Enhancement of Endpoints

[Arian-Ott]

Context

Hyperion currently has only a limited amount of endpoints. Those need to adhere to the REST standard.

Examples are:

• User creation
• Login
• Adding new fixtures

At the moment all endpoints were implemented on demand so that the PoC works.
Missing endpoints result in missing core functionalities which are required for v1.

Missing features are (list incomplete):

• Manage own user (delete, update, password update....)
• User administration (crud operations; deactivate accounts....)
• Permission management (crud operations)
• ...

Relevant infos

• Each user has a role
• Roles are defined in Access COntrol lists (see below) (those are used within the API endpoint via Dependency injection current_user = Depends(requires_admin) )
• All Account related things are managed in the account service
• The first user created by the User creation wizard cannot be deleted. Without an admin user, noone has access to the application and there is no way of doing it via the DB.

ACL Definition

hyperion/backend/src/core/security/access.py

Lines 74 to 89 in ae065e6

	ACL_ADMIN = [UserRole.ADMIN]
	ACL_TECH_LEAD = [UserRole.ADMIN, UserRole.TECHNICAL_LEAD]
	ACL_PROGRAMMER = [UserRole.ADMIN, UserRole.TECHNICAL_LEAD, UserRole.PROGRAMMER]
	ACL_OPERATOR = [
	UserRole.ADMIN,
	UserRole.TECHNICAL_LEAD,
	UserRole.PROGRAMMER,
	UserRole.OPERATOR,
	]
	ACL_VIEWER = [
	UserRole.ADMIN,
	UserRole.TECHNICAL_LEAD,
	UserRole.PROGRAMMER,
	UserRole.OPERATOR,
	UserRole.VIEWER,
	]

All user Endpoints are managed within this file.

https://github.com/Arian-Ott/hyperion/blob/master/backend/src/routers/accounts.py

The account models are here:

https://github.com/Arian-Ott/hyperion/blob/master/backend/src/models/accounts.py

Objective

• Create a new service for admin tasks. Choose a meaningful file name ( src/services/<filename>.py)
• Create a Service class with a meaningful name. The class should accept an AsyncSession inside the parameter list
• Add relevant Admin functionalities to your service class. Those could be (delete user, block user, change user info...)
• Create a new admin router file including an admin router. You can choose a meaningful filename (src/routers/filename.py`)
• Implement the previously created services as REST endpoints in your admin router.
• Ensure that all Endpoints are only acceswsible with an admin role (Depends(require_admin))
• If other endpoints require modification to adhere to the REST standard, those should be refactored too.