[FIX] Added missing resources to auth unit test

services/core-api/app/api/compliance/resources/compliance_document_resource.py

@@ -1,14 +1,13 @@
 import uuid
-from flask import request
-from flask_restx import Resource, fields
-from werkzeug.exceptions import NotFound, InternalServerError, BadRequest
 
 from app.api.constants import TIMEOUT_5_MINUTES
-from app.extensions import api, cache
-from app.api.utils.access_decorators import requires_role_view_all
-from app.api.utils.resources_mixins import UserMixin
-
 from app.api.services.nris_download_service import NRISDownloadService
+from app.api.utils.access_decorators import public_endpoint, requires_role_view_all
+from app.api.utils.resources_mixins import UserMixin
+from app.extensions import api, cache
+from flask import request
+from flask_restx import Resource, fields
+from werkzeug.exceptions import BadRequest, InternalServerError, NotFound
 
 DOWNLOAD_TOKEN_MODEL = api.model('DownloadToken', {'token_guid': fields.String})
 
@@ -40,6 +39,7 @@ class ComplianceDocumentResource(Resource, UserMixin):
     @api.doc(
         description='Fetch an compliance document by id',
         params={'token': 'A one-time token issued for downloading the file.'})
+    @public_endpoint
     def get(self, inspection_id, attachment_id):
         token_guid = request.args.get('token', '')
         document_info = cache.get(DOWNLOAD_TOKEN(token_guid))

services/core-api/app/api/document_generation/resources/explosives_permit_amendment_document_resource.py

@@ -1,21 +1,27 @@
 import requests
-from flask import request, Response, stream_with_context, current_app
-from flask_restx import Resource, marshal
-from werkzeug.exceptions import BadRequest, InternalServerError, BadGateway
-from app.extensions import api, cache
-
-from app.api.utils.resources_mixins import UserMixin
 from app.api.constants import EXPLOSIVES_PERMIT_DOCUMENT_DOWNLOAD_TOKEN
-from app.config import Config
-
 from app.api.mines.documents.models.mine_document import MineDocument
-from app.api.mines.explosives_permit_amendment.models.explosives_permit_amendment import ExplosivesPermitAmendment
-from app.api.mines.explosives_permit.models.explosives_permit_document_type import ExplosivesPermitDocumentType
-from app.api.mines.explosives_permit_amendment.models.explosives_permit_amendment_document_xref import ExplosivesPermitAmendmentDocumentXref
-
+from app.api.mines.explosives_permit.models.explosives_permit_document_type import (
+    ExplosivesPermitDocumentType,
+)
+from app.api.mines.explosives_permit_amendment.models.explosives_permit_amendment import (
+    ExplosivesPermitAmendment,
+)
+from app.api.mines.explosives_permit_amendment.models.explosives_permit_amendment_document_xref import (
+    ExplosivesPermitAmendmentDocumentXref,
+)
+from app.api.mines.explosives_permit_amendment.response_models import (
+    EXPLOSIVES_PERMIT_AMENDMENT_DOCUMENT_MODEL,
+)
 from app.api.services.document_generator_service import DocumentGeneratorService
 from app.api.services.document_manager_service import DocumentManagerService
-from app.api.mines.explosives_permit_amendment.response_models import EXPLOSIVES_PERMIT_AMENDMENT_DOCUMENT_MODEL
+from app.api.utils.access_decorators import public_endpoint
+from app.api.utils.resources_mixins import UserMixin
+from app.config import Config
+from app.extensions import api, cache
+from flask import Response, current_app, request, stream_with_context
+from flask_restx import Resource, marshal
+from werkzeug.exceptions import BadGateway, BadRequest, InternalServerError
 
 
 class ExplosivesPermitAmendmentDocumentResource(Resource, UserMixin):
@@ -30,6 +36,7 @@ class ExplosivesPermitAmendmentDocumentResource(Resource, UserMixin):
             'is_preview':
                 'If true, returns the generated document without creating the document record.'
         })
+    @public_endpoint
     def get(self):
         token = request.args.get('token', '')
         return_record = request.args.get('return_record') == 'true'

services/core-api/app/api/document_generation/resources/explosives_permit_document_resource.py

