strings. Leading and trailing spaces are trimmed  
+
+
 - ACCESS\_GROUPS\_STATIC\_VALUES:  
   List of groups assigned by default to all users. Used in the vanilla implementation for easy configuration.  
   If you do not want or need to assign any default group, it should be set to empty string "".  

Diff for: Development/v4.x/backend/testing/dataset_authorization.md

@@ -0,0 +1,53 @@
+# 0300: Dataset Authorization
+
+Dataset Authorization tests that authorization is correctly set for all the dataset endpoints for all the different type of users.  
+
+| Test Number | HTTP Method | Endpoint | Authenticated User | Expected Request Status | Input | Results |
+| ----- | ----- | ----- | ----- | ----- | ----- | ----- |
+| 0010 | POST | Datasets | ingestor | 200 | ```test public dataset 1``` | ```test dataset 1 with scicat pid``` |
+| 0020 | POST | Datasets | ingestor | 200 | ```test private dataset 2``` | ```test dataset 2 with scicat pid``` |
+| 0030 | POST | Datasets | ingestor | 200 | ```test private dataset 3``` | ```test dataset 3 with scicat pid``` |
+| 0040 | POST | Datasets/_PidDataset1_/origdatablocks | ingestor | 201 | ```TestData.OrigDatablockCorrect1``` | ```OrigDatablock 1 with SciCat id``` |
+| 0050 | POST | Datasets/_PidDataset1_/datablocks | ingestor | 201 | ```TestData.DatablockCorrect1``` | ```Datablock 1 with SciCat id``` |
+| 0060 | POST | Datasets/_PidDataset1_/attachements | ingestor | 201 | ```TestData.AttachementCorrect``` | ```Attachment 1 with SciCat id``` |
+| 0070 | GET | Datasets | _anonymous_ | 200 | n/a | ```dataset 1``` |
+| 0080 | GET | Datasets/_PidDataset1_ | _anonymous_ | 200 | n/a | ```dataset 1``` |
+| 0090 | GET | Datasets/_PidDataset2_ | _anonymous_ | 403 | n/a | ```Error 403, not authorized``` |
+| 0100 | GET | Datasets | ingestor | 200 | n/a | ```datasets 1,2,3``` |
+| 0110 | GET | Datasets/count | ingestor | 200 | n/a | ```{ count: 3 }``` |
+| 0120 | GET | Datasets/_PidDataset1_ | ingestor | 200 | n/a | ```dataset 1``` |
+| 0130 | GET | Datasets/fullquery | ingestor | 200 | n/a | ```dataset 1,2,3``` |
+| 0140 | GET | Datasets/_PidDataset2_ | ingestor | 200 | n/a | ```dataset 2``` |
+| 0150 | GET | Datasets/_PidDataset3_ | ingestor | 200 | n/a | ```dataset 3``` |
+| 0160 | GET | Datasets | user1 | 200 | n/a  | ```dataset 1, 2``` |
+| 0170 | GET | Datasets/count | user1 | 200 | n/a  | ```{ count: 2 }``` |
+| 0180 | GET | Datasets/_PidDataset1_ | user1 | 200 | n/a  | ```dataset 1``` |
