add filters to GET /notifications endpoints to only return for provided key_type

if api_key used to access endpoint is type team, endpoints only return that type - will 404 if you provide a different ID. Same applies for normal (normal api keys cannot see team notifications) also, for convenience, set sample_notification to supply key_type of KEY_TYPE_NORMAL by default
2026-02-02 09:26:08 -05:00 · 2016-06-30 18:43:15 +01:00
parent 01419e7894
commit 2cf1d22748
4 changed files with 214 additions and 91 deletions
--- a/app/dao/notifications_dao.py
+++ b/app/dao/notifications_dao.py
@@ -333,8 +333,12 @@ def get_notifications_for_job(service_id, job_id, filter_dict=None, page=1, page
    )


-def get_notification(service_id, notification_id):
-    return Notification.query.filter_by(service_id=service_id, id=notification_id).one()
+def get_notification(service_id, notification_id, key_type=None):
+    filter_dict = {'service_id': service_id, 'id': notification_id}
+    if key_type:
+        filter_dict['key_type'] = key_type
+
+    return Notification.query.filter_by(**filter_dict).one()


 def get_notification_by_id(notification_id):
@@ -349,7 +353,8 @@ def get_notifications_for_service(service_id,
                                  filter_dict=None,
                                  page=1,
                                  page_size=None,
-                                  limit_days=None):
+                                  limit_days=None,
+                                  key_type=None):
    if page_size is None:
        page_size = current_app.config['PAGE_SIZE']
    filters = [Notification.service_id == service_id]
@@ -358,6 +363,9 @@ def get_notifications_for_service(service_id,
        days_ago = date.today() - timedelta(days=limit_days)
        filters.append(func.date(Notification.created_at) >= days_ago)

+    if key_type is not None:
+        filters.append(Notification.key_type == key_type)
+
    query = Notification.query.filter(*filters)
    query = _filter_query(query, filter_dict)
    return query.order_by(desc(Notification.created_at)).paginate(
--- a/app/notifications/rest.py
+++ b/app/notifications/rest.py
@@ -171,7 +171,9 @@ def process_firetext_response():

@notifications.route('/notifications/<uuid:notification_id>', methods=['GET'])
 def get_notifications(notification_id):
-    notification = notifications_dao.get_notification(str(api_user.service_id), notification_id)
+    notification = notifications_dao.get_notification(str(api_user.service_id),
+                                                      notification_id,
+                                                      key_type=api_user.key_type)
    return jsonify(data={"notification": notification_status_schema.dump(notification).data}), 200


@@ -187,7 +189,8 @@ def get_all_notifications():
        filter_dict=data,
        page=page,
        page_size=page_size,
-        limit_days=limit_days)
+        limit_days=limit_days,
+        key_type=api_user.key_type)
    return jsonify(
        notifications=notification_status_schema.dump(pagination.items, many=True).data,
        page_size=page_size,