@@ -1,21 +1,25 @@
 import requests
-from flask import request, Response, stream_with_context, current_app
-from flask_restx import Resource, marshal
-from werkzeug.exceptions import BadRequest, InternalServerError, BadGateway
-from app.extensions import api, cache
-
-from app.api.utils.resources_mixins import UserMixin
 from app.api.constants import EXPLOSIVES_PERMIT_DOCUMENT_DOWNLOAD_TOKEN
-from app.config import Config
-
 from app.api.mines.documents.models.mine_document import MineDocument
 from app.api.mines.explosives_permit.models.explosives_permit import ExplosivesPermit
-from app.api.mines.explosives_permit.models.explosives_permit_document_type import ExplosivesPermitDocumentType
-from app.api.mines.explosives_permit.models.explosives_permit_document_xref import ExplosivesPermitDocumentXref
-
+from app.api.mines.explosives_permit.models.explosives_permit_document_type import (
+    ExplosivesPermitDocumentType,
+)
+from app.api.mines.explosives_permit.models.explosives_permit_document_xref import (
+    ExplosivesPermitDocumentXref,
+)
+from app.api.mines.explosives_permit.response_models import (
+    EXPLOSIVES_PERMIT_DOCUMENT_MODEL,
+)
 from app.api.services.document_generator_service import DocumentGeneratorService
 from app.api.services.document_manager_service import DocumentManagerService
-from app.api.mines.explosives_permit.response_models import EXPLOSIVES_PERMIT_DOCUMENT_MODEL
+from app.api.utils.access_decorators import public_endpoint
+from app.api.utils.resources_mixins import UserMixin
+from app.config import Config
+from app.extensions import api, cache
+from flask import Response, current_app, request, stream_with_context
+from flask_restx import Resource, marshal
+from werkzeug.exceptions import BadGateway, BadRequest, InternalServerError
 
 
 class ExplosivesPermitDocumentResource(Resource, UserMixin):
@@ -30,6 +34,7 @@ class ExplosivesPermitDocumentResource(Resource, UserMixin):
             'is_preview':
             'If true, returns the generated document without creating the document record.'
         })
+    @public_endpoint
     def get(self):
         token = request.args.get('token', '')
         return_record = request.args.get('return_record') == 'true'

services/core-api/app/api/document_generation/resources/now_document_resource.py

@@ -1,22 +1,26 @@
 import requests
-from flask import request, Response, stream_with_context
-from flask_restx import Resource, marshal
-from werkzeug.exceptions import BadRequest, InternalServerError, BadGateway
-from app.extensions import api, cache
-
-from app.api.utils.resources_mixins import UserMixin
 from app.api.constants import NOW_DOCUMENT_DOWNLOAD_TOKEN
-from app.config import Config
-
 from app.api.mines.documents.models.mine_document import MineDocument
 from app.api.now_applications.models.now_application import NOWApplication
-from app.api.now_applications.models.now_application_identity import NOWApplicationIdentity
-from app.api.now_applications.models.now_application_document_type import NOWApplicationDocumentType
-from app.api.now_applications.models.now_application_document_xref import NOWApplicationDocumentXref
+from app.api.now_applications.models.now_application_document_type import (
+    NOWApplicationDocumentType,
+)
+from app.api.now_applications.models.now_application_document_xref import (
+    NOWApplicationDocumentXref,
+)
+from app.api.now_applications.models.now_application_identity import (
+    NOWApplicationIdentity,
+)
+from app.api.now_applications.response_models import NOW_APPLICATION_DOCUMENT
 from app.api.services.document_generator_service import DocumentGeneratorService
 from app.api.services.document_manager_service import DocumentManagerService
-from app.api.now_applications.response_models import NOW_APPLICATION_DOCUMENT
-from app.api.utils.access_decorators import requires_role_edit_permit
+from app.api.utils.access_decorators import public_endpoint, requires_role_edit_permit
+from app.api.utils.resources_mixins import UserMixin
+from app.config import Config
+from app.extensions import api, cache
+from flask import Response, request, stream_with_context
+from flask_restx import Resource, marshal
+from werkzeug.exceptions import BadGateway, BadRequest, InternalServerError
 
 
 class NoticeOfWorkDocumentResource(Resource, UserMixin):
@@ -31,6 +35,7 @@ class NoticeOfWorkDocumentResource(Resource, UserMixin):
             'is_preview':
             'If true, returns the generated document without creating the document record.'
         })
+    @public_endpoint
     def get(self):
         token = request.args.get('token', '')
         return_record = request.args.get('return_record') == 'true'

services/core-api/app/api/now_submissions/resources/application_document_resource.py

