Add GET_SHARE_OBJECT permissions to get data filters API (#1717)

- Bugfix - Add GET_SHARE_OBJECT permissions to get data filters API - Cosmetic changes on shares_base module - <URL or Ticket> Please answer the questions below briefly where applicable, or write `N/A`. Based on [OWASP 10](https://owasp.org/Top10/en/). - Does this PR introduce or modify any input fields or queries - this includes fetching data from storage outside the application (e.g. a database, an S3 bucket)? - Is the input sanitized? - What precautions are you taking before deserializing the data you consume? - Is injection prevented by parametrizing queries? - Have you ensured no `eval` or similar functions are used? - Does this PR introduce any functionality or component that requires authorization? - How have you ensured it respects the existing AuthN/AuthZ mechanisms? - Are you logging failed auth attempts? - Are you using or adding any cryptographic features? - Do you use a standard proven implementations? - Are the used keys controlled by the customer? Where are they stored? - Are you introducing any new policies/roles/users? - Have you used the least-privilege principle? How? By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
data-dot-all · Dec 5, 2024 · 7f0dab7 · 7f0dab7
1 parent ebb91ff
commit 7f0dab7
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 13 deletions.
diff --git a/backend/dataall/modules/shares_base/api/resolvers.py b/backend/dataall/modules/shares_base/api/resolvers.py
@@ -265,12 +265,10 @@ def list_shares_in_my_outbox(context: Context, source, filter: dict = None):
 def list_shared_with_environment_data_items(context: Context, source, environmentUri: str = None, filter: dict = None):
     if not filter:
         filter = {}
-    with context.engine.scoped_session() as session:
-        return ShareItemService.paginated_shared_with_environment_datasets(
-            session=session,
-            uri=environmentUri,
-            data=filter,
-        )
+    return ShareItemService.paginated_shared_with_environment_datasets(
+        uri=environmentUri,
+        data=filter,
+    )
 
 
 def update_share_request_purpose(context: Context, source, shareUri: str = None, requestPurpose: str = None):

diff --git a/backend/dataall/modules/shares_base/services/share_item_service.py b/backend/dataall/modules/shares_base/services/share_item_service.py
@@ -208,6 +208,8 @@ def list_shareable_objects(share, filter, is_revokable=False):
 
     @staticmethod
     @ResourcePolicyService.has_resource_permission(LIST_ENVIRONMENT_SHARED_WITH_OBJECTS)
-    def paginated_shared_with_environment_datasets(session, uri, data) -> dict:
-        share_item_shared_states = ShareStatusRepository.get_share_item_shared_states()
-        return ShareObjectRepository.paginate_shared_datasets(session, uri, data, share_item_shared_states)
+    def paginated_shared_with_environment_datasets(uri, data) -> dict:
+        context = get_context()
+        with context.db_engine.scoped_session() as session:
+            share_item_shared_states = ShareStatusRepository.get_share_item_shared_states()
+            return ShareObjectRepository.paginate_shared_datasets(session, uri, data, share_item_shared_states)
diff --git a/backend/dataall/modules/shares_base/services/share_logs_service.py b/backend/dataall/modules/shares_base/services/share_logs_service.py
@@ -21,7 +21,7 @@ def check_view_log_permissions(username, groups, shareUri):
             return ds.stewards in groups or ds.SamlAdminGroupName in groups or username == ds.owner
 
     @staticmethod
-    def get_share_logs_name_query(shareUri):
+    def _get_share_logs_name_query(shareUri):
         log.info(f'Get share Logs stream name for share {shareUri}')
 
         query = f"""fields @logStream
@@ -32,7 +32,7 @@ def get_share_logs_name_query(shareUri):
         return query
 
     @staticmethod
-    def get_share_logs_query(log_stream_name):
+    def _get_share_logs_query(log_stream_name):
         query = f"""fields @timestamp, @message, @logStream, @log as @logGroup
                     | sort @timestamp asc
                     | filter @logStream like "{log_stream_name}"
@@ -52,7 +52,7 @@ def get_share_logs(shareUri):
         envname = os.getenv('envname', 'local')
         log_group_name = f"/{Parameter().get_parameter(env=envname, path='resourcePrefix')}/{envname}/ecs/share-manager"
 
-        query_for_name = ShareLogsService.get_share_logs_name_query(shareUri=shareUri)
+        query_for_name = ShareLogsService._get_share_logs_name_query(shareUri=shareUri)
         name_query_result = CloudWatch.run_query(
             query=query_for_name,
             log_group_name=log_group_name,
@@ -63,7 +63,7 @@ def get_share_logs(shareUri):
 
         name = name_query_result[0]['logStream']
 
-        query = ShareLogsService.get_share_logs_query(log_stream_name=name)
+        query = ShareLogsService._get_share_logs_query(log_stream_name=name)
         results = CloudWatch.run_query(
             query=query,
             log_group_name=log_group_name,