Convert session views to nested viewsets

This includes modifying how `WorkspaceChildMixin` (our custom extension
of `NestedViewSetMixin`) works: now the mixin is a mixin generator
function that takes an optional prefix value meant to allow for it to
reach through the `Session` model's related resource (either a `Table`
or `Network`) to figure out what workspace it belongs to.

Author: waxlamp

multinet/api/views/common.py

@@ -41,40 +41,64 @@ def paginate_queryset(self, query: ArangoQuery, request: Request) -> List[Dict]:
         return list(cur)
 
 
-class WorkspaceChildMixin(NestedViewSetMixin):
-    def get_queryset(self):
-        """
-        Get the queryset for workspace child enpoints.
-
-        Check that the requeting user has appropriate permissions for the associated workspace.
-        """
-        child_objects = super().get_queryset()
-
-        # prevent warning for schema generation incompatibility
-        if getattr(self, 'swagger_fake_view', False):
-            return child_objects.none()
-
-        parent_query_dict = self.get_parents_query_dict()
-        workspace = get_object_or_404(
-            Workspace.objects.select_related('owner'), name=parent_query_dict['workspace__name']
-        )
-
-        # No user or user permission required for public workspaces
-        if workspace.public:
-            return child_objects
-
-        # Private workspace
-        request_user = self.request.user
-        if not request_user.is_authenticated:  # anonymous user
-            raise Http404
+def WorkspaceChildMixin(prefix=None):
+    class _WorkspaceChildMixin(NestedViewSetMixin):
+        def my_lookup_field(self):
+            field = 'workspace__name'
+            if prefix is not None:
+                field = f'{prefix}__{field}'
+
+            return field
+
+        def get_parents_query_dict(self):
+            parents_query_dict = super().get_parents_query_dict()
+
+            print(parents_query_dict)
+
+            # Replace the standard lookup field with one that (possibly) goes
+            # through the session object's related network or table object.
+            new_field = self.my_lookup_field()
+            if not new_field in parents_query_dict:
+                old_field = 'workspace__name'
+                parents_query_dict[new_field] = parents_query_dict.pop(old_field)
+
+            return parents_query_dict
+
+        def get_queryset(self):
+            """
+            Get the queryset for workspace child enpoints.
 
-        workspace_role = WorkspaceRole.objects.filter(
-            workspace=workspace, user=request_user
-        ).first()
+            Check that the requeting user has appropriate permissions for the associated workspace.
+            """
+            child_objects = super().get_queryset()
 
-        # If the user is at least a reader or the owner, grant access
-        if workspace_role is not None or workspace.owner == request_user:
-            return child_objects
+            # prevent warning for schema generation incompatibility
+            if getattr(self, 'swagger_fake_view', False):
+                return child_objects.none()
+
+            parent_query_dict = self.get_parents_query_dict()
+            workspace = get_object_or_404(
+                Workspace.objects.select_related('owner'), name=parent_query_dict[self.my_lookup_field()]
+            )
+
+            # No user or user permission required for public workspaces
+            if workspace.public:
+                return child_objects
+
+            # Private workspace
+            request_user = self.request.user
+            if not request_user.is_authenticated:  # anonymous user
+                raise Http404
+
+            workspace_role = WorkspaceRole.objects.filter(
+                workspace=workspace, user=request_user
+            ).first()
+
+            # If the user is at least a reader or the owner, grant access
+            if workspace_role is not None or workspace.owner == request_user:
+                return child_objects
+
+            # Read access denied
+            raise Http404
 
-        # Read access denied
-        raise Http404
+    return _WorkspaceChildMixin

multinet/api/views/network.py

@@ -70,7 +70,7 @@ def validate_edge_table(
         return Response(serialized_resp.data, status=status.HTTP_400_BAD_REQUEST)
 