@@ -1,20 +1,18 @@
 import uuid
-from flask import request, current_app
-import requests
-from flask_restx import Resource, fields, reqparse
-from werkzeug.exceptions import NotFound, InternalServerError, BadRequest
 
+import requests
 from app.api.constants import TIMEOUT_5_MINUTES
-from app.extensions import api, cache
 from app.api.now_submissions.models.application import Application
+from app.api.now_submissions.models.document import Document
 from app.api.now_submissions.response_models import APPLICATION
-from app.api.utils.access_decorators import requires_role_view_all
-from app.api.utils.resources_mixins import UserMixin
-
 from app.api.services.nros_download_service import NROSDownloadService
 from app.api.services.vfcbc_download_service import VFCBCDownloadService
-
-from app.api.now_submissions.models.document import Document
+from app.api.utils.access_decorators import public_endpoint, requires_role_view_all
+from app.api.utils.resources_mixins import UserMixin
+from app.extensions import api, cache
+from flask import current_app, request
+from flask_restx import Resource, fields, reqparse
+from werkzeug.exceptions import BadRequest, InternalServerError, NotFound
 
 DOWNLOAD_TOKEN_MODEL = api.model('DownloadToken', {'token_guid': fields.String})
 
@@ -63,6 +61,7 @@ class ApplicationDocumentResource(Resource, UserMixin):
     @api.doc(
         description='Fetch an application document by id',
         params={'token': 'A one-time token issued for downloading the file.'})
+    @public_endpoint
     def get(self, application_guid, id):
         token_guid = request.args.get('token', '')
         document_info = cache.get(DOWNLOAD_TOKEN(token_guid))
@@ -78,6 +77,7 @@ def get(self, application_guid, id):
 
         raise InternalServerError('Unknown application document server')
 
+    @requires_role_view_all
     def put(self, application_guid, id):
         data = self.parser.parse_args()
         document_manager_document_guid = data.get('document_manager_document_guid', None)

services/core-api/app/api/projects/information_requirements_table/resources/information_requirements_table_document_upload.py

@@ -1,17 +1,24 @@
-from werkzeug.exceptions import NotFound
-from flask_restx import Resource
-from flask import request
-from app.extensions import api
-from app.api.utils.resources_mixins import UserMixin
-from app.api.projects.project.models.project import Project
+from app.api.constants import MAX_DOCUMENT_NAME_LENGTHS
 from app.api.mines.mine.models.mine import Mine
+from app.api.projects.project.models.project import Project
 from app.api.services.document_manager_service import DocumentManagerService
-from app.api.constants import MAX_DOCUMENT_NAME_LENGTHS
+from app.api.utils.access_decorators import (
+    MINE_ADMIN,
+    MINESPACE_PROPONENT,
+    requires_any_of,
+)
+from app.api.utils.resources_mixins import UserMixin
+from app.extensions import api
+from flask import request
+from flask_restx import Resource
+from werkzeug.exceptions import NotFound
+
 
 class InformationRequirementsTableDocumentUploadResource(Resource, UserMixin):
     @api.doc(
         description='Upload final Information Requirements Table (IRT) spreadsheet to S3 bucket.',
         params={'project_guid': 'The GUID of the project the IRT belongs to.'})
+    @requires_any_of([MINE_ADMIN, MINESPACE_PROPONENT])
     def post(self, project_guid):
         project = Project.find_by_project_guid(project_guid)
 

services/core-api/app/api/projects/information_requirements_table/resources/information_requirements_table_download.py

@@ -1,13 +1,15 @@
-from flask_restx import Resource
-from flask import send_file
-from app.extensions import api
+from app.api.utils.access_decorators import public_endpoint
 from app.api.utils.resources_mixins import UserMixin
 from app.config import Config
+from app.extensions import api
+from flask import send_file
+from flask_restx import Resource
 
 
 class InformationRequirementsTableDownloadResource(Resource, UserMixin):
     @api.doc(description='Get the Information Requirements Table (IRT) template.')
     @api.response(200, 'Successfully downloaded.')
+    @public_endpoint
     def get(self):
         filename = Config.TEMPLATE_FOLDER_IRT + Config.TEMPLATE_IRT
         return send_file(

services/core-api/app/api/projects/project_summary/resources/project_summary_ministry_comment.py

