Implement GUI roles

Author: uittenbroekrobbert

.github/pull_request_template.md

@@ -12,8 +12,8 @@ Resolves #
 
 Please check all the boxes that apply to this pull request using "x":
 
--   [ ] I have tested the changes locally and verified that they work as expected.
--   [ ] I have followed the project's coding conventions and style guidelines.
--   [ ] I have rebased my branch onto the latest commit of the main branch.
--   [ ] I have squashed or reorganized my commits into logical units.
--   [ ] I have read, understood and agree to the [Developer Certificate of Origin](../blob/main/DCO.md), which this project utilizes.
+- [ ] I have tested the changes locally and verified that they work as expected.
+- [ ] I have followed the project's coding conventions and style guidelines.
+- [ ] I have rebased my branch onto the latest commit of the main branch.
+- [ ] I have squashed or reorganized my commits into logical units.
+- [ ] I have read, understood and agree to the [Developer Certificate of Origin](../blob/main/DCO.md), which this project utilizes.

BUILD.md

@@ -121,10 +121,10 @@ pip install --upgrade setuptools
 
 For testing, linting and other feature we use several tools. You can look up the documentation on how to use these:
 
--   [pytest](https://docs.pytest.org/en/) `poetry run pytest`
--   [ruff](https://docs.astral.sh/ruff/) `poetry run ruff format` or `poetry run ruff check --fix`
--   [coverage](https://coverage.readthedocs.io/en/) `poetry run coverage report`
--   [pyright](https://microsoft.github.io/pyright/#/) `poetry run pyright`
+- [pytest](https://docs.pytest.org/en/) `poetry run pytest`
+- [ruff](https://docs.astral.sh/ruff/) `poetry run ruff format` or `poetry run ruff check --fix`
+- [coverage](https://coverage.readthedocs.io/en/) `poetry run coverage report`
+- [pyright](https://microsoft.github.io/pyright/#/) `poetry run pyright`
 
 ## Devcontainers
 
@@ -145,3 +145,11 @@ Use pre-commit to update all hooks
 ```shell
 pre-commit autoupdate
 ```
+
+## Local Testing with Docker
+
+```shell
+docker compose -f compose.yml -f compose.test.yml build
+docker compose down -v --remove-orphans --volumes
+docker compose -f compose.yml -f compose.test.yml up -d
+```

CODE_OF_CONDUCT.md

@@ -14,24 +14,24 @@ appearance, race, religion, or sexual identity and orientation.
 Examples of behavior that contributes to a positive environment for our
 community include:
 
--   Demonstrating empathy and kindness toward other people
--   Being respectful of differing opinions, viewpoints, and experiences
--   Giving and gracefully accepting constructive feedback
--   Accepting responsibility and apologizing to those affected by our mistakes,
-    and learning from the experience
--   Focusing on what is best not just for us as individuals, but for the
-    overall community
+- Demonstrating empathy and kindness toward other people
+- Being respectful of differing opinions, viewpoints, and experiences
+- Giving and gracefully accepting constructive feedback
+- Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+- Focusing on what is best not just for us as individuals, but for the
+  overall community
 
 Examples of unacceptable behavior include:
 
--   The use of sexualized language or imagery, and sexual attention or
-    advances
--   Trolling, insulting or derogatory comments, and personal or political attacks
--   Public or private harassment
--   Publishing others' private information, such as a physical or email
-    address, without their explicit permission
--   Other conduct which could reasonably be considered inappropriate in a
-    professional setting
+- The use of sexualized language or imagery, and sexual attention or
+  advances
+- Trolling, insulting or derogatory comments, and personal or political attacks
+- Public or private harassment
+- Publishing others' private information, such as a physical or email
+  address, without their explicit permission
+- Other conduct which could reasonably be considered inappropriate in a
+  professional setting
 
 ## Our Responsibilities
 

CONTRIBUTING.md

@@ -9,11 +9,11 @@ community looks forward to your contributions. 🎉
 
 ## Table of Contents
 
--   [Code of Conduct](#code-of-conduct)
--   [I Have a Question](#i-have-a-question)
--   [I Want To Contribute](#i-want-to-contribute)
--   [Reporting Bugs](#reporting-bugs)
--   [Suggesting Enhancements](#suggesting-enhancements)
+- [Code of Conduct](#code-of-conduct)
+- [I Have a Question](#i-have-a-question)
+- [I Want To Contribute](#i-want-to-contribute)
+- [Reporting Bugs](#reporting-bugs)
+- [Suggesting Enhancements](#suggesting-enhancements)
 
 ## Code of Conduct
 
@@ -29,8 +29,8 @@ in this issue.
 