 
-class NetworkViewSet(WorkspaceChildMixin, DetailSerializerMixin, ReadOnlyModelViewSet):
+class NetworkViewSet(WorkspaceChildMixin(), DetailSerializerMixin, ReadOnlyModelViewSet):
     queryset = Network.objects.all().select_related('workspace')
     lookup_field = 'name'
 

multinet/api/views/query.py

@@ -14,7 +14,7 @@
 from .serializers import AqlQueryResultsSerializer, AqlQuerySerializer, AqlQueryTaskSerializer
 
 
-class AqlQueryViewSet(WorkspaceChildMixin, ReadOnlyModelViewSet):
+class AqlQueryViewSet(WorkspaceChildMixin(), ReadOnlyModelViewSet):
     queryset = AqlQuery.objects.all().select_related('workspace')
     permission_classes = [IsAuthenticatedOrReadOnly]
     serializer_class = AqlQueryTaskSerializer

multinet/api/views/session.py

@@ -1,3 +1,4 @@
+from django.http.response import Http404
 from drf_yasg.utils import swagger_auto_schema
 from rest_framework import serializers, status
 from rest_framework.decorators import action
@@ -12,6 +13,7 @@
 
 from ..models import NetworkSession, TableSession
 from .serializers import NetworkSessionSerializer, TableSessionSerializer
+from .common import WorkspaceChildMixin
 
 
 class SessionCreateSerializer(serializers.Serializer):
@@ -51,11 +53,11 @@ def state(self, request, pk=None):
         return Response(status=status.HTTP_204_NO_CONTENT)
 
 
-class NetworkSessionViewSet(SessionViewSet):
-    queryset = NetworkSession.objects.all()
+class NetworkSessionViewSet(WorkspaceChildMixin('network'), SessionViewSet):
+    queryset = NetworkSession.objects.all().select_related('network__workspace')
     serializer_class = NetworkSessionSerializer
 
 
-class TableSessionViewSet(SessionViewSet):
-    queryset = TableSession.objects.all()
+class TableSessionViewSet(WorkspaceChildMixin('table'), SessionViewSet):
+    queryset = TableSession.objects.all().select_related('table__workspace')
     serializer_class = TableSessionSerializer

multinet/api/views/table.py

@@ -36,7 +36,7 @@ class RowDeleteResponseSerializer(serializers.Serializer):
     errors = serializers.ListField(child=serializers.JSONField())
 
 
-class TableViewSet(WorkspaceChildMixin, ReadOnlyModelViewSet):
+class TableViewSet(WorkspaceChildMixin(), ReadOnlyModelViewSet):
     queryset = Table.objects.all().select_related('workspace')
     lookup_field = 'name'
 

multinet/api/views/upload.py

@@ -38,7 +38,7 @@ def field_value_object_key(serializer: serializers.Serializer) -> Optional[str]:
     return object_key
 
 
-class UploadViewSet(WorkspaceChildMixin, ReadOnlyModelViewSet):
+class UploadViewSet(WorkspaceChildMixin(), ReadOnlyModelViewSet):
     queryset = Upload.objects.all().select_related('workspace')
 
     permission_classes = [IsAuthenticatedOrReadOnly]

multinet/urls.py

@@ -44,10 +44,18 @@
     basename='query',
     parents_query_lookups=[f'workspace__{WorkspaceViewSet.lookup_field}'],
 )
-
-router.register('sessions/network', NetworkSessionViewSet)
-router.register('sessions/table', TableSessionViewSet)
-
+workspaces_routes.register(
+    'sessions/network',
+    NetworkSessionViewSet,
+    basename='session',
+    parents_query_lookups=[f'workspace__{WorkspaceViewSet.lookup_field}'],
+)
+workspaces_routes.register(
+    'sessions/table',
+    TableSessionViewSet,
+    basename='session',
+    parents_query_lookups=[f'workspace__{WorkspaceViewSet.lookup_field}'],
+)
 
 # OpenAPI generation
 schema_view = get_schema_view(