Add collection_id path parameter and check against Item collection property

Author: duckontheweb

stac_fastapi/extensions/stac_fastapi/extensions/core/transaction.py

@@ -2,7 +2,7 @@
 from typing import Callable, List, Optional, Type, Union
 
 import attr
-from fastapi import APIRouter, FastAPI
+from fastapi import APIRouter, Body, FastAPI
 from pydantic import BaseModel
 from stac_pydantic import Collection, Item
 from starlette.responses import JSONResponse, Response
@@ -15,6 +15,13 @@
 from stac_fastapi.types.extension import ApiExtension
 
 
+@attr.s
+class PostOrPutItem(CollectionUri):
+    """Create or update Item."""
+
+    item: stac_types.Item = attr.ib(default=Body())
+
+
 @attr.s
 class TransactionExtension(ApiExtension):
     """Transaction Extension.
@@ -77,7 +84,7 @@ def register_create_item(self):
             response_model_exclude_unset=True,
             response_model_exclude_none=True,
             methods=["POST"],
-            endpoint=self._create_endpoint(self.client.create_item, stac_types.Item),
+            endpoint=self._create_endpoint(self.client.create_item, PostOrPutItem),
         )
 
     def register_update_item(self):
@@ -90,7 +97,7 @@ def register_update_item(self):
             response_model_exclude_unset=True,
             response_model_exclude_none=True,
             methods=["PUT"],
-            endpoint=self._create_endpoint(self.client.update_item, stac_types.Item),
+            endpoint=self._create_endpoint(self.client.update_item, PostOrPutItem),
         )
 
     def register_delete_item(self):

stac_fastapi/pgstac/stac_fastapi/pgstac/transactions.py

@@ -4,6 +4,7 @@
 from typing import Optional, Union
 
 import attr
+from fastapi import HTTPException
 from starlette.responses import JSONResponse, Response
 
 from stac_fastapi.extensions.third_party.bulk_transactions import (
@@ -23,18 +24,32 @@ class TransactionsClient(AsyncBaseTransactionsClient):
     """Transactions extension specific CRUD operations."""
 
     async def create_item(
-        self, item: stac_types.Item, **kwargs
+        self, collection_id: str, item: stac_types.Item, **kwargs
     ) -> Optional[Union[stac_types.Item, Response]]:
         """Create item."""
+        item_collection_id = item.get("collection")
+        if item_collection_id is not None and collection_id != item_collection_id:
+            raise HTTPException(
+                status_code=409,
+                detail=f"Collection ID from path parameter ({collection_id}) does not match Collection ID from Item ({item_collection_id})",
+            )
+        item["collection"] = collection_id
         request = kwargs["request"]
         pool = request.app.state.writepool
         await dbfunc(pool, "create_item", item)
         return item
 
     async def update_item(
-        self, item: stac_types.Item, **kwargs
+        self, collection_id: str, item: stac_types.Item, **kwargs
     ) -> Optional[Union[stac_types.Item, Response]]:
         """Update item."""
+        item_collection_id = item.get("collection")
+        if item_collection_id is not None and collection_id != item_collection_id:
+            raise HTTPException(
+                status_code=409,
+                detail=f"Collection ID from path parameter ({collection_id}) does not match Collection ID from Item ({item_collection_id})",
+            )
+        item["collection"] = collection_id
         request = kwargs["request"]
         pool = request.app.state.writepool
         await dbfunc(pool, "update_item", item)

stac_fastapi/pgstac/tests/resources/test_item.py

@@ -1,6 +1,8 @@
 import json
+import random
 import uuid
 from datetime import timedelta
+from string import ascii_letters
 from typing import Callable
 from urllib.parse import parse_qs, urljoin, urlparse
 
@@ -79,6 +81,24 @@ async def test_create_item(app_client, load_test_data: Callable, load_test_colle
     assert in_item.dict(exclude={"links"}) == get_item.dict(exclude={"links"})
 
 
+async def test_create_item_mismatched_collection_id(
+    app_client, load_test_data: Callable, load_test_collection
+):
+    # If the collection_id path parameter and the Item's "collection" property do not match, a 409 response should
+    # be returned.
+    coll = load_test_collection
+
+    in_json = load_test_data("test_item.json")
+    in_json["collection"] = random.choice(ascii_letters)
+    assert in_json["collection"] != coll.id
+
+    resp = await app_client.post(
+        f"/collections/{coll.id}/items",
+        json=in_json,
+    )
+    assert resp.status_code == 409
+
+
 async def test_fetches_valid_item(
     app_client, load_test_data: Callable, load_test_collection
 ):
@@ -126,6 +146,23 @@ async def test_update_item(
     assert get_item.properties.description == "Update Test"
 
 
+async def test_update_item_mismatched_collection_id(
+    app_client, load_test_data: Callable, load_test_collection, load_test_item
+) -> None:
+    coll = load_test_collection
+
+    in_json = load_test_data("test_item.json")
+
+    in_json["collection"] = random.choice(ascii_letters)
+    assert in_json["collection"] != coll.id
+
+    resp = await app_client.put(
+        f"/collections/{coll.id}/items",
+        json=in_json,
+    )
+    assert resp.status_code == 409
+
+
 async def test_delete_item(
     app_client, load_test_data: Callable, load_test_collection, load_test_item
 ):
@@ -201,7 +238,10 @@ async def test_create_item_missing_collection(
     item["collection"] = None
 
     resp = await app_client.post(f"/collections/{coll.id}/items", json=item)
-    assert resp.status_code == 424
+    assert resp.status_code == 200
+
+    post_item = resp.json()
+    assert post_item["collection"] == coll.id
 
 
 async def test_update_new_item(
@@ -223,7 +263,10 @@ async def test_update_item_missing_collection(
     item.collection = None
 
     resp = await app_client.put(f"/collections/{coll.id}/items", content=item.json())
-    assert resp.status_code == 424
+    assert resp.status_code == 200
+
+    put_item = resp.json()
+    assert put_item["collection"] == coll.id
 
 
 async def test_pagination(app_client, load_test_data, load_test_collection):

stac_fastapi/types/stac_fastapi/types/stac.py

@@ -1,5 +1,14 @@
 """STAC types."""
-from typing import Any, Dict, List, Optional, TypedDict, Union
+import sys
+from typing import Any, Dict, List, Optional, Union
+
+# Avoids a Pydantic error:
+# TypeError: You should use `typing_extensions.TypedDict` instead of `typing.TypedDict` with Python < 3.9.2.
+# Without it, there is no way to differentiate required and optional fields when subclassed.
+if sys.version_info < (3, 9, 2):
+    from typing_extensions import TypedDict
+else:
+    from typing import TypedDict
 
 NumType = Union[float, int]