Adapt activities

eleftherioszisis · eleftherioszisis · commit 3af4d2139ec0 · 2025-09-12T14:26:38.000+02:00
diff --git a/app/db/utils.py b/app/db/utils.py
@@ -76,8 +76,10 @@ def load_db_model_from_pydantic[I: DeclarativeBase](
     created_by_id: uuid.UUID | None,
     updated_by_id: uuid.UUID | None,
     ignore_attributes: set[str] | None = None,
+    *,
+    exclude_defaults: bool = False,
 ) -> I:
-    data = json_model.model_dump(by_alias=True)
+    data = json_model.model_dump(by_alias=True, exclude_defaults=exclude_defaults)
 
     if created_by_id or updated_by_id:
         data["created_by_id"] = created_by_id
diff --git a/app/queries/common.py b/app/queries/common.py
@@ -31,6 +31,7 @@
 from app.schemas.activity import ActivityCreate, ActivityUpdate
 from app.schemas.auth import UserContext, UserContextWithProjectId, UserProfile
 from app.schemas.types import ListResponse, PaginationResponse
+from app.schemas.utils import NOT_SET
 from app.utils.uuid import create_uuid
 
 
@@ -431,14 +432,17 @@ def router_update_activity_one[T: BaseModel, I: Activity](
     update_data = json_model.model_dump(
         exclude_unset=True,
         exclude_none=True,
-        exclude_defaults=True,
         exclude={"used_ids", "generated_ids"},
+        exclude_defaults=True,  # ignore NOT_SET default values
     )
 
     for key, value in update_data.items():
         setattr(obj, key, value)
 
-    if generated_ids := json_model.generated_ids:
+    # ignore NOT_SET values
+    generated_ids = json_model.generated_ids if json_model.generated_ids != NOT_SET else []
+
+    if generated_ids:
         if obj.generated:
             raise HTTPException(
                 status_code=404,
diff --git a/app/schemas/activity.py b/app/schemas/activity.py
@@ -1,5 +1,6 @@
 import uuid
 from datetime import datetime
+from typing import Literal
 
 from pydantic import BaseModel, ConfigDict
 
@@ -12,6 +13,7 @@
     IdentifiableMixin,
 )
 from app.schemas.entity import NestedEntityRead
+from app.schemas.utils import NOT_SET
 
 
 class ActivityBase(BaseModel):
@@ -34,6 +36,7 @@ class ActivityCreate(ActivityBase, AuthorizationOptionalPublicMixin):
     generated_ids: list[uuid.UUID] = []
 
 
-class ActivityUpdate(ActivityBase, AuthorizationOptionalPublicMixin):
-    end_time: datetime | None = None
-    generated_ids: list[uuid.UUID] | None = None
+class ActivityUpdate(ActivityBase):
+    start_time: datetime | Literal[NOT_SET] | None = NOT_SET
+    end_time: datetime | Literal[NOT_SET] | None = NOT_SET
+    generated_ids: list[uuid.UUID] | Literal[NOT_SET] | None = NOT_SET
diff --git a/tests/test_calibration.py b/tests/test_calibration.py
@@ -19,6 +19,7 @@
 DateTimeAdapter = TypeAdapter(datetime)
 
 ROUTE = "calibration"
+ADMIN_ROUTE = "/admin/calibration"
 MODEL = Validation
 TYPE = str(ActivityType.calibration)
 
@@ -319,7 +320,7 @@ def _is_deleted(db, model_id):
     return db.get(MODEL, model_id) is None
 
 
-def test_update_one(client, root_circuit, simulation_result, create_id):
+def test_update_one(client, client_admin, root_circuit, simulation_result, create_id):
     gen1 = create_id(
         used_ids=[str(root_circuit.id)],
         generated_ids=[],
@@ -337,6 +338,39 @@ def test_update_one(client, root_circuit, simulation_result, create_id):
     assert len(data["generated"]) == 1
     assert data["generated"][0]["id"] == str(simulation_result.id)
 
