POST logic/Permissions/Test fixes

[jwalz]

WHAT:

• Fix the logic for POSTing to AuthorizedStorageAccount
  • Infer the appropriate user from the session_user_uri provided by OSF instead of accepting a relationship
  • Accept the actual ID for the relationship to the external_storage_service
• Fix the logic for POSTing to ConfiguredStorageAddon
  • Expect the resource_reference relationship to POST the resource_uri, not the ID
• Correct Permssions for AuthorizedStorageAccount creation
  • Any user with an OSF account/session should be able to POST and AuthorizedStorageAccount
• Correct Permissions for ConfiguredStorageAddon
  • Make sure any user who can view the resource onthe OSF can GET the ConfiguredStorageAddon
  • Optionally use the resource_uri field in the authoirzed_resource relationship to check OSF permissions
• Fix tests
  • Replace the @with_mocked_httpx_get decorator with a configurable mock for the OSF
  • Fix failing test logic
  • Expand certain tests to account for resource visibility on the OSF

[aaxelb]

wandered thru with some thoughts, looks good!

[aaxelb]

Suggested change

	id=request.data.get("authoirized_resource", {}).get("id")
	id=request.data.get("authorized_resource", {}).get("id")

(nit: could also skip the query when there's no id)

[aaxelb]

this permission class is still specific to ConfiguredStorageAddon (assumes the referenced resource is at authorized_resource) -- not necessarily a problem, but the rename made me think it would be more generic... could take a field_name param

[aaxelb]

(lil nit/suggestion) if we're on python 3.11+ and MockOSF were usable as context manager (maybe start the patchers in __enter__ and stop them in __exit__), could do

self._mock_osf = MockOSF()
self.enterContext(self._mock_osf)

...which isn't much different, but for some reason i'm still glad enterContext was added

[jwalz]

Didn't know about enter_context! The only examples I'm seeing are in the context of an ExitStack, so the code might look like

with ExitStack as stack:
    self._mock_osf = MockOSF().enter_context()

Maybe worth a quick experiment to see if it works, since that would also make MockOSF easier to use in individual test functions.

[aaxelb]

oh hey that's confusing -- there's contextlib.ExitStack.enter_context and also unittest.TestCase.enterContext (where TestCase kinda has its own exit stack, but in camelCase) -- it's the TestCase one i think would help, and yeah agree using MockOSF as a context manager makes it nicely reusable

[aaxelb]

am i reading correctly that the relationship in json is expected to be

"authorized_resource": {
  "data": {
    "resource_uri": "http://...",
    "type": "resource-references"
  }
}

?

i get the desire to use the resource iri instead of the resource-reference id, but i wonder if there's a more jsonapi-friendly way to do it (rather than a resource identifier object without id/lid) -- maybe a authorized_resource_uri on-create-only attribute?

[jwalz]

I'm fine with re-using the "write-only" field approach we agreed on for credentials here instead of the relationship (though, yeah, need to not let it be PATCH-able). That would clean up the Permissions logic above, too

[jwalz]

https://openscience.atlassian.net/browse/ENG-5418

This should satisfy the comments on the Permissions class, too

[aaxelb]

might be half-dozen-of-another, but could avoid parsing a url by rendering the response to json

_created_account_id = _resp.json()['data']['id']

[jwalz]

good call, this was just copy-pasted into this class instead of living in its own

[aaxelb]

😄

[aaxelb]

🥪