update rules

2025-07-05 21:13:06 -03:00
parent afc4057480
commit ea6fb1cbb0
3 changed files with 36 additions and 19 deletions
--- a/README.md
+++ b/README.md
@@ -27,11 +27,11 @@ Quando o responsável é uma pessoa física (CPF).
 # Matrículas

 ```json
-{"id": "9omWNKymwU5U4aeun6mWzZ", "sk": "0", "course": {"id": "10", "name": "pytest", "access_period": 360}, "tenant": "100"}
+{"id": "9omWNKymwU5U4aeun6mWzZ", "sk": "0", "course": {"id": "10", "name": "pytest"}, "tenant": "100"}
+{"id": "9omWNKymwU5U4aeun6mWzZ", "sk": "metadata#course", "access_period": 360, "cert": {"exp_interval": 365}}
 {"id": "9omWNKymwU5U4aeun6mWzZ", "sk": "tenant", "org_id": "100", "name": "EDUSEG"}
 {"id": "9omWNKymwU5U4aeun6mWzZ", "sk": "author", "user_id": "202", "name": "Tiago Maciel"}
 {"id": "9omWNKymwU5U4aeun6mWzZ", "sk": "konviva", "user_id": 122, "class_id": 123, "enrollment_id": 1239}
-{"id": "9omWNKymwU5U4aeun6mWzZ", "sk": "metadata#cert", "exp_interval": 365}
 {"id": "9omWNKymwU5U4aeun6mWzZ", "sk": "started", "started_at": "2025-04-06T11:07:32.762178-03:00"}
 {"id": "9omWNKymwU5U4aeun6mWzZ", "sk": "completed", "completed_at": "2025-04-06T11:07:32.762178-03:00"}
 {"id": "9omWNKymwU5U4aeun6mWzZ", "sk": "failed", "failed_at": "2025-04-06T11:07:32.762178-03:00"}
@@ -94,7 +94,7 @@ Se houver `metadata#parent_slot`, deve ser devolvido.
 ```json
 {"id": "9omWNKymwU5U4aeun6mWzZ", "sk": "0"}
 {"id": "9omWNKymwU5U4aeun6mWzZ", "sk": "cancel_policy"}
-{"id": "9omWNKymwU5U4aeun6mWzZ", "sk": "metadata#parent_slot", "slot": {"id": "slots#org#123", "sk": "1221#f7120daf-96d2-4639-b8f4-d736fd99e4ee"}}
+{"id": "9omWNKymwU5U4aeun6mWzZ", "sk": "metadata#parent_slot", "slot": {"id": "slots#org#123", "sk": "order#1221#f7120daf-96d2-4639-b8f4-d736fd99e4ee"}}
 ```

 # Cursos
--- a/http-api/app/models.py
+++ b/http-api/app/models.py
@@ -52,4 +52,11 @@ class Enrollment(BaseModel):
        *args,
        **kwargs,
    ) -> dict[str, Any]:
-        return super().model_dump(exclude={'user': {'email_verified'}}, *args, **kwargs)
+        return super().model_dump(
+            exclude={
+                'user': {'email_verified'},
+                'course': {'cert', 'access_period'},
+            },
+            *args,
+            **kwargs,
+        )
--- a/http-api/app/rules/user.py
+++ b/http-api/app/rules/user.py
@@ -46,20 +46,26 @@ def update_user(
            },
            cond_expr='attribute_exists(sk)',
        )
+
+        class RateLimitError(BadRequestError):
+            def __init__(self, msg: str):
+                super().__init__('Update limit reached')
+
        # Prevent the user from updating more than once every 24 hours
        transact.put(
            item={
                'id': user.id,
-                'sk': 'last_profile_edit',
+                'sk': 'rate_limit#user_update',
                'create_date': now_,
                'ttl': ttl(start_dt=now_ + timedelta(hours=24)),
            },
+            exc_cls=RateLimitError,
            cond_expr='attribute_not_exists(sk)',
        )

        class CPFConflictError(BadRequestError):
            def __init__(self, msg: str):
-                super().__init__('Cpf already exists')
+                super().__init__('CPF already exists')

        if user.cpf != old_cpf:
            transact.put(
@@ -90,6 +96,7 @@ def add_email(
    now_ = now()

    with persistence_layer.transact_writer() as transact:
+        # Ensure email is searchable
        transact.update(
            key=KeyPair(id, '0'),
            update_expr='ADD emails :email',
@@ -100,7 +107,7 @@ def add_email(