+    # only admin client can hit admin endpoint
+    data = assert_request(
+        client.patch,
+        url=f"{ADMIN_ROUTE}/{gen1}",
+        json={
+            "end_time": str(end_time),
+        },
+        expected_status_code=403,
+    ).json()
+    assert data["error_code"] == "NOT_AUTHORIZED"
+    assert data["message"] == "Service admin role required"
+
+    data = assert_request(
+        client_admin.patch,
+        url=f"{ADMIN_ROUTE}/{gen1}",
+        json={
+            "end_time": str(end_time),
+        },
+    ).json()
+
+    assert DateTimeAdapter.validate_python(data["end_time"]) == end_time
+
+    # admin is treated as regular user for regular route (no project context)
+    data = assert_request(
+        client_admin.patch,
+        url=f"{ROUTE}/{gen1}",
+        json={
+            "end_time": str(end_time),
+        },
+        expected_status_code=403,
+    ).json()
+    assert data["error_code"] == "NOT_AUTHORIZED"
+
 
 def test_update_one__fail_if_generated_ids_unauthorized(
     client_user_1, client_user_2, json_data, species_id, brain_region_id
diff --git a/tests/test_simulation_execution.py b/tests/test_simulation_execution.py
@@ -19,6 +19,7 @@
 DateTimeAdapter = TypeAdapter(datetime)
 
 ROUTE = "simulation-execution"
+ADMIN_ROUTE = "/admin/simulation-execution"
 MODEL = SimulationExecution
 
 
@@ -318,7 +319,7 @@ def _is_deleted(db, model_id):
     return db.get(MODEL, model_id) is None
 
 
-def test_update_one(client, root_circuit, simulation_result, create_id):
+def test_update_one(client, client_admin, root_circuit, simulation_result, create_id):
     gen1 = create_id(
         used_ids=[str(root_circuit.id)],
         generated_ids=[],
@@ -336,6 +337,42 @@ def test_update_one(client, root_circuit, simulation_result, create_id):
     assert len(data["generated"]) == 1
     assert data["generated"][0]["id"] == str(simulation_result.id)
 
+    gen2 = create_id(
+        used_ids=[str(root_circuit.id)],
+        generated_ids=[],
+    )
+
+    # only admin client can hit admin endpoint
+    data = assert_request(
+        client.patch,
+        url=f"{ADMIN_ROUTE}/{gen2}",
+        json=update_json,
+        expected_status_code=403,
+    ).json()
+    assert data["error_code"] == "NOT_AUTHORIZED"
+    assert data["message"] == "Service admin role required"
+
+    data = assert_request(
+        client_admin.patch,
+        url=f"{ADMIN_ROUTE}/{gen2}",
+        json=update_json,
+    ).json()
+
+    assert DateTimeAdapter.validate_python(data["end_time"]) == end_time
+    assert len(data["generated"]) == 1
+    assert data["generated"][0]["id"] == str(simulation_result.id)
+
+    # admin is treated as regular user for regular route (no authorized project ids)
+    data = assert_request(
+        client_admin.patch,
+        url=f"{ROUTE}/{gen2}",
+        json={
+            "end_time": str(end_time),
+        },
+        expected_status_code=403,
+    ).json()
+    assert data["error_code"] == "NOT_AUTHORIZED"
+
 
 def test_update_one__fail_if_generated_ids_unauthorized(
     client_user_1, client_user_2, json_data, species_id, brain_region_id
diff --git a/tests/test_simulation_generation.py b/tests/test_simulation_generation.py
@@ -19,6 +19,7 @@
 DateTimeAdapter = TypeAdapter(datetime)
 
 ROUTE = "simulation-generation"
+ADMIN_ROUTE = "/admin/simulation-generation"
 MODEL = SimulationGeneration
 
 
@@ -297,7 +298,7 @@ def _is_deleted(db, model_id):
     return db.get(MODEL, model_id) is None
 
 
-def test_update_one(client, root_circuit, simulation_result, create_id):
+def test_update_one(client, client_admin, root_circuit, simulation_result, create_id):
     gen1 = create_id(
         used_ids=[str(root_circuit.id)],
         generated_ids=[],
@@ -315,6 +316,40 @@ def test_update_one(client, root_circuit, simulation_result, create_id):
     assert len(data["generated"]) == 1
     assert data["generated"][0]["id"] == str(simulation_result.id)
 
