RomanNum3ral
/
MicroFish
mirror of https://github.com/666ghj/MiroFish.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

feat(graph): filter projects by user_id, protect get/delete with require_project_owner 

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Ubuntu 2026-05-16 09:21:32 +00:00
parent 815400f3b6
commit 424c37e050
1 changed files with 12 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
backend/app/api/graph.py
View File

@ -11,7 +11,7 @@ import threading
from flask import request, jsonify, Response from flask import request, jsonify, Response
from . import graph_bp from . import graph_bp
from .. import get_storage from .. import get_storage, get_current_user, require_project_owner
from ..config import Config from ..config import Config
from ..services.ontology_generator import OntologyGenerator from ..services.ontology_generator import OntologyGenerator
from ..services.graph_builder import GraphBuilderService from ..services.graph_builder import GraphBuilderService
@ -38,6 +38,7 @@ def allowed_file(filename: str) -> bool:
# ============== Project management endpoints ============== # ============== Project management endpoints ==============
@graph_bp.route('/project/<project_id>', methods=['GET']) @graph_bp.route('/project/<project_id>', methods=['GET'])
@require_project_owner
def get_project(project_id: str): def get_project(project_id: str):
""" """
Get project details Get project details
@ -62,16 +63,15 @@ def list_projects():
List all projects List all projects
""" """
limit = request.args.get('limit', 50, type=int) limit = request.args.get('limit', 50, type=int)
projects = ProjectManager.list_projects(limit=limit) user = get_current_user()
# Admin i mode TESTING (user=None) veuen tots; usuaris normals veuen els seus
return jsonify({ filter_user_id = None if (user is None or user.role == 'admin') else user.id
"success": True, projects = ProjectManager.list_projects(limit=limit, user_id=filter_user_id)
"data": projects, return jsonify({"success": True, "data": projects, "count": len(projects)})
"count": len(projects)
})
@graph_bp.route('/project/<project_id>', methods=['DELETE']) @graph_bp.route('/project/<project_id>', methods=['DELETE'])
@require_project_owner
def delete_project(project_id: str): def delete_project(project_id: str):
""" """
Delete a project Delete a project
@ -182,7 +182,8 @@ def generate_ontology():
if not uploaded_files or all(not f.filename for f in uploaded_files): if not uploaded_files or all(not f.filename for f in uploaded_files):
return jsonify({"success": False, "error": t('api.requireFileUpload')}), 400 return jsonify({"success": False, "error": t('api.requireFileUpload')}), 400
project = ProjectManager.create_project(name=project_name, storage=storage) user = get_current_user()
project = ProjectManager.create_project(name=project_name, storage=storage, user_id=user.id if user else None)
project_id = project["project_id"] project_id = project["project_id"]
logger.info(f"Project created: {project_id}") logger.info(f"Project created: {project_id}")
@ -310,7 +311,8 @@ def import_ontology():
if not uploaded_files or all(not f.filename for f in uploaded_files): if not uploaded_files or all(not f.filename for f in uploaded_files):
return jsonify({"success": False, "error": t('api.requireFileUpload')}), 400 return jsonify({"success": False, "error": t('api.requireFileUpload')}), 400
project = ProjectManager.create_project(name=project_name, storage=storage) user = get_current_user()
project = ProjectManager.create_project(name=project_name, storage=storage, user_id=user.id if user else None)
project_id = project["project_id"] project_id = project["project_id"]
logger.info(f"Project created for import: {project_id}") logger.info(f"Project created for import: {project_id}")