From f32c2efcc28819dd6317c64e11c1433a6cea3b0d Mon Sep 17 00:00:00 2001 From: Jackie Date: Wed, 16 Jul 2025 20:18:50 +0200 Subject: [PATCH] Add create-by audit for scenario creation (again) --- api/src/api/app/apis/scenarios_api.py | 7 ++++++- api/src/api/app/controller/scenario_controller.py | 4 +++- api/src/api/app/db/models.py | 2 ++ api/src/api/app/db/tasks.py | 4 +++- api/src/api/app/middlewares/authentication_middleware.py | 2 +- 5 files changed, 15 insertions(+), 4 deletions(-) diff --git a/api/src/api/app/apis/scenarios_api.py b/api/src/api/app/apis/scenarios_api.py index c27fb75..48627f3 100644 --- a/api/src/api/app/apis/scenarios_api.py +++ b/api/src/api/app/apis/scenarios_api.py @@ -41,10 +41,15 @@ response_model_by_alias=True, ) async def create_scenario( + request: Request, scenario: Scenario = Body(None, description="") ) -> ID: """Create a new scenario to be simulated.""" - return await controller.create_scenario(scenario) + return await controller.create_scenario( + scenario, + request.state.user.userId if request.state.user else None, + request.state.realm if request.state.realm else None + ) @router.delete( diff --git a/api/src/api/app/controller/scenario_controller.py b/api/src/api/app/controller/scenario_controller.py index de1c9c3..3c129d1 100644 --- a/api/src/api/app/controller/scenario_controller.py +++ b/api/src/api/app/controller/scenario_controller.py @@ -62,11 +62,13 @@ class ScenarioController: async def create_scenario( self, scenario: Optional[Scenario], + userId: Optional[str], + orgId: Optional[str] ) -> ID: """Create a new scenario to be simulated.""" if not scenario: raise HTTPException(status_code=500, detail="No scenario provided") - return scenario_create(scenario) + return scenario_create(scenario, userId, orgId) async def delete_scenario( diff --git a/api/src/api/app/db/models.py b/api/src/api/app/db/models.py index c53675b..4eaaffc 100644 --- a/api/src/api/app/db/models.py +++ b/api/src/api/app/db/models.py @@ -28,6 +28,8 @@ class Scenario(SQLModel, table=True): timestampSubmitted: Optional[datetime] = Field(default=None, nullable=True) timestampSimulated: Optional[datetime] = Field(default=None, nullable=True) + userId: Optional[str] = Field(default=None, nullable=True) # Created by user + orgId: Optional[str] = Field(default=None, nullable=True) # Created by user's LHA/Organization class ParameterDefinition(SQLModel, table=True): id: Optional[uuid.UUID] = Field(default_factory=uuid.uuid4, primary_key=True, nullable=False) diff --git a/api/src/api/app/db/tasks.py b/api/src/api/app/db/tasks.py index cdcf33c..0ee8794 100644 --- a/api/src/api/app/db/tasks.py +++ b/api/src/api/app/db/tasks.py @@ -412,7 +412,7 @@ def parameter_definition_delete(id: StrictStr) -> None: ## Scenarios ## -def scenario_create(scenario: Scenario) -> ID: +def scenario_create(scenario: Scenario, userId: Optional[str], orgId: Optional[str]) -> ID: scenario_obj = db.Scenario( name=scenario.name, description=scenario.description, @@ -423,6 +423,8 @@ def scenario_create(scenario: Scenario) -> ID: percentiles=','.join([str(perc) for perc in scenario.percentiles]) if scenario.percentiles else '50', timestampSubmitted=datetime.now(), timestampSimulated=None, + userId=userId, + orgId=orgId ) with next(get_session()) as session: nested_dict = lambda: defaultdict(nested_dict) diff --git a/api/src/api/app/middlewares/authentication_middleware.py b/api/src/api/app/middlewares/authentication_middleware.py index c3013f3..5308980 100644 --- a/api/src/api/app/middlewares/authentication_middleware.py +++ b/api/src/api/app/middlewares/authentication_middleware.py @@ -22,7 +22,7 @@ async def dispatch(self, request, call_next): # async def get_user(request: Request): # return request.state.user request.state.user = user - + request.state.realm = realm # (Optional) role check can be added # if ['admin'] not in user.role: # raise HTTPException(