9820a77d25
Adds the anonymous read surface (/api/v1/public) — the privacy-critical core. - CurrentUserOrNone dependency: optional auth that never 401s (anonymous OK). - public_view_service: every projection passes through privacy.person_visibility. persons redacted (living → "Living person", hidden dropped); relationships only when both endpoints non-hidden; events only for FULL-visibility persons (partnership events only when both partners full); names only for FULL persons. Not-viewable trees raise 404 (not 403) so the surface can't probe for private trees. Media deferred (higher-sensitivity; own pass later). - public router: read-only directory + tree + persons/relationships/events + person detail/names/events. Directory lists `public` to all and adds `site_members` for authenticated callers; never lists unlisted/private. - PublicTreeRead omits owner_id. Tests (ran locally — CI does not run pytest): an anonymous end-to-end leak test asserting a living person's real name, alias, and birth year appear in NO public response while the deceased person's data does; plus private=404, unlisted viewable-by-link-but-unlisted, site_members requires login, and directory visibility. Full suite: 70 passed. Regenerated openapi.json + TS client. Note: the AUTHED list endpoints still leak per-person for non-members (pre-existing) — fixed next, separately. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Signed-off-by: Justin Paul <justin@jpaul.me>
45 lines
1.1 KiB
Python
45 lines
1.1 KiB
Python
import uuid
|
|
from datetime import datetime
|
|
|
|
from pydantic import BaseModel, ConfigDict
|
|
|
|
from app.models.enums import TreeVisibility
|
|
|
|
|
|
class TreeCreate(BaseModel):
|
|
name: str
|
|
description: str | None = None
|
|
visibility: TreeVisibility = TreeVisibility.private
|
|
|
|
|
|
class TreeUpdate(BaseModel):
|
|
name: str | None = None
|
|
description: str | None = None
|
|
visibility: TreeVisibility | None = None
|
|
home_person_id: uuid.UUID | None = None
|
|
|
|
|
|
class TreeRead(BaseModel):
|
|
model_config = ConfigDict(from_attributes=True)
|
|
|
|
id: uuid.UUID
|
|
name: str
|
|
description: str | None
|
|
visibility: TreeVisibility
|
|
owner_id: uuid.UUID
|
|
home_person_id: uuid.UUID | None = None
|
|
created_at: datetime
|
|
|
|
|
|
class PublicTreeRead(BaseModel):
|
|
"""Tree projection for the public surface — deliberately omits owner_id so a
|
|
public/unlisted tree doesn't reveal which account owns it."""
|
|
|
|
model_config = ConfigDict(from_attributes=True)
|
|
|
|
id: uuid.UUID
|
|
name: str
|
|
description: str | None
|
|
visibility: TreeVisibility
|
|
home_person_id: uuid.UUID | None = None
|