Merge pull request #20 from Carifio24/image-permissions

Image permissions
2023-05-23 21:38:51 -04:00 · 2023-05-23 21:38:51 -04:00 · 562f839fe5
--- a/setup.py
+++ b/setup.py
@ -64,6 +64,8 @@ setup_args = dict(
    include_package_data=True,
    install_requires=[
        "dataclasses-json >=0.5",
+        "html-sanitizer",
+        "license-expression >=21.6",
        "openidc_client >=0.6",
        "requests >=2.10",
        "wwt_data_formats >=0.16",
--- a/wwt_api_client/constellations/data.py
+++ b/wwt_api_client/constellations/data.py
@ -10,6 +10,9 @@ from typing import List, Optional
 from dataclasses import dataclass, field
 from dataclasses_json import config, dataclass_json

+from html_sanitizer.sanitizer import Sanitizer, DEFAULT_SETTINGS
+from license_expression import get_spdx_licensing, ExpressionError
+
 __all__ = """
 HandleImageStats
 HandleInfo
@ -18,6 +21,7 @@ HandleSceneStats
 HandleStats
 HandleUpdate
 ImageDisplayInfo
+ImagePermissions
 ImageStorage
 ImageSummary
 ImageWwt
@ -34,6 +38,12 @@ SceneUpdate
 """.split()


+CX_LICENSING = get_spdx_licensing()
+CX_SANITIZER_SETTINGS = DEFAULT_SETTINGS.copy()
+CX_SANITIZER_SETTINGS.update(tags={"b", "strong", "i", "em", "a", "br"}, empty={}, separate={})
+CX_SANITIZER = Sanitizer(settings=CX_SANITIZER_SETTINGS)
+
+
 def _strip_nulls_in_place(d: dict):
    """
    Remove None values a dictionary and its sub-dictionaries.
@ -141,6 +151,22 @@ class ImageSummary:
    storage: ImageStorage


+@dataclass_json
+@dataclass
+class ImagePermissions:
+    copyright: str
+    credits: Optional[str]
+    license: str
+
+    def __post_init__(self):
+        license_info = CX_LICENSING.validate(self.license, strict=True)
+        if license_info.errors:
+            msg = "\n".join(license_info.errors)
+            raise ExpressionError(f"Invalid SPDX license:\n{msg}")
+        if self.credits:
+            self.credits = CX_SANITIZER.sanitize(self.credits)
+
+
@dataclass_json
@dataclass
 class ImageDisplayInfo:
--- a/wwt_api_client/tests/test_constellations.py
+++ b/wwt_api_client/tests/test_constellations.py
@ -0,0 +1,39 @@
+from license_expression import ExpressionError
+import pytest
+
+from ..constellations.data import ImagePermissions
+
+
+@pytest.fixture
+def valid_permissions_data():
+    return {
+        "copyright": "Some copyright information",
+        "credits": "<strong>Image Credit:</strong> Someone",
+        "license": "BSD-2-Clause"
+    }
+
+
+def test_valid_image_permissions(valid_permissions_data):
+    permissions = ImagePermissions(**valid_permissions_data)
+
+    assert permissions.copyright == valid_permissions_data["copyright"]
+    assert permissions.credits == valid_permissions_data["credits"]
+    assert permissions.license == valid_permissions_data["license"]
+
+
+def test_invalid_permissions_license(valid_permissions_data):
+    with pytest.raises(ExpressionError):
+        permissions_data = valid_permissions_data.copy()
+        permissions_data["license"] = "NO SUCH LICENSE"
+        ImagePermissions(**permissions_data)
+
+
+def test_sanitize_permissions_html(valid_permissions_data):
+    permissions_data = valid_permissions_data.copy()
+    permissions_data["credits"] = "<script>Some JS here</script><a>Credits Link</a>"
+    permissions = ImagePermissions(**permissions_data)
+
+    assert permissions.copyright == permissions_data["copyright"]
+    assert permissions.license == permissions_data["license"]
+    assert permissions.credits == "<a>Credits Link</a>"
+