From 7032b3f463b4f3ca8106333ca516cb458b34dbac Mon Sep 17 00:00:00 2001 From: Maikel Linke Date: Thu, 12 Jun 2025 14:14:09 +1000 Subject: [PATCH] Add endpoint to update scopes of platform Dummy implementation only. --- .../dfc_provider/platforms_controller.rb | 12 +++++ engines/dfc_provider/config/routes.rb | 2 +- .../spec/requests/platforms_spec.rb | 18 +++++++ swagger/dfc.yaml | 50 +++++++++++++++++++ 4 files changed, 81 insertions(+), 1 deletion(-) diff --git a/engines/dfc_provider/app/controllers/dfc_provider/platforms_controller.rb b/engines/dfc_provider/app/controllers/dfc_provider/platforms_controller.rb index e847dd49cb..3b614d79a4 100644 --- a/engines/dfc_provider/app/controllers/dfc_provider/platforms_controller.rb +++ b/engines/dfc_provider/app/controllers/dfc_provider/platforms_controller.rb @@ -2,6 +2,12 @@ module DfcProvider class PlatformsController < DfcProvider::ApplicationController + # DANGER! + # This endpoint is open to CSRF attacks. + # This is a temporary measure until the DFC Permissions module accesses + # the API with a valid OIDC token to authenticate the user. + skip_before_action :verify_authenticity_token + before_action :check_enterprise def index @@ -9,5 +15,11 @@ module DfcProvider {"@context":"https://cdn.startinblox.com/owl/context-bis.jsonld","@id":"https://mydataserver.com/enterprises/1/platforms","dfc-t:platforms":{"@list":[{"@id":"https://waterlooregionfood.ca/portal/profile","@type":"dfc-t:Platform","_id":{"$oid":"682afcc4966dbb3aa7464d56"},"description":"A super duper portal for the waterloo region","dfc-t:hasAssignedScopes":{"@list":[{"@id":"https://data-server.cqcm.startinblox.com/enterprises/1/platforms/scopes/ReadEnterprise","@type":"dfc-t:Scope","dfc-t:scope":"ReadEnterprise"},{"@id":"https://data-server.cqcm.startinblox.com/enterprises/1/platforms/scopes/WriteEnterprise","@type":"dfc-t:Scope","dfc-t:scope":"WriteEnterprise"},{"@id":"https://data-server.cqcm.startinblox.com/enterprises/1/platforms/scopes/ReadProducts","@type":"dfc-t:Scope","dfc-t:scope":"ReadProducts"},{"@id":"https://data-server.cqcm.startinblox.com/enterprises/1/platforms/scopes/WriteProducts","@type":"dfc-t:Scope","dfc-t:scope":"WriteProducts"},{"@id":"https://data-server.cqcm.startinblox.com/enterprises/1/platforms/scopes/ReadOrders","@type":"dfc-t:Scope","dfc-t:scope":"ReadOrders"},{"@id":"https://data-server.cqcm.startinblox.com/enterprises/1/platforms/scopes/WriteOrders","@type":"dfc-t:Scope","dfc-t:scope":"WriteOrders"}],"@type":"rdf:List"},"termsandconditions":"https://waterlooregionfood.ca/terms-and-conditions","title":"Waterloo Region Food Portal"},{"@id":"https://anotherplatform.ca/portal/profile","@type":"dfc-t:Platform","_id":{"$oid":"682b2e2b031c28f69cda1645"},"description":"A super duper portal for the waterloo region","dfc-t:hasAssignedScopes":{"@list":[],"@type":"rdf:List"},"termsandconditions":"https://anotherplatform.ca/terms-and-conditions","title":"anotherplatform Portal"}],"@type":"rdf:List"}} JSON end + + def update + render json: <<~JSON + {"@id":"https://anotherplatform.ca/portal/profile","@type":"dfc-t:Platform","description":"A super duper portal for the waterloo region","dfc-t:hasAssignedScopes":{"@list":[{"@id":"https://data-server.cqcm.startinblox.com/enterprises/1/platforms/scopes/ReadEnterprise","@type":"dfc-t:Scope","dfc-t:scope":"ReadEnterprise"},{"@id":"https://data-server.cqcm.startinblox.com/enterprises/1/platforms/scopes/WriteEnterprise","@type":"dfc-t:Scope","dfc-t:scope":"WriteEnterprise"},{"@id":"https://data-server.cqcm.startinblox.com/enterprises/1/platforms/scopes/ReadProducts","@type":"dfc-t:Scope","dfc-t:scope":"ReadProducts"},{"@id":"https://data-server.cqcm.startinblox.com/enterprises/1/platforms/scopes/WriteProducts","@type":"dfc-t:Scope","dfc-t:scope":"WriteProducts"},{"@id":"https://data-server.cqcm.startinblox.com/enterprises/1/platforms/scopes/ReadOrders","@type":"dfc-t:Scope","dfc-t:scope":"ReadOrders"},{"@id":"https://data-server.cqcm.startinblox.com/enterprises/1/platforms/scopes/WriteOrders","@type":"dfc-t:Scope","dfc-t:scope":"WriteOrders"}],"@type":"rdf:List"},"termsandconditions":"https://anotherplatform.ca/terms-and-conditions","title":"anotherplatform