Enable filtering on Project API actions #1449 (#1450)

* Enable filtering on Project API actions #1449

Signed-off-by: tdruez <tdruez@nexb.com>

* Refactor the API action filtering to remove duplication #1449

Signed-off-by: tdruez <tdruez@nexb.com>

* Add documentation #1449

Signed-off-by: tdruez <tdruez@nexb.com>

---------

Signed-off-by: tdruez <tdruez@nexb.com>

Author: tdruez

CHANGELOG.rst

@@ -1,6 +1,15 @@
 Changelog
 =========
 
+v34.9.1 (unreleased)
+--------------------
+
+- Add the ability to filter on Project endpoint API actions.
+  The list of ``resources``, ``packages``, ``dependencies``, ``relations``, and
+  ``messages`` can be filtered providing the ``?field_name=value`` in the URL
+  parameters.
+  https://github.com/aboutcode-org/scancode.io/issues/1449
+
 v34.9.0 (2024-11-14)
 --------------------
 

docs/rest-api.rst

@@ -433,6 +433,9 @@ Lists all ``packages`` of a given ``project``.
         }
     ]
 
+The list supports filtering by most fields using the ``?field_name=value`` query
+parameter syntax.
+
 Resources
 ^^^^^^^^^
 
@@ -453,6 +456,40 @@ This action lists all ``resources`` of a given ``project``.
         }
     ]
 
+The list supports filtering by most fields using the ``?field_name=value`` query
+parameter syntax.
+
+Dependencies
+^^^^^^^^^^^^
+
+Lists all ``dependencies`` of a given ``project``.
+
+``GET /api/projects/d4ed9405-5568-45ad-99f6-782a9b82d1d2/dependencies/``
+
+.. code-block:: json
+
+    [
+        {
+            "purl": "pkg:pypi/appdirs@1.4.4",
+            "extracted_requirement": "==1.4.4",
+            "scope": "test",
+            "is_runtime": true,
+            "is_optional": true,
+            "is_pinned": true,
+            "is_direct": true,
+            "dependency_uid": "pkg:pypi/appdirs@1.4.4?uuid=0033a678-2003-420d-8c83-c4071e646f4e",
+            "for_package_uid": "pkg:pypi/platformdirs@4.2.1?uuid=6d90ce5b-a3f8-4110-a4bd-2da5a8930d29",
+            "resolved_to_package_uid": null,
+            "datafile_path": "platformdirs-4.2.1.dist-info/METADATA",
+            "datasource_id": "pypi_wheel_metadata",
+            "package_type": "pypi",
+            "[...]": "[...]"
+        },
+    ]
+
+The list supports filtering by most fields using the ``?field_name=value`` query
+parameter syntax.
+
 Results
 ^^^^^^^
 

scanpipe/api/views.py

@@ -44,6 +44,11 @@
 from scanpipe.api.serializers import ProjectMessageSerializer
 from scanpipe.api.serializers import ProjectSerializer
 from scanpipe.api.serializers import RunSerializer
+from scanpipe.filters import DependencyFilterSet
+from scanpipe.filters import PackageFilterSet
+from scanpipe.filters import ProjectMessageFilterSet
+from scanpipe.filters import RelationFilterSet
+from scanpipe.filters import ResourceFilterSet
 from scanpipe.models import Project
 from scanpipe.models import Run
 from scanpipe.models import RunInProgressError
@@ -190,55 +195,63 @@ def pipelines(self, request, *args, **kwargs):
         ]
         return Response(pipeline_data)
 
-    @action(detail=True)
-    def resources(self, request, *args, **kwargs):
-        project = self.get_object()
-        queryset = project.codebaseresources.prefetch_related("discovered_packages")
+    def get_filtered_response(
+        self, request, queryset, filterset_class, serializer_class
+    ):
+        """
+        Handle filtering, pagination, and serialization of a "detail" action.
+        This requires to set filterset_class=None in the @action decorator parameter
+        to bypass the Project filterset.
+        """
+        filterset = filterset_class(data=request.GET, queryset=queryset)
+        if not filterset.is_valid():
+            message = {"errors": filterset.errors}
+            return Response(message, status=status.HTTP_400_BAD_REQUEST)
 
+        queryset = filterset.qs
         paginated_qs = self.paginate_queryset(queryset)
-        serializer = CodebaseResourceSerializer(paginated_qs, many=True)
-
+        serializer = serializer_class(paginated_qs, many=True)
         return self.get_paginated_response(serializer.data)
 
-    @action(detail=True)
+    @action(detail=True, filterset_class=None)
+    def resources(self, request, *args, **kwargs):
+        project = self.get_object()
+        queryset = project.codebaseresources.prefetch_related("discovered_packages")
+        return self.get_filtered_response(
+            request, queryset, ResourceFilterSet, CodebaseResourceSerializer
+        )
+
+    @action(detail=True, filterset_class=None)
     def packages(self, request, *args, **kwargs):
         project = self.get_object()
         queryset = project.discoveredpackages.all()
+        return self.get_filtered_response(
+            request, queryset, PackageFilterSet, DiscoveredPackageSerializer
+        )
 
-        paginated_qs = self.paginate_queryset(queryset)
-        serializer = DiscoveredPackageSerializer(paginated_qs, many=True)
-
-        return self.get_paginated_response(serializer.data)
-
-    @action(detail=True)
+    @action(detail=True, filterset_class=None)
     def dependencies(self, request, *args, **kwargs):
         project = self.get_object()
         queryset = project.discovereddependencies.all()
+        return self.get_filtered_response(
+            request, queryset, DependencyFilterSet, DiscoveredDependencySerializer
+        )
 
