Merge pull request #459 from jjrom/develop

jjrom · web-flow · commit 0aee9c5ffea4 · 2024-10-22T16:23:15.000+02:00
Validate update catalog
diff --git a/app/resto/core/api/STACAPI.php b/app/resto/core/api/STACAPI.php
@@ -487,20 +487,52 @@ public function updateCatalog($params, $body)
 
         // Get catalogs and childs
         $catalogs = $this->catalogsFunctions->getCatalogs(array(
-            'id' => join('/', $params['segments'])
+            'id' => join('/', $params['segments']),
+            'noCount' => true
         ), $this->context->core['baseUrl'], true);
         
         if ( count($catalogs) === 0 ){
             RestoLogUtil::httpError(404);
         }
 
-
         // If user has not the right to update catalog then 403
         if ( !$this->user->hasRightsTo(RestoUser::UPDATE_CATALOG, array('catalog' => $catalogs[0])) ) {
             return RestoLogUtil::httpError(403);
         }
+        
+        // Update is not forced so we should check that input links array don't remove existing childs
+        // [IMPORTANT] if no links object is in the body then only other properties are updated and existing links are not destroyed
+        if ( array_key_exists('links', $body) && !filter_var($params['_force'] ?? false, FILTER_VALIDATE_BOOLEAN) ) {
+            $levelUp = array();
+            for ($i = 0, $ii = count($catalogs); $i < $ii; $i++) {
+                if ($catalogs[$i]['level'] !== $catalogs[0]['level'] + 1) {
+                    continue;
+                }
+                $levelUp[$catalogs[$i]['id']] = false;
+                for ($j = 0, $jj = count($body['links']); $j < $jj; $j++) {
+                    if ( !str_starts_with($body['links'][$j]['href'], $this->context->core['baseUrl'] . RestoRouter::ROUTE_TO_CATALOGS ) ) {
+                        continue;
+                    }
+                    if ($catalogs[$i]['id'] === substr($body['links'][$j]['href'], strlen($this->context->core['baseUrl'] . RestoRouter::ROUTE_TO_CATALOGS) + 1)) {
+                        $levelUp[$catalogs[$i]['id']] = true;
+                        break;
+                    }
+                }
+            }
+            $removed = 0;
+            foreach (array_keys($levelUp) as $key) {
+                if ( $levelUp[$key] === false ) {
+                    $removed++;
+                }
+            }
+
+            if ($removed > 0) {
+                return RestoLogUtil::httpError(400, 'The catalog update would remove ' . $removed . ' existing child(s). Set **_force** query parameter to true to force update anyway');
+            }
+        }
 
-        $updatable = array('title', 'description', 'owner', 'links');
+        
+        $updatable = array('title', 'description', 'owner', 'links', 'visibility');
         for ($i = count($updatable); $i--;) {
             if ( isset($body[$updatable[$i]]) ) {
                 $catalogs[0][$updatable[$i]] = $body[$updatable[$i]];
@@ -576,17 +608,24 @@ public function removeCatalog($params)
 
         // Get catalogs and childs
         $catalogs = $this->catalogsFunctions->getCatalogs(array(
-            'id' => join('/', $params['segments'])
+            'id' => join('/', $params['segments']),
+            'noCount' => true
         ), $this->context->core['baseUrl'], true);
         
-        if ( count($catalogs) === 0 ){
+        $count = count($catalogs);
+        if ( $count === 0 ){
             RestoLogUtil::httpError(404);
         }
 