+| 0190 | GET | Datasets/_PidDataset2_ | user1 | 200 | n/a  | ```dataset 2``` |
+| 0200 | GET | Datasets/_PidDataset3_ | user1 | 200 | n/a  | ```Error 403``` |
+| 0210 | GET | Datasets/fullquery | user1 | 200 | n/a  | ```dataset 1,2``` |
+| 0220 | GET | Datasets | user2 | 200 | n/a  | ```dataset 1,3``` |
+| 0230 | GET | Datasets/count | user2 | 200 | n/a  | ```{ count: 2 }``` |
+| 0240 | GET | Datasets/_PidDataset1_ | user2 | 200 | n/a  | ```dataset 1``` |
+| 0250 | GET | Datasets/_PidDataset2_ | user2 | 403 | n/a  | ```Error 403, not authorized``` |
+| 0260 | GET | Datasets/_PidDataset3_ | user2 | 200 | n/a  | ```dataset 3``` |
+| 0270 | GET | Datasets/fullquery | user2 | 200 | n/a  | ```dataset 1,3``` |
+| 0280 | GET | Datasets | user3 | 200 | n/a  | ```dataset 1,2,3``` |
+| 0290 | GET | Datasets/count | user3 | 200 | n/a  | ```{ count: 3 }``` |
+| 0300 | GET | Datasets/_PidDataset1_ | user3 | 200 | n/a  | ```dataset 1``` |
+| 0310 | GET | Datasets/_PidDataset2_ | user3 | 200 | n/a  | ```dataset 2``` |
+| 0320 | GET | Datasets/_PidDataset3_ | user3 | 200 | n/a  | ```dataset 3``` |
+| 0330 | GET | Datasets/fullquery | user3 | 200 | n/a  | ```dataset 1,2,3``` |
+| 0340 | POST | Datasets/_PidDataset2_ | ingestor | 200 | ```{ isPublished: true }``` | ```public dataset 2``` |
+| 0350 | GET | Datasets/fullquery | user2 | 200 | ```{ fields: { isPublished: true}}``` | ```dataset 1,2``` |
+| 0360 | GET | Datasets/fullfacet | user2 | 200 | ```{ fields: { isPublished: true}}``` | ```{ totalSets: 2 }``` |
+| 0370 | GET | Datasets/_PidDataset1_/origdatablocks | user3 | 200 | n/a | ```1 origdatablock dataset 1``` |
+| 0380 | GET | Datasets/_PidDataset1_/datablocks | user3 | 200 | n/a | ```1 datablock dataset 1``` |
+| 0390 | GET | Datasets/_PidDataset1_/attachments | user3 | 200 | n/a | ```1 attachment dataset 1``` |
+| 0400 | GET | Datasets/_PidDataset1_/thumbnail | user3 | 200 | n/a | ```thumbnail dataset 1``` |
+| 0410 | DELETE | Datasets/_PidDataset1_/attachment | archiveManager | 200 | n/a | n/a |
+| 0420 | DELETE | Datasets/_PidDataset1_/origdatablock | archiveManager | 200 | n/a | n/a |
+| 0430 | DELETE | Datasets/_PidDataset3_/datablock | archiveManager | 200 | n/a | n/a |
+| 0440 | DELETE | Datasets/_PidDataset1_ | archiveManager | 200 | n/a | n/a |
+| 0450 | DELETE | Datasets/_PidDataset2_ | archiveManager | 200 | n/a | n/a |
+| 0460 | DELETE | Datasets/_PidDataset3_ | archiveManager | 200 | n/a | n/a |
+