-        paginated_qs = self.paginate_queryset(queryset)
-        serializer = DiscoveredDependencySerializer(paginated_qs, many=True)
-
-        return self.get_paginated_response(serializer.data)
-
-    @action(detail=True)
+    @action(detail=True, filterset_class=None)
     def relations(self, request, *args, **kwargs):
         project = self.get_object()
         queryset = project.codebaserelations.all()
+        return self.get_filtered_response(
+            request, queryset, RelationFilterSet, CodebaseRelationSerializer
+        )
 
-        paginated_qs = self.paginate_queryset(queryset)
-        serializer = CodebaseRelationSerializer(paginated_qs, many=True)
-
-        return self.get_paginated_response(serializer.data)
-
-    @action(detail=True)
+    @action(detail=True, filterset_class=None)
     def messages(self, request, *args, **kwargs):
         project = self.get_object()
         queryset = project.projectmessages.all()
-
-        paginated_qs = self.paginate_queryset(queryset)
-        serializer = ProjectMessageSerializer(paginated_qs, many=True)
-
-        return self.get_paginated_response(serializer.data)
+        return self.get_filtered_response(
+            request, queryset, ProjectMessageFilterSet, ProjectMessageSerializer
+        )
 
     @action(detail=True, methods=["get"])
     def file_content(self, request, *args, **kwargs):

scanpipe/filters.py

@@ -880,7 +880,7 @@ class Meta:
         ]
 
     def __init__(self, *args, **kwargs):
-        project = kwargs.pop("project")
+        project = kwargs.pop("project", None)
         super().__init__(*args, **kwargs)
         if project:
             qs = CodebaseResource.objects.filter(project=project)

scanpipe/tests/test_api.py

@@ -685,6 +685,37 @@ def test_scanpipe_api_project_action_resources(self):
         response = self.csrf_client.get(url)
         self.assertEqual("error", response.data["results"][0]["compliance_alert"])
 
+    def test_scanpipe_api_project_action_resources_filterset(self):
+        make_resource_file(
+            self.project1,
+            path="path/",
+        )
+        url = reverse("project-resources", args=[self.project1.uuid])
+        response = self.csrf_client.get(url)
+        self.assertEqual(2, response.data["count"])
+
+        response = self.csrf_client.get(url + "?path=path/")
+        self.assertEqual(1, response.data["count"])
+        package = response.data["results"][0]
+        self.assertEqual("path/", package["path"])
+
+        response = self.csrf_client.get(url + "?path=unknown")
+        self.assertEqual(0, response.data["count"])
+
+        response = self.csrf_client.get(url + "?compliance_alert=a")
+        self.assertEqual(400, response.status_code)
+        expected = {
+            "compliance_alert": [
+                "Select a valid choice. a is not one of the available choices."
+            ]
+        }
+        self.assertEqual(expected, response.data["errors"])
+
+        # Using a field name available on the Project model to make sure the
+        # ProjectFilterSet is bypassed.
+        response = self.csrf_client.get(url + "?slug=aaa")
+        self.assertEqual(2, response.data["count"])
+
     def test_scanpipe_api_project_action_packages(self):
         url = reverse("project-packages", args=[self.project1.uuid])
         response = self.csrf_client.get(url)
@@ -697,6 +728,24 @@ def test_scanpipe_api_project_action_packages(self):
         self.assertEqual("pkg:deb/debian/adduser@3.118?arch=all", package["purl"])
         self.assertEqual("adduser", package["name"])
 
+    def test_scanpipe_api_project_action_packages_filterset(self):
+        make_package(self.project1, package_url="pkg:generic/name@1.0")
+        url = reverse("project-packages", args=[self.project1.uuid])
+        response = self.csrf_client.get(url)
+        self.assertEqual(2, response.data["count"])
+
+        response = self.csrf_client.get(url + "?version=1.0")
+        self.assertEqual(1, response.data["count"])
+        package = response.data["results"][0]
+        self.assertEqual("pkg:generic/name@1.0", package["purl"])
+
+        response = self.csrf_client.get(url + "?version=2.0")
+        self.assertEqual(0, response.data["count"])
+
+        response = self.csrf_client.get(url + "?size=a")
+        self.assertEqual(400, response.status_code)
+        self.assertEqual({"size": ["Enter a number."]}, response.data["errors"])
+
     def test_scanpipe_api_project_action_dependencies(self):
         url = reverse("project-dependencies", args=[self.project1.uuid])
         response = self.csrf_client.get(url)
@@ -731,6 +780,15 @@ def test_scanpipe_api_project_action_relations(self):
         }
         self.assertEqual(expected, relation)
 
+    def test_scanpipe_api_project_action_relations_filterset(self):
+        url = reverse("project-relations", args=[self.project1.uuid])
+        response = self.csrf_client.get(url + "?map_type=about_file")
+        self.assertEqual(0, response.data["count"])
+
+        map_type = self.codebase_relation1.map_type
+        response = self.csrf_client.get(url + f"?map_type={map_type}")
+        self.assertEqual(1, response.data["count"])
+
     def test_scanpipe_api_project_action_messages(self):
         url = reverse("project-messages", args=[self.project1.uuid])
         ProjectMessage.objects.create(