 If you then still feel the need to ask a question and need clarification, we recommend the following:
 
--   Open an [Issue](../../issues/new).
--   Provide as much context as you can about what you're running into.
+- Open an [Issue](../../issues/new).
+- Provide as much context as you can about what you're running into.
 
 We will then take care of the issue as soon as possible.
 
@@ -49,11 +49,11 @@ A good bug report shouldn't leave others needing to chase you up for more inform
 investigate carefully, collect information and describe the issue in detail in your report. Please complete the
 following steps in advance to help us fix any potential bug as fast as possible.
 
--   Make sure that you are using the latest version.
--   To see if other users have experienced (and potentially already solved) the same issue you are having, check if there
-    is not already a bug report existing for your bug or error in the [bug tracker](../..//issues?q=label%3Abug).
--   Collect information about the bug
--   Possibly your input and the output
+- Make sure that you are using the latest version.
+- To see if other users have experienced (and potentially already solved) the same issue you are having, check if there
+  is not already a bug report existing for your bug or error in the [bug tracker](../..//issues?q=label%3Abug).
+- Collect information about the bug
+- Possibly your input and the output
 
 #### How Do I Submit a Good Bug Report?
 
@@ -62,21 +62,21 @@ following steps in advance to help us fix any potential bug as fast as possible.
 
 We use GitHub issues to track bugs and errors. If you run into an issue with the project:
 
--   Open an [Issue](../../issues/new). (Since we can't be sure at this point whether it
-    is a bug or not, we ask you not to talk about a bug yet and not to label the issue.)
--   Explain the behavior you would expect and the actual behavior.
--   Please provide as much context as possible and describe the _reproduction steps_ that someone else can follow to
-    recreate the issue on their own. This usually includes your code.
--   Provide the information you collected in the previous section.
+- Open an [Issue](../../issues/new). (Since we can't be sure at this point whether it
+  is a bug or not, we ask you not to talk about a bug yet and not to label the issue.)
+- Explain the behavior you would expect and the actual behavior.
+- Please provide as much context as possible and describe the _reproduction steps_ that someone else can follow to
+  recreate the issue on their own. This usually includes your code.
+- Provide the information you collected in the previous section.
 
 Once it's filed:
 
--   The project team will label the issue accordingly.
--   A team member will try to reproduce the issue with your provided steps. If there are no reproduction steps or no
-    obvious way to reproduce the issue, the team will ask you for those steps and mark the issue as `needs-repro`. Bugs with
-    the `needs-repro` tag will not be addressed until they are reproduced.
--   If the team is able to reproduce the issue, it will be marked `needs-fix`, as well as possibly other tags (such as
-    `critical`), and the issue will be left to be implemented by someone.
+- The project team will label the issue accordingly.
+- A team member will try to reproduce the issue with your provided steps. If there are no reproduction steps or no
+  obvious way to reproduce the issue, the team will ask you for those steps and mark the issue as `needs-repro`. Bugs with
+  the `needs-repro` tag will not be addressed until they are reproduced.
+- If the team is able to reproduce the issue, it will be marked `needs-fix`, as well as possibly other tags (such as
+  `critical`), and the issue will be left to be implemented by someone.
 
 ### Suggesting Enhancements
 
@@ -86,22 +86,22 @@ community to understand your suggestion and find related suggestions.
 
 #### Before Submitting an Enhancement
 
--   Make sure that you are using the latest version.
--   Perform a [search](../../issues) to see if the enhancement has already been
-    suggested. If it has, add a comment to the existing issue instead of opening a new one.
--   Find out whether your idea fits with the scope and aims of the project. It's up to you to make a strong case to
-    convince the project's developers of the merits of this feature. Keep in mind that we want features that will be useful
-    to the majority of our users and not just a small subset.
+- Make sure that you are using the latest version.
+- Perform a [search](../../issues) to see if the enhancement has already been
+  suggested. If it has, add a comment to the existing issue instead of opening a new one.
+- Find out whether your idea fits with the scope and aims of the project. It's up to you to make a strong case to
+  convince the project's developers of the merits of this feature. Keep in mind that we want features that will be useful
+  to the majority of our users and not just a small subset.
 