Portal"} + JSON + end end end diff --git a/engines/dfc_provider/config/routes.rb b/engines/dfc_provider/config/routes.rb index 690fab9965..2de21e6406 100644 --- a/engines/dfc_provider/config/routes.rb +++ b/engines/dfc_provider/config/routes.rb @@ -5,7 +5,7 @@ DfcProvider::Engine.routes.draw do resources :enterprises, only: [:show] do resources :catalog_items, only: [:index, :show, :update] resources :offers, only: [:show, :update] - resources :platforms, only: [:index] + resources :platforms, only: [:index, :update] resources :supplied_products, only: [:create, :show, :update] resources :social_medias, only: [:show] end diff --git a/engines/dfc_provider/spec/requests/platforms_spec.rb b/engines/dfc_provider/spec/requests/platforms_spec.rb index 6a27c87bd8..1e493ae43e 100644 --- a/engines/dfc_provider/spec/requests/platforms_spec.rb +++ b/engines/dfc_provider/spec/requests/platforms_spec.rb @@ -28,4 +28,22 @@ RSpec.describe "Platforms", swagger_doc: "dfc.yaml" do end end end + + path "/api/dfc/enterprises/{enterprise_id}/platforms/{platform_id}" do + parameter name: :enterprise_id, in: :path, type: :string + parameter name: :platform_id, in: :path, type: :string + + put "Update authorized scopes of a platform" do + produces "application/json" + + response "200", "successful" do + let(:enterprise_id) { enterprise.id } + let(:platform_id) { "682b2e2b031c28f69cda1645" } + + run_test! do + expect(json_response["@id"]).to eq "https://anotherplatform.ca/portal/profile" + end + end + end + end end diff --git a/swagger/dfc.yaml b/swagger/dfc.yaml index 542698c35e..96ef5949af 100644 --- a/swagger/dfc.yaml +++ b/swagger/dfc.yaml @@ -620,6 +620,56 @@ paths: termsandconditions: https://anotherplatform.ca/terms-and-conditions title: anotherplatform Portal "@type": rdf:List + "/api/dfc/enterprises/{enterprise_id}/platforms/{platform_id}": + parameters: + - name: enterprise_id + in: path + required: true + schema: + type: string + - name: platform_id + in: path + required: true + schema: + type: string + put: + summary: Update authorized scopes of a platform + tags: + - Platforms + responses: + '200': + description: successful + content: + application/json: + examples: + test_example: + value: + "@id": https://anotherplatform.ca/portal/profile + "@type": dfc-t:Platform + description: A super duper portal for the waterloo region + dfc-t:hasAssignedScopes: + "@list": + - "@id": https://data-server.cqcm.startinblox.com/enterprises/1/platforms/scopes/ReadEnterprise + "@type": dfc-t:Scope + dfc-t:scope: ReadEnterprise + - "@id": https://data-server.cqcm.startinblox.com/enterprises/1/platforms/scopes/WriteEnterprise + "@type": dfc-t:Scope + dfc-t:scope: WriteEnterprise + - "@id": https://data-server.cqcm.startinblox.com/enterprises/1/platforms/scopes/ReadProducts + "@type": dfc-t:Scope + dfc-t:scope: ReadProducts + - "@id": https://data-server.cqcm.startinblox.com/enterprises/1/platforms/scopes/WriteProducts + "@type": dfc-t:Scope + dfc-t:scope: WriteProducts + - "@id": https://data-server.cqcm.startinblox.com/enterprises/1/platforms/scopes/ReadOrders + "@type": dfc-t:Scope + dfc-t:scope: ReadOrders + - "@id": https://data-server.cqcm.startinblox.com/enterprises/1/platforms/scopes/WriteOrders + "@type": dfc-t:Scope + dfc-t:scope: WriteOrders + "@type": rdf:List + termsandconditions: https://anotherplatform.ca/terms-and-conditions + title: anotherplatform Portal "/api/dfc/product_groups/{id}": parameters: - name: enterprise_id