        transact.put(
            item={
                'id': id,
-                'sk': f'emails#{email}',
+                'sk': ComposeKey(email, prefix='emails'),
                'email_primary': False,
                'email_verified': False,
                'create_date': now_,
@@ -112,6 +119,7 @@ def add_email(
            def __init__(self, msg: str):
                super().__init__('Email already exists')

+        # Prevent duplicate emails
        transact.put(
            item={
                'id': 'email',
@@ -138,8 +146,10 @@ def del_email(
        transact.delete(key=KeyPair('email', email))
        transact.delete(
            key=KeyPair(id, ComposeKey(email, prefix='emails')),
-            cond_expr='email_primary <> :primary',
-            expr_attr_values={':primary': True},
+            cond_expr='email_primary <> :email_primary',
+            expr_attr_values={
+                ':email_primary': True,
+            },
            exc_cls=BadRequestError,
        )
        transact.update(
@@ -162,16 +172,16 @@ def set_email_as_primary(
    persistence_layer: DynamoDBPersistenceLayer,
 ):
    now_ = now()
-    expr = 'SET email_primary = :email_primary, update_date = :update_date'
+    expr = 'SET email_primary = :email_primary, updated_at = :updated_at'

    with persistence_layer.transact_writer() as transact:
        # Set the old email as non-primary
        transact.update(
-            key=KeyPair(id, ComposeKey(old_email, 'emails')),
+            key=KeyPair(id, ComposeKey(old_email, prefix='emails')),
            update_expr=expr,
            expr_attr_values={
                ':email_primary': False,
-                ':update_date': now_,
+                ':updated_at': now_,
            },
        )
        # Set the new email as primary
@@ -180,17 +190,17 @@ def set_email_as_primary(
            update_expr=expr,
            expr_attr_values={
                ':email_primary': True,
-                ':update_date': now_,
+                ':updated_at': now_,
            },
        )
        transact.update(
            key=KeyPair(id, '0'),
            update_expr='SET email = :email, email_verified = :email_verified, \
-                             update_date = :update_date',
+                             updated_at = :updated_at',
            expr_attr_values={
                ':email': new_email,
                ':email_verified': email_verified,
-                ':update_date': now_,
+                ':updated_at': now_,
            },
        )

@@ -205,8 +215,8 @@ def del_org_member(
 ) -> bool:
    with persistence_layer.transact_writer() as transact:
        # Remove the user's relationship with the organization and their privileges
-        transact.delete(key=KeyPair(id, f'acls#{org_id}'))
-        transact.delete(key=KeyPair(id, f'orgs#{org_id}'))
+        transact.delete(key=KeyPair(id, ComposeKey(org_id, prefix='acls')))
+        transact.delete(key=KeyPair(id, ComposeKey(org_id, prefix='orgs')))
        transact.update(
            key=KeyPair(id, '0'),
            update_expr='DELETE #tenant :org_id',
@@ -215,7 +225,7 @@ def del_org_member(
        )

        # Remove the user from the organization's admins and members list
-        transact.delete(key=KeyPair(org_id, f'admins#{id}'))
-        transact.delete(key=KeyPair(f'orgmembers#{org_id}', id))
+        transact.delete(key=KeyPair(org_id, ComposeKey(id, prefix='admins')))
+        transact.delete(key=KeyPair(ComposeKey(org_id, prefix='orgmembers'), id))

    return True