Add project_id to the workbook and filter by it

Partial blueprint mistral-multitenancy
Change-Id: Ic815751e735f3d73d078d0eea0a89c61a1ef4fd5

mistral/api/controllers/v1/workbook.py

@@ -28,6 +28,7 @@ from mistral.services import workbooks
 from mistral.utils import rest_utils
 
 LOG = logging.getLogger(__name__)
+SCOPE_TYPES = wtypes.Enum(str, 'private', 'public')
 
 
 class Workbook(resource.Resource):
@@ -36,6 +37,7 @@ class Workbook(resource.Resource):
     name = wtypes.text
     description = wtypes.text
     tags = [wtypes.text]
+    scope = SCOPE_TYPES
 
     @classmethod
     def sample(cls):
@@ -94,7 +96,11 @@ class WorkbooksController(rest.RestController):
 
     @wsme_pecan.wsexpose(Workbooks)
     def get_all(self):
-        """return all workbooks."""
+        """return all workbooks.
+
+        Where project_id is the same as the requestor or
+        project_id is different but the scope is public.
+        """
         LOG.debug("Fetch workbooks.")
 
         workbooks_list = [Workbook.from_dict(values)

mistral/db/sqlalchemy/api.py

@@ -19,6 +19,7 @@ import sys
 from oslo.config import cfg
 import sqlalchemy as sa
 
+from mistral import context
 from mistral.db.sqlalchemy import models as m
 from mistral import exceptions as exc
 from mistral.openstack.common.db import exception as db_exc
@@ -292,6 +293,7 @@ def triggers_get_all(**kwargs):
 def workbook_create(values, session=None):
     workbook = m.Workbook()
     workbook.update(values.copy())
+    workbook['project_id'] = context.ctx().project_id
 
     try:
         workbook.save(session=session)
@@ -311,6 +313,7 @@ def workbook_update(workbook_name, values, session=None):
             "Workbook not found [workbook_name=%s]" % workbook_name)
 
     workbook.update(values.copy())
+    workbook['project_id'] = context.ctx().project_id
 
     return workbook
 
@@ -341,13 +344,17 @@ def workbooks_get_all(**kwargs):
 
 def _workbooks_get_all(**kwargs):
     query = model_query(m.Workbook)
-    return query.filter_by(**kwargs).all()
+    proj = query.filter_by(project_id=context.ctx().project_id,
+                           **kwargs)
+    public = query.filter_by(scope='public', **kwargs)
+    return proj.union(public).all()
 
 
 @session_aware()
 def _workbook_get(workbook_name, session=None):
     query = model_query(m.Workbook)
-    return query.filter_by(name=workbook_name).first()
+    return query.filter_by(name=workbook_name,
+                           project_id=context.ctx().project_id).first()
 
 
 # Workflow executions.

mistral/tests/unit/db/test_sqlalchemy_db_api.py

@@ -14,6 +14,7 @@
 #    See the License for the specific language governing permissions and
 #    limitations under the License.
 
+from mistral import context as auth_context
 from mistral.db.sqlalchemy import api as db_api
 from mistral import exceptions as exc
 from mistral.openstack.common import timeutils
@@ -87,7 +88,7 @@ WORKBOOKS = [
         'tags': ['mc'],
         'scope': 'public',
         'updated_at': None,
-        'project_id': '123',
+        'project_id': '1233',
         'trust_id': '1234'
     },
     {
@@ -96,7 +97,7 @@ WORKBOOKS = [
         'description': 'my description',
         'definition': 'empty',
         'tags': ['mc'],
-        'scope': 'public',
+        'scope': 'private',
         'updated_at': None,
         'project_id': '1233',
         'trust_id': '12345'
@@ -147,6 +148,56 @@ class WorkbookTest(test_base.DbTestCase):
         self.assertRaises(exc.NotFoundException,
                           db_api.workbook_get, created['name'])
 
+    def test_workbook_private(self):
+        # create a workbook(scope=private) as under one project
+        # then make sure it's NOT visible for other projects.
+        created1 = db_api.workbook_create(WORKBOOKS[1])
+
+        fetched = db_api.workbooks_get_all()
+
+        self.assertEqual(1, len(fetched))
+        self.assertDictEqual(created1, fetched[0])
+
+        # create a new user.
+        ctx = auth_context.MistralContext(user_id='9-0-44-5',
+                                          project_id='99-88-33',
+                                          user_name='test-user',
+                                          project_name='test-another',
+                                          is_admin=False)
+        auth_context.set_ctx(ctx)
+
+        fetched = db_api.workbooks_get_all()
+        self.assertEqual(0, len(fetched))
+
+    def test_workbook_public(self):
+        # create a workbook(scope=public) as under one project
+        # then make sure it's visible for other projects.
+        created0 = db_api.workbook_create(WORKBOOKS[0])
+
+        fetched = db_api.workbooks_get_all()
+
+        self.assertEqual(1, len(fetched))
+        self.assertDictEqual(created0, fetched[0])
+
+        # assert that the project_id stored is actually the context's
+        # project_id not the one given.
+        self.assertEqual(created0['project_id'], auth_context.ctx().project_id)
+        self.assertNotEqual(WORKBOOKS[0]['project_id'],
+                            auth_context.ctx().project_id)
+
+        # create a new user.
+        ctx = auth_context.MistralContext(user_id='9-0-44-5',
+                                          project_id='99-88-33',
+                                          user_name='test-user',
+                                          project_name='test-another',
+                                          is_admin=False)
+        auth_context.set_ctx(ctx)
+
+        fetched = db_api.workbooks_get_all()
+        self.assertEqual(1, len(fetched))
+        self.assertDictEqual(created0, fetched[0])
+        self.assertEqual('public', created0['scope'])
+
 
 EXECUTIONS = [
     {