Merge pull request #363 from TeskaLabs/fix/resource-initialization

Fix resource initialization
TeskaLabs · Apr 18, 2024 · b3dd8be · b3dd8be
2 parents 18ce59d + fc1a9e4
commit b3dd8be
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 6 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,7 @@
 ## v24.06
 
 ### Pre-releases
+- `v24.06-alpha15`
 - `v24.06-alpha14`
 - `v24.06-alpha13`
 - `v24.06-alpha12`
@@ -26,6 +27,7 @@
 - Disable special characters in tenant ID (#349, `v24.06-alpha6`)
 
 ### Fix
+- Fix the initialization and updating of built-in resources (#363, `v24.06-alpha15`)
 - Fix searching credentials with multiple filters (#362, `v24.06-alpha14`)
 - Better TOTP error responses (#352, `v24.06-alpha10`)
 - Fix resource editability (#355, `v24.06-alpha9`)

diff --git a/seacatauth/authz/resource/handler.py b/seacatauth/authz/resource/handler.py
@@ -4,8 +4,9 @@
 import aiohttp.web
 import asab
 import asab.web.rest
+import asab.exceptions
 
-from seacatauth.decorators import access_control
+from ...decorators import access_control
 
 #
 

diff --git a/seacatauth/authz/resource/service.py b/seacatauth/authz/resource/service.py
@@ -135,9 +135,11 @@ async def _ensure_builtin_resources(self):
 				await self.create(resource_id, description, is_managed_by_seacat_auth=True)
 				continue
 
-			# Update resource description
-			if description is not None and db_resource.get("description") != description:
-				await self._update(resource_id, description)
+			if (
+				(db_resource.get("managed_by") != "seacat-auth")
+				or (description is not None and db_resource.get("description") != description)
+			):
+				await self._update(db_resource, description, is_managed_by_seacat_auth=True)
 
 
 	async def list(self, page: int = 0, limit: int = None, query_filter: dict = None):
@@ -206,9 +208,13 @@ async def update(self, resource_id: str, description: str):
 		resource = await self.get(resource_id)
 		if not await self.is_editable_resource(resource):
 			raise asab.exceptions.ValidationError("Built-in resource cannot be modified")
+		await self._update(resource, description)
+
+
+	async def _update(self, resource: dict, description: str, is_managed_by_seacat_auth=False):
 		upsertor = self.StorageService.upsertor(
 			self.ResourceCollection,
-			obj_id=resource_id,
+			obj_id=resource["_id"],
 			version=resource["_v"])
 
 		assert description is not None
@@ -217,8 +223,11 @@ async def update(self, resource_id: str, description: str):
 		else:
 			upsertor.set("description", description)
 
+		if is_managed_by_seacat_auth:
+			upsertor.set("managed_by", "seacat-auth")
+
 		await upsertor.execute(event_type=EventTypes.RESOURCE_UPDATED)
-		L.log(asab.LOG_NOTICE, "Resource updated", struct_data={"resource": resource_id})
+		L.log(asab.LOG_NOTICE, "Resource updated", struct_data={"resource": resource["_id"]})
 
 
 	async def delete(self, resource_id: str, hard_delete: bool = False):