 #### How Do I Submit a Good Enhancement Suggestion?
 
 Enhancement suggestions are tracked as [GitHub issues](../../issues).
 
--   Use a **clear and descriptive title** for the issue to identify the suggestion.
--   **Describe the current behavior** and **explain which behavior you expected to see instead** and why. At this point
-    you can also tell which alternatives do not work for you.
--   You may want to **include screenshots and animated GIFs** which help you demonstrate the steps or point out the part
-    which the suggestion is related to. You can use [this tool](https://www.cockos.com/licecap/) to record GIFs on MacOS and
-    Windows, and [this tool](https://github.com/colinkeenan/silentcast) or [this tool](https://github.com/GNOME/byzanz) on Linux.
--   **Explain why this enhancement would be useful** for the community. You may also want to point out the
-    other projects that solved it better and which could serve as inspiration.
+- Use a **clear and descriptive title** for the issue to identify the suggestion.
+- **Describe the current behavior** and **explain which behavior you expected to see instead** and why. At this point
+  you can also tell which alternatives do not work for you.
+- You may want to **include screenshots and animated GIFs** which help you demonstrate the steps or point out the part
+  which the suggestion is related to. You can use [this tool](https://www.cockos.com/licecap/) to record GIFs on MacOS and
+  Windows, and [this tool](https://github.com/colinkeenan/silentcast) or [this tool](https://github.com/GNOME/byzanz) on Linux.
+- **Explain why this enhancement would be useful** for the community. You may also want to point out the
+  other projects that solved it better and which could serve as inspiration.

SECURITY.md

@@ -14,5 +14,5 @@ CVSS (Common Vulnerability Scoring System) v4.0 Rating:
 
 Please report (suspected) security vulnerabilities to NCSC:
 
--   Nederlands: **[NCSC Kwetsbaarheid melden](https://www.ncsc.nl/contact/kwetsbaarheid-melden)**
--   English: **[NCSC report vulnerability](https://english.ncsc.nl/contact/reporting-a-vulnerability-cvd)**
+- Nederlands: **[NCSC Kwetsbaarheid melden](https://www.ncsc.nl/contact/kwetsbaarheid-melden)**
+- English: **[NCSC report vulnerability](https://english.ncsc.nl/contact/reporting-a-vulnerability-cvd)**

USAGE.md

@@ -9,8 +9,8 @@ on [github](https://github.com/MinBZK/amt/pkgs/container/amt).
 
 You can deploy AMT to kubernetes or run the container locally using docker compose.
 
--   Example [kubernetes](https://github.com/MinBZK/ai-validation-infra/tree/main/apps/amt)
--   Example [docker compose](./compose.yml)
+- Example [kubernetes](https://github.com/MinBZK/ai-validation-infra/tree/main/apps/amt)
+- Example [docker compose](./compose.yml)
 
 To run amt locally create a compose.yml file and
 install [docker desktop](https://www.docker.com/products/docker-desktop/). Once you have install docker you can run the
@@ -66,11 +66,11 @@ volumes:
 
 it is possible to run AMT with the following databases:
 
--   SQLite (tested)
--   Postgresql (tested)
--   MySQL
--   MariaDB
--   Oracle
+- SQLite (tested)
+- Postgresql (tested)
+- MySQL
+- MariaDB
+- Oracle
 
 We recommend using postgresql for production grade deployments because that one is tested in our CI/CD. By default AMT
 will use SQLite which will create a local database within the AMT container.

amt/api/decorators.py

@@ -1,3 +1,4 @@
+from collections import ChainMap
 from collections.abc import Callable
 from functools import wraps
 from typing import Any
@@ -6,18 +7,36 @@
 
 from amt.api.utils import SafeDict
 from amt.core.exceptions import AMTPermissionDenied
+from amt.services.organizations import OrganizationsService
+from amt.services.services_provider import ServicesProvider
 
