#3625 Moved request_file_access from admin support api to disseminati… (

#4249) * #3625 Moved request_file_access function from admin support to dissemination * Missed to rename these references * #3625 Updated code to match recent change in main
GSA-TTS · Sep 9, 2024 · 7aeeb4e · 7aeeb4e
1 parent a082e19
commit 7aeeb4e
Show file tree

Hide file tree

Showing 9 changed files with 717 additions and 0 deletions.
diff --git a/backend/dissemination/README.md b/backend/dissemination/README.md
@@ -96,6 +96,50 @@ When adding a new API version:
       - This is likely true of TESTED patch version bumps (v1_0_0 to v1_0_1), and *maybe* minor version bumps (v1_0_0 to v1_1_0). MAJOR bumps require change management messaging.
 5. If previous versions of the API are needed, `APIViewTests` will need to be updated. At the time of writing this, it only tests the default API.
 
+# Using VS Code REST Client Plugin to Test API
+
+## Installation:
+1. In your Visual Studio Code, go to the Extensions Marketplace and search for **REST Client**.
+4. Click **Install** and follow the steps to install one of the "REST Client".
+
+## How to Use:
+Once the REST Client extension is installed, you can create a `.http` or `.rest` file in your project and write your API queries directly within that file.
+
+## Sample API Request:
+
+Here’s an example of how to query your API using the REST Client:
+
+```http
+GET {{scheme}}://{{api_url}}/function_name_or_view_name_plus_params_if_any
+authorization: Bearer {{YOUR_JWT_TOKEN}}     
+x-api-user-id: {{your_api_user_id}}
+accept-profile: target_api_profile
+x-api-key: {{YOUR_API_GOV_KEY}}
+```
+
+## Key Details:
+- **`authorization`**: The `Bearer {{YOUR_JWT_TOKEN}}` token is mandatory. Use the same JWT token used in Cypress tests from the code base. Without this token, the request will be flagged as anonymous and require extra steps to create an anonymous role in the local environment.
+
+- **`x-api-user-id`**: Mandatory in some cases, depending on the API function. Search for the function in the code base to find where to get the correct value for `x-api-user-id`. Check keys like `support_administrative_key_uuids` and `dissemination_tribalapiaccesskeyids` for reference.
+
+- **`accept-profile`**: Specifies the API version/profile. The current default is `api_v1_0_3`. You can check available profiles and deprecated versions in `backend/dissemination/api_versions.py`.
+
+- **`x-api-key`**: An API key can be requested by following the steps described [here](https://www.fac.gov/api/).
+
+## Example:
+
+```http
+GET http://localhost:3000/general?limit=1&is_public=eq.false
+authorization: Bearer {{CYPRESS_API_GOV_JWT}}
+x-api-user-id: 00112233-4455-6677-8899-aabbccddeeff
+accept-profile: admin_api_v1_1_0
+x-api-key: abcdefghijklmnop
+```
+
+This will send a request to `http://localhost:3000/general` with the provided headers and params.
+Check `backend/support/api/admin_api_v1_1_0/` for more examples.
+
+
 # End-to-end workbook testing
 
 ### How to run the end-to-end test data generator:

diff --git a/backend/dissemination/api/api_v1_1_1/create_functions.sql b/backend/dissemination/api/api_v1_1_1/create_functions.sql
@@ -56,4 +56,51 @@ END;
 $has_tribal_data_access$ LANGUAGE plpgsql;
 