@@ -1,12 +1,17 @@
-from flask_restx import Resource
-
 from app.api.projects.project_summary.models.project_summary import ProjectSummary
-from app.api.projects.project_summary.models.project_summary_ministry_comment import ProjectSummaryMinistryComment
+from app.api.projects.project_summary.models.project_summary_ministry_comment import (
+    ProjectSummaryMinistryComment,
+)
 from app.api.projects.response_models import PROJECT_SUMMARY_MINISTRY_COMMENT
-from app.api.utils.access_decorators import requires_role_view_all
+from app.api.utils.access_decorators import (
+    requires_any_of,
+    requires_role_edit_project_summaries,
+    requires_role_view_all,
+)
 from app.api.utils.custom_reqparser import CustomReqparser
 from app.api.utils.resources_mixins import UserMixin
 from app.extensions import api
+from flask_restx import Resource
 
 
 class ProjectSummaryMinistryCommentResource(Resource, UserMixin):
@@ -25,6 +30,7 @@ def get(self, project_summary_guid):
 
     @api.expect(parser)
     @api.marshal_with(PROJECT_SUMMARY_MINISTRY_COMMENT, code=201)
+    @requires_role_edit_project_summaries
     def post(self, project_summary_guid):
         data = self.parser.parse_args()
         project_summary = ProjectSummary.find_by_project_summary_guid(project_summary_guid)

services/core-api/app/api/reporting/resources/metabase.py

@@ -1,15 +1,12 @@
 import jwt
-
+from app.api.utils.access_decorators import requires_role_view_all
+from app.api.utils.resources_mixins import UserMixin
+from app.extensions import api
+from flask import current_app
 from flask_restx import Resource
-from flask import request, current_app
-
-from app.extensions import db, api
-from app.api.utils.access_decorators import requires_role_view_all, requires_role_mine_edit
-from app.api.utils.resources_mixins import UserMixin 
-from app.api.utils.search import search_targets, append_result, execute_search, SearchResult
-from app.api.search.response_models import SEARCH_RESULT_RETURN_MODEL
 from werkzeug.exceptions import BadRequest
 
+
 class MetabaseDashboardResource(Resource, UserMixin):
 
     @api.doc(
@@ -19,6 +16,7 @@ class MetabaseDashboardResource(Resource, UserMixin):
             'id': 'Metabase id of resource to embed'
         }
     )
+    @requires_role_view_all
     def get(self, type, id):
         if type not in ('dashboard', 'question'):
             raise BadRequest('Type must be dashboard or question')

services/core-api/app/api/utils/access_decorators.py

@@ -128,6 +128,14 @@ def requires_role_edit_requirements(func):
     return _inner_wrapper(func, EDIT_REQUIREMENTS)
 
 
+def public_endpoint(func):
+    @wraps(func)
+    def wrapper(*args, **kwds):
+        return func(*args, **kwds)
+
+    wrapper.required_roles = _combine_role_flags(func, ["public"])
+    return wrapper
+
 def requires_any_of(roles):
     def decorator(func):
         @wraps(func)

services/core-api/app/api/verifiable_credentials/resources/dependency_tests.py

@@ -1,20 +1,17 @@
-from flask import current_app, request
-from flask_restx import Resource, reqparse
-from app.api.utils.access_decorators import requires_any_of, MINESPACE_PROPONENT, EDIT_PARTY, VIEW_ALL
-
-from app.config import Config
+from app.api.services.orgbook_publisher import OrgbookPublisherService
+from app.api.utils.access_decorators import requires_role_view_all
+from app.api.utils.resources_mixins import UserMixin
 from app.extensions import api
+from flask_restx import Resource
 
-from app.api.utils.resources_mixins import UserMixin
-from app.api.services.orgbook_publisher import OrgbookPublisherService
 
-from app.api.utils.feature_flag import Feature, is_feature_enabled
 class OrgbookPublisherConnectionResource(Resource, UserMixin):
 
     @api.doc(
         description=
         "Endpoint to test connection and authentication to Orgbook Publisher.",
         params={})
+    @requires_role_view_all
     def post(self):
         orgbook_service = OrgbookPublisherService()
         return orgbook_service.get_new_token()