 
-def permission(permissions: dict[str, list[str]]) -> Callable[[Callable[..., Any]], Callable[..., Any]]:
-    def decorator(func: Callable[..., Any]) -> Callable[..., Any]:
+def permission(permissions: dict[str, list[str]]) -> Callable[[Callable[..., Any]], Callable[..., Any]]:  # noqa C901
+    def decorator(func: Callable[..., Any]) -> Callable[..., Any]:  # noqa C901
         @wraps(func)
-        async def wrapper(*args: Any, **kwargs: Any) -> Any:  # noqa: ANN401
+        async def wrapper(*args: Any, **kwargs: Any) -> Any:  # noqa: ANN401 C901
             request = kwargs.get("request")
             if not isinstance(request, Request):  # todo:  change exception to custom exception
                 raise HTTPException(status_code=400, detail="Request object is missing")
 
+            organization_slug_resolved = False
+            extra_arguments: dict[str, Any] = {}
             for permission, verbs in permissions.items():
-                permission = permission.format_map(SafeDict(kwargs))
+                # convert organization_slug to id if required
+                if "organization_slug" in kwargs and "organization_slug" in permission:
+                    if "organization_id" in kwargs:
+                        permission = permission.replace("organization_slug", "organization_id")
+                    else:
+                        if not organization_slug_resolved:
+                            service_provider = ServicesProvider()
+                            async with service_provider.session_scope():
+                                organization_service = await service_provider.get(OrganizationsService)
+                                organization = await organization_service.find_by_slug(kwargs["organization_slug"])
+                                extra_arguments["organization_id"] = organization.id
+                                organization_slug_resolved = True
+                        permission = permission.replace("organization_slug", "organization_id")
+
+                permission = permission.format_map(SafeDict(ChainMap(kwargs, extra_arguments)))
                 request_permissions: dict[str, list[str]] = (
                     request.state.permissions if hasattr(request.state, "permissions") else {}
                 )

amt/api/deps.py

@@ -1,10 +1,13 @@
 import logging
+import re
+import uuid
 from enum import Enum
 from typing import TypeVar
 
 from jinja2 import StrictUndefined, Undefined
 from starlette.requests import Request
 
+from amt.api.editable_resolve_util import resolve_editable_from_path
 from amt.api.editable_util import (
     is_editable_resource,
     is_parent_editable,
@@ -35,7 +38,7 @@
     time_ago,
 )
 from amt.schema.shared import IterMixin
-from amt.schema.webform import WebFormFieldType
+from amt.schema.webform_classes import WebFormFieldType, WebFormOption
 
 T = TypeVar("T", bound=Enum | LocalizableEnum)
 
@@ -84,6 +87,8 @@ def instance(obj: object, type_str: str) -> bool:
             return isinstance(obj, IterMixin)
         case "dict":
             return isinstance(obj, dict)
+        case "WebFormOption":
+            return isinstance(obj, WebFormOption)
         case _:
             raise TypeError("Unsupported type: " + type_str)
 
@@ -112,6 +117,24 @@ def equal_or_includes(my_value: str, check_against_value: str | list[str] | tupl
     return False
 
 
+def get_random_number() -> str:
+    return "".join(char for char in str(uuid.uuid4()) if char.isdigit())
+
+
+def sanitize_html_id(input_string: str) -> str:
+    pattern = r"[^a-zA-Z0-9\-_.:]"
+
+    sanitized_id = re.sub(pattern, "-", input_string)
+
+    if sanitized_id and sanitized_id[0].isdigit():
+        sanitized_id = f"id-{sanitized_id}"
+
+    if not sanitized_id:
+        sanitized_id = "empty-id"
+
+    return sanitized_id
+
+
 templates = LocaleJinja2Templates(
     directory="amt/site/templates/", context_processors=[custom_context_processor], undefined=get_undefined_behaviour()
 )
@@ -138,6 +161,9 @@ def equal_or_includes(my_value: str, check_against_value: str | list[str] | tupl
         "is_parent_editable": is_parent_editable,
         "resolve_resource_list_path": resolve_resource_list_path,
         "get_localized_value": get_localized_value,
+        "get_random_number": get_random_number,
+        "sanitize_html_id": sanitize_html_id,
+        "resolve_editable_from_path": resolve_editable_from_path,
     }
 )
 # env tests allows for usage in templates like: if value is test_name(other_value)