         // If user has not the right to delete catalog then 403
         if ( !$this->user->hasRightsTo(RestoUser::DELETE_CATALOG, array('catalog' => $catalogs[0])) ) {
             return RestoLogUtil::httpError(403);
         }
+
+        // If catalogs has child, do not remove it unless _force option is set to true
+        if ( $count > 1 && !filter_var($params['_force'] ?? false, FILTER_VALIDATE_BOOLEAN) ){
+            return RestoLogUtil::httpError(400, 'The catalog contains ' . ($count - 1) . ' child(s) and cannot be deleted. Set **_force** query parameter to true to force deletion anyway');
+        }
         
         return RestoLogUtil::success('Catalog deleted', $this->catalogsFunctions->removeCatalog($catalogs[0]['id']));
 
diff --git a/app/resto/core/dbfunctions/CatalogsFunctions.php b/app/resto/core/dbfunctions/CatalogsFunctions.php
@@ -262,7 +262,7 @@ public function updateCatalog($catalog, $userid, $context)
         $values = array(
             $catalog['id']
         );
-        
+
         $canBeUpdated = array(
             'title',
             'owner',
@@ -273,7 +273,10 @@ public function updateCatalog($catalog, $userid, $context)
 
         $set = array();
         $cleanLinks = $this->getCleanLinks($catalog, $userid, $context);
-        $catalog['links'] = $cleanLinks['links'];
+        
+        if ( array_key_exists('links', $cleanLinks) ) {
+            $catalog['links'] = $cleanLinks['links'];
+        }
 
         foreach (array_keys($catalog) as $key ) {
             if (in_array($key, $canBeUpdated)) {
@@ -292,16 +295,38 @@ public function updateCatalog($catalog, $userid, $context)
             $this->dbDriver->query('BEGIN');
 
             /*
-             * Delete all catalog childs BUT NOT HIMSELF
+             * Delete catalog childs BUT NOT HIMSELF and the one in childIds
              */
-            $this->dbDriver->fetch($this->dbDriver->pQuery('DELETE FROM ' . $this->dbDriver->targetSchema . '.catalog WHERE lower(id) LIKE lower($1) RETURNING id', array(
-                $catalog['id'] . '/%'
-            ), 500, 'Cannot delete catalog ' . $catalog['id']));
-            $this->dbDriver->fetch($this->dbDriver->pQuery('DELETE FROM ' . $this->dbDriver->targetSchema . '.catalog_feature WHERE path ~ $1 AND path <> $2' , array(
-                RestoUtil::path2ltree($catalog['id']) . '.*',
-                RestoUtil::path2ltree($catalog['id'])
-            ), 500, 'Cannot delete catalog_feature association for catalog ' . $catalog['id']));
-        
+            if ( array_key_exists('links', $cleanLinks) ) {
+
+                // No childIds => easy !
+                if ( empty($cleanLinks['childIds']) ) {
+                    $this->dbDriver->fetch($this->dbDriver->pQuery('DELETE FROM ' . $this->dbDriver->targetSchema . '.catalog WHERE lower(id) LIKE lower($1) RETURNING id', array(
+                        $catalog['id'] . '/%'
+                    ), 500, 'Cannot update catalog ' . $catalog['id']));
+                    $this->dbDriver->fetch($this->dbDriver->pQuery('DELETE FROM ' . $this->dbDriver->targetSchema . '.catalog_feature WHERE path ~ $1 AND path <> $2' , array(
+                        RestoUtil::path2ltree($catalog['id']) . '.*',
+                        RestoUtil::path2ltree($catalog['id'])
+                    ), 500, 'Cannot update catalog_feature association for catalog ' . $catalog['id']));
+                }
+                else {
+                    $lowerIds = array();
+                    $paths = array('\'' . RestoUtil::path2ltree($catalog['id']) . '\'');
+                    for ($i = 0, $ii = count($cleanLinks['childIds']); $i < $ii; $i++) {
+                        $lowerIds[] = 'lower(\'' . pg_escape_string($this->dbDriver->getConnection(), $cleanLinks['childIds'][$i]) . '\')';
+                        $paths[] = '\'' . RestoUtil::path2ltree($cleanLinks['childIds'][$i]) . '\'';
+                    }
+                    $this->dbDriver->fetch($this->dbDriver->pQuery('DELETE FROM ' . $this->dbDriver->targetSchema . '.catalog WHERE lower(id) LIKE lower($1) AND lower(id) NOT IN (' . join(',', $lowerIds) . ') RETURNING id', array(
+                        $catalog['id'] . '/%'
+                    ), 500, 'Cannot update catalog ' . $catalog['id']));
+                    $this->dbDriver->fetch($this->dbDriver->pQuery('DELETE FROM ' . $this->dbDriver->targetSchema . '.catalog_feature WHERE path ~ $1 AND path NOT IN (' . join(',', $paths) . ')' , array(
+                        RestoUtil::path2ltree($catalog['id']) . '.*'
+                    ), 500, 'Cannot update catalog_feature association for catalog ' . $catalog['id']));
+                    
+                }
+            
+            }
+            
             /*
              * Then update catalog
              */
@@ -310,9 +335,11 @@ public function updateCatalog($catalog, $userid, $context)
             /*
              * Add an entry in catalog_feature for each interalItems but first remove all items !
              */
-            $this->removeCatalogFeatures($catalog['id']);
-            $this->addInternalItems($cleanLinks['internalItems'], $catalog['id']);
-            
+            if ( array_key_exists('links', $cleanLinks) ) {
+                $this->removeCatalogFeatures($catalog['id']);
+                $this->addInternalItems($cleanLinks['internalItems'], $catalog['id']);
+            }
+
             $this->dbDriver->query('COMMIT');
             