 
+CREATE OR REPLACE FUNCTION api_v1_1_1.request_file_access(
+    report_id TEXT
+) RETURNS JSON LANGUAGE plpgsql AS
+$$
+DECLARE
+    v_uuid_header TEXT;
+    v_access_uuid VARCHAR(200);
+    v_key_exists BOOLEAN;
+    v_key_added_date DATE;
+BEGIN
+
+    SELECT api_v1_1_1_functions.get_api_key_uuid() INTO v_uuid_header;
+
+    -- Check if the provided API key exists in public.dissemination_TribalApiAccessKeyIds
+    SELECT 
+        EXISTS(
+            SELECT 1
+            FROM public.dissemination_TribalApiAccessKeyIds
+            WHERE key_id = v_uuid_header
+        ) INTO v_key_exists;
+
+
+    -- Get the added date of the key from public.dissemination_TribalApiAccessKeyIds
+    SELECT date_added
+    INTO v_key_added_date
+    FROM public.dissemination_TribalApiAccessKeyIds
+    WHERE key_id = v_uuid_header;
+
+
+    -- Check if the key is less than 6 months old
+    IF v_uuid_header IS NOT NULL AND v_key_exists AND v_key_added_date >= CURRENT_DATE - INTERVAL '6 months' THEN
+        -- Generate UUID (using PostgreSQL's gen_random_uuid function)
+        SELECT gen_random_uuid() INTO v_access_uuid;  
+
+        -- Inserting data into the one_time_access table
+        INSERT INTO public.dissemination_onetimeaccess (uuid, api_key_id, timestamp, report_id)
+        VALUES (v_access_uuid::UUID, v_uuid_header, CURRENT_TIMESTAMP, report_id);
+
+        -- Return the UUID to the user
+        RETURN json_build_object('access_uuid', v_access_uuid);
+    ELSE
+        -- Return an error for unauthorized access
+        RETURN json_build_object('error', 'Unauthorized access or key older than 6 months')::JSON;
+    END IF;
+END;
+$$;
+
 NOTIFY pgrst, 'reload schema';
diff --git a/backend/support/api/admin_api_v1_1_1/base.sql b/backend/support/api/admin_api_v1_1_1/base.sql
@@ -0,0 +1,29 @@
+DO
+$do$
+BEGIN
+   IF EXISTS (
+      SELECT FROM pg_catalog.pg_roles
+      WHERE  rolname = 'authenticator') THEN
+      RAISE NOTICE 'Role "authenticator" already exists. Skipping.';
+   ELSE
+      CREATE ROLE authenticator LOGIN NOINHERIT NOCREATEDB NOCREATEROLE NOSUPERUSER;
+   END IF;
+END
+$do$;
+
+DO
+$do$
+BEGIN
+   IF EXISTS (
+      SELECT FROM pg_catalog.pg_roles
+      WHERE  rolname = 'api_fac_gov') THEN
+      RAISE NOTICE 'Role "api_fac_gov" already exists. Skipping.';
+   ELSE
+      CREATE ROLE api_fac_gov NOLOGIN;
+   END IF;
+END
+$do$;
+
+GRANT api_fac_gov TO authenticator;
+
+NOTIFY pgrst, 'reload schema';
diff --git a/backend/support/api/admin_api_v1_1_1/create_access_tables.sql b/backend/support/api/admin_api_v1_1_1/create_access_tables.sql
@@ -0,0 +1,43 @@
+-- This is explicitly not a Django managed table.
+-- In order to have an administrative key added,
+-- it must be added via a Github commit, and a PR
+-- must be performed to merge the key into the tree.
+
+-- This is because administrative keys can read/write
+-- to some tables in the database. They can read internal and
+-- in-flight data.
+
+DROP TABLE IF EXISTS support_administrative_key_uuids;
+
+CREATE TABLE support_administrative_key_uuids
+    (
+        id BIGSERIAL PRIMARY KEY,
+        email TEXT,
+        uuid TEXT,
+        permissions TEXT,
+        added DATE
+    );
+
+INSERT INTO support_administrative_key_uuids
+    (email, uuid, permissions, added)
+    VALUES
+    (
+        '[email protected]',
+        '61ba59b2-f545-4c2f-9b24-9655c706a06c',
+        'CREATE,READ,DELETE',
+        '2023-12-04'
+    ),
+    (
+        '[email protected]',
+        'b6e08808-ecb2-4b6a-b928-46d4205497ff',
+        'CREATE,READ,DELETE',
+        '2023-12-08'
+    ),
+    (
+        '[email protected]',
+        'dd60c3f9-053d-4d82-a309-c89da53559f4',
+        'CREATE,READ,DELETE',
+        '2024-07-10'
+    )
+    ;
+