Diff for: Development/v4.x/backend/testing/dataset_types.md

@@ -0,0 +1,38 @@
+# 0200: Dataset Types
+
+Dataset types tests that over all functionalities regarding creating, updating, deleting and retrieving datasets both raw and derived.  
+They are the original datasets tests. _In the near future, they should be reviewed and updated or removed_.  
+
+| Test Number | HTTP Method | Endpoint | Authenticated User | Expected Request Status | Input | Results |
+| ----- | ----- | ----- | ----- | ----- | ----- | ----- |
+| 0010 | GET | Datasets/count | admin | 201 | n/a | ```{ count: 0 }``` |
+| 0020 | GET | Datasets/count | admin | 201 | ```{ "type" : "raw" }``` | ```{ count: 0 }``` |
+| 0030 | GET | Datasets/count | admin | 201 | ```{ "type" : "derived" }``` | ```{ count: 0 }``` |
+| ---- |
+| 0040 | POST | Instruments | ingestor | 400 | ```TestData.InstrumentCorrect2``` | ```Error: duplicate entry``` |
+| 0050 | POST | Instruments | ingestor | 400 | ```TestData.InstrumentWrong1``` | ```Validation Error``` |
+| 0060 | POST | Instruments | user1 | 400 | ```TestData.InstrumentCorrect2``` | ```Unauthorized``` |
+| 0070 | GET | Instruments/_instrumentId1_ | ingestor | 200 | n/a | ```TestData.InstrumentCorrect1``` |
+| 0080 | GET | Instruments/_instrumentId2_ | ingestor | 200 | n/a | ```TestData.InstrumentCorrect2``` |
+| 0090 | GET | Instruments | ingestor | 200 | n/a | ```TestData.InstrumentCorrect 1,2,3``` |
+| 0100 | GET | Instruments | ingestor | 200 | ```{where: {customMetadata: { main_user: "ESS"}}}``` | ```TestData.InstrumentCorrect 1,2``` |
+| 0110 | GET | Instruments/findOne | ingestor | 200 | n/a | ```TestData.InstrumentCorrect1``` |
+| 0120 | GET | Instruments/findOne | ingestor | 200 | ```{where: {customMetadata: { main_user: "ESS"}}}``` | ```TestData.InstrumentCorrect 1``` |
+| 0130 | GET | Instruments/findOne | ingestor | 200 | ```{where: {customMetadata: { main_user: { like : "somebody"}}}}``` | ```TestData.InstrumentCorrect 3``` |
+| 0140 | GET | Instruments | user1 | 200 | n/a | ```TestData.InstrumentCorrect 1,2,3``` |
+| 0150 | PATCH | Instruments/_instrumentId2_ | ingestor | 200 | ```{ name: newName }```  | ```TestData.InstrumentCorrect2 with name as newName``` |
+| 0160 | GET | Instruments/_instrumentId2_ | ingestor | 200 | n/a  | ```TestData.InstrumentCorrect2 with name as newName``` |
+| 0170 | GET | Instruments/ | ingestor | 200 | ```{where: {name: "newName"}}```  | ```TestData.InstrumentCorrect2 with name as newName``` |
+| 0180 | DELETE | Instruments/_instrumentId1_ | ingestor | 400 | n/a  | n/a |
+| 0190 | DELETE | Instruments/_instrumentId1_ | archiveManager | 200 | n/a  | n/a |
+| 0200 | DELETE | Instruments/_instrumentId2_ | archiveManager | 200 | n/a  | n/a |
+| 0210 | DELETE | Instruments/_instrumentId3_ | archiveManager | 200 | n/a  | n/a |
+| 0220 | DELETE | Instruments/_instrumentId3_ | archiveManager | 200 | n/a  | n/a |
+| 0230 | DELETE | Instruments/_instrumentId3_ | archiveManager | 200 | n/a  | n/a |
+| 0240 | DELETE | Instruments/_instrumentId3_ | archiveManager | 200 | n/a  | n/a |
+| 0250 | DELETE | Instruments/_instrumentId3_ | archiveManager | 200 | n/a  | n/a |
+| 0260 | DELETE | Instruments/_instrumentId3_ | archiveManager | 200 | n/a  | n/a |
+| 0270 | DELETE | Instruments/_instrumentId3_ | archiveManager | 200 | n/a  | n/a |
+| 0280 | DELETE | Instruments/_instrumentId3_ | archiveManager | 200 | n/a  | n/a |
+
+

Diff for: Development/v4.x/backend/testing/sample_authorization.md

@@ -0,0 +1,31 @@
+# Sample Authorization
+
+Dataset Authorization tests that authorization is correctly set for all the dataset endpoints for all the different type of users.
+
+Tests are built around assuming the following owner, access and public information:
+
+Groups | Sample 1 | Sample 2 | Sample 3 | Sample 4 | Sample 5 | Sample 6 | Sample 7 |Sample 8 | Sample 9 | Sample 10 |
+--- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- |
+adminingestor | Owner | Admin | Admin | Admin | Owner | Admin | Admin | Admin | Admin | Admin |
+sampleingestor | | Owner | | | | Owner | | | | Public |
+group1 | | | Owner | | | Access | Owner | | Owner | Public |
+group2 | | | | Owner | Access | | Access | Owner | | Public |
+group3 | | Access | Access | | | | Access | | | Public |
+group4 | | | | Access | | Access | | | | Public |
+group5(_1) | Access | | | | Access | | | | Access | Public |
+nogroup | | | | | | | | | | Owner | 
+
+Users are contained in file functionalAccount.json.test and are the following:
+
+User | Group | Permission Group |
+--- | --- | --- |
+adminIngestor | adminingestor | Admin Groups |
+sampleIngestor | sampleIngestor | Samples Privileged Groups |
+user1 | group1 | Samples Group |
+user2 | group2 | _none_ |
+user3 | group3 | _none_ |
+user4 | group4 | _none_ |
+user5(_1) | group5 | _none_ |
+
+Dataset 10 is _public_, meaning its field _isPublished_ is set to _True_.
+