         } catch (Exception $e) {
@@ -688,13 +715,20 @@ private function getCleanLinks($catalog, $userid, $context) {
         
         $output = array(
             'links' => array(),
+            'childIds' => array(),
             'internalItems' => array()
         );
 
-        if ( !isset($catalog['links']) ) {
-            return $output;
+        if ( !array_key_exists('links', $catalog) ) {
+            return array(
+                'internalitems' => array()
+            );
         };
 
+        if ( empty($catalog['links']) ) {
+            return $output;
+        };
+        
         for ($i = 0, $ii = count($catalog['links']); $i < $ii; $i++) {
             $link = $catalog['links'][$i];
             if ( !isset($link['rel']) || in_array($link['rel'], array('root', 'parent', 'self')) ) {
@@ -747,10 +781,15 @@ private function getCleanLinks($catalog, $userid, $context) {
                      * Avoid cycling (i.e. catalog self referencing one of its parent)
                      */
                     if (str_starts_with($link['href'], $context->core['baseUrl'] . RestoRouter::ROUTE_TO_CATALOGS )) {
-                        $exploded = explode('/', substr($link['href'], strlen($context->core['baseUrl'] . RestoRouter::ROUTE_TO_CATALOGS) + 1));
+                        $childId = substr($link['href'], strlen($context->core['baseUrl'] . RestoRouter::ROUTE_TO_CATALOGS) + 1);
+                        $exploded = explode('/', $childId);
                         if ( count($exploded) <= count(explode('/', $catalog['id'])) ) {
                             return RestoLogUtil::httpError(400, 'Child ' . $link['href'] . ' is invalid because it references a parent resource');
                         }
+                        // Keep track of child ids for delete before update
+                        else {
+                            $output['childIds'][] = $childId;
+                        }
                     }
 
                     /*
@@ -772,9 +811,7 @@ private function getCleanLinks($catalog, $userid, $context) {
                 if ( $childCatalog === null ) {
                     return RestoLogUtil::httpError(400, 'Catalog child ' . $link['href'] . ' does not exist');    
                 }
-                
-                $output['links'][] = $link;
-                
+
             }
 