+    gen2 = create_id(
+        used_ids=[str(root_circuit.id)],
+        generated_ids=[],
+    )
+
+    # only admin client can hit admin endpoint
+    data = assert_request(
+        client.patch,
+        url=f"{ADMIN_ROUTE}/{gen2}",
+        json=update_json,
+        expected_status_code=403,
+    ).json()
+    assert data["error_code"] == "NOT_AUTHORIZED"
+    assert data["message"] == "Service admin role required"
+
+    data = assert_request(
+        client_admin.patch,
+        url=f"{ADMIN_ROUTE}/{gen2}",
+        json=update_json,
+    ).json()
+
+    assert DateTimeAdapter.validate_python(data["end_time"]) == end_time
+    assert len(data["generated"]) == 1
+    assert data["generated"][0]["id"] == str(simulation_result.id)
+
+    # admin is treated as regular user for regular route (no project context)
+    data = assert_request(
+        client_admin.patch,
+        url=f"{ROUTE}/{gen2}",
+        json=update_json,
+        expected_status_code=403,
+    ).json()
+    assert data["error_code"] == "NOT_AUTHORIZED"
+
 
 def test_update_one__fail_if_generated_ids_unauthorized(
     client_user_1, client_user_2, json_data, species_id, brain_region_id
diff --git a/tests/test_validation.py b/tests/test_validation.py
@@ -19,6 +19,7 @@
 DateTimeAdapter = TypeAdapter(datetime)
 
 ROUTE = "validation"
+ADMIN_ROUTE = "/admin/validation"
 MODEL = Validation
 TYPE = str(ActivityType.validation)
 
@@ -319,8 +320,8 @@ def _is_deleted(db, model_id):
     return db.get(MODEL, model_id) is None
 
 
-def test_update_one(client, root_circuit, simulation_result, create_id):
-    gen1 = create_id(
+def test_update_one(client, client_admin, root_circuit, simulation_result, create_id):
+    entity_id = create_id(
         used_ids=[str(root_circuit.id)],
         generated_ids=[],
     )
@@ -332,11 +333,45 @@ def test_update_one(client, root_circuit, simulation_result, create_id):
         "generated_ids": [str(simulation_result.id)],
     }
 
-    data = assert_request(client.patch, url=f"{ROUTE}/{gen1}", json=update_json).json()
+    data = assert_request(client.patch, url=f"{ROUTE}/{entity_id}", json=update_json).json()
+    assert DateTimeAdapter.validate_python(data["end_time"]) == end_time
+    assert len(data["generated"]) == 1
+    assert data["generated"][0]["id"] == str(simulation_result.id)
+
+    # only admin client can hit admin endpoint
+    data = assert_request(
+        client.patch,
+        url=f"{ADMIN_ROUTE}/{entity_id}",
+        json=update_json,
+        expected_status_code=403,
+    ).json()
+    assert data["error_code"] == "NOT_AUTHORIZED"
+    assert data["message"] == "Service admin role required"
+
+    entity_id = create_id(
+        used_ids=[str(root_circuit.id)],
+        generated_ids=[],
+    )
+
+    data = assert_request(
+        client_admin.patch,
+        url=f"{ADMIN_ROUTE}/{entity_id}",
+        json=update_json,
+    ).json()
+
     assert DateTimeAdapter.validate_python(data["end_time"]) == end_time
     assert len(data["generated"]) == 1
     assert data["generated"][0]["id"] == str(simulation_result.id)
 
+    # admin is treated as regular user for regular route (no project context)
+    data = assert_request(
+        client_admin.patch,
+        url=f"{ROUTE}/{entity_id}",
+        json=update_json,
+        expected_status_code=403,
+    ).json()
+    assert data["error_code"] == "NOT_AUTHORIZED"
+
 
 def test_update_one__fail_if_generated_ids_unauthorized(
     client_user_1, client_user_2, json_data, species_id, brain_region_id