         }
diff --git a/docs/COLLECTIONS_AND_CATALOGS.md b/docs/COLLECTIONS_AND_CATALOGS.md
@@ -69,6 +69,7 @@ is to create an empty catalog then add its childs through the POST API
         # The catalog dummyCatalogCycling is posted under /catalogs/dummyCatalogChild1 but reference one of this
         # parent as a child which is forbiden
         curl -X POST -d@examples/catalogs/dummyCatalogChild1.json "http://admin:admin@localhost:5252/catalogs/dummyCatalog"
+        curl -X POST -d@examples/catalogs/dummyCatalogChildOfChild1.json "http://admin:admin@localhost:5252/catalogs/dummyCatalog/dummyCatalogChild1"
         curl -X POST -d@examples/catalogs/dummyCatalogCycling.json "http://admin:admin@localhost:5252/catalogs/dummyCatalog/dummyCatalogChild1"
 
 ### Create a catalog with item
@@ -89,7 +90,25 @@ is to create an empty catalog then add its childs through the POST API
 
         curl -X PUT -d@examples/catalogs/dummyCatalogWithItem_update.json "http://admin:admin@localhost:5252/catalogs/dummyCatalog/dummyCatalogChild1"
 
+### Update a catalog that has already childs
+
+        # First post 2 catalogs under dummyCatalog 
+        curl -X POST -d@examples/catalogs/dummyCatalogChild1.json "http://admin:admin@localhost:5252/catalogs/dummyCatalog"
+        curl -X POST -d@examples/catalogs/dummyCatalogChild2.json "http://admin:admin@localhost:5252/catalogs/dummyCatalog"
+        
+        # Update dummyCatalog removing one catalog in the links will return an HTTP error because it would remove existing child
+        curl -X PUT -d@examples/catalogs/dummyCatalog_update.json "http://admin:admin@localhost:5252/catalogs/dummyCatalog"
+        
+        # Use _force flag to force links update
+
+        
+
 ### Delete a catalog
 
         # Delete a catalog - user with the "deleteCatalog" right can delete a catalog he owns
-        curl -X DELETE "http://admin:admin@localhost:5252/catalogs/dummyCatalog"
+        # This will return an HTTP error because the catalog contains child and removing it would remove childs
+        curl -X DELETE "http://admin:admin@localhost:5252/catalogs/dummyCatalog"
+
+        # Use _force flag to force deletion
+        curl -X DELETE "http://admin:admin@localhost:5252/catalogs/dummyCatalog?_force=1"
+
diff --git a/examples/catalogs/dummyCatalogChild1.json b/examples/catalogs/dummyCatalogChild1.json
@@ -4,5 +4,11 @@
     "title": "Dummy Catalog child 1",
     "description":"I'm a child of dummyCatalog",
     "stac_version":"1.0.0",
-    "links":[]
+    "links":[
+        {
+            "rel":"item",
+            "href":"http://127.0.0.1:5252/collections/DummyCollection/items/DummySargasse",
+            "title":"Catalog can also have item"
+        }
+    ]
 }
diff --git a/examples/catalogs/dummyCatalogChild2.json b/examples/catalogs/dummyCatalogChild2.json
@@ -4,5 +4,11 @@
     "title": "Dummy Catalog child 2",
     "description":"I'm a child of dummyCatalog",
     "stac_version":"1.0.0",
-    "links":[]
+    "links":[
+        {
+            "rel":"item",
+            "href":"http://127.0.0.1:5252/collections/DummyCollection/items/DummySargasse",
+            "title":"Catalog can also have item"
+        }
+    ]
 }
diff --git a/examples/catalogs/dummyCatalog_update.json b/examples/catalogs/dummyCatalog_update.json
@@ -0,0 +1,13 @@
+{
+    "id": "dummyCatalog",
+    "title": "Dummy Catalog",
+    "type": "Catalog",
+    "description":"This is an update of dummyCatalog with one link removed",
+    "stac_version":"1.0.0",
+    "links":[
+        {
+            "rel":"child",
+            "href":"http://127.0.0.1:5252/catalogs/dummyCatalog/dummyCatalogChild1"
+        }
+    ]
+}
