Xu ly SSO

ingestion/providers/base_provider.py

@@ -34,3 +34,29 @@ class BaseStorageProvider(ABC):
             bytes: The raw file content.
         """
         pass
+
+    @abstractmethod
+    def get_item_details(self, item_id: str) -> Dict:
+        """
+        Get full item details including webUrl and downloadUrl.
+        
+        Args:
+            item_id (str): The item ID from fetch_changes.
+            
+        Returns:
+            Dict: Full item details with links.
+        """
+        pass
+
+    @abstractmethod
+    def get_item_permissions(self, item_id: str) -> List[str]:
+        """
+        Get permissions for an item. Returns list of user/group emails or IDs.
+        
+        Args:
+            item_id (str): The item ID from fetch_changes.
+            
+        Returns:
+            List[str]: List of user/group identifiers. ["*"] means everyone can access.
+        """
+        pass

ingestion/providers/sharepoint_provider.py

@@ -81,6 +81,62 @@ class SharePointProvider(BaseStorageProvider):
         
         return standardized_items, new_state
 
+    def get_item_details(self, item_id: str) -> Dict:
+        """
+        Get full item details including webUrl and downloadUrl.
+        """
+        try:
+            item = self.graph.get_item_details(self.drive_id, item_id)
+            return {
+                "id": item.get("id"),
+                "name": item.get("name"),
+                "web_url": item.get("webUrl"),
+                "download_url": item.get("@microsoft.graph.downloadUrl"),
+                "size": item.get("size"),
+                "last_modified": item.get("lastModifiedDateTime"),
+            }
+        except Exception as e:
+            logger.error(f"Failed to get item details for {item_id}: {e}")
+            raise e
+
+    def get_item_permissions(self, item_id: str) -> List[str]:
+        """
+        Get permissions for an item. Returns list of user/group emails or IDs.
+        """
+        try:
+            response = self.graph.get_item_permissions(self.drive_id, item_id)
+            permissions = set()
+            
+            for perm in response.get("value", []):
+                # Lấy grantedTo hoặc grantedToIdentities
+                granted = perm.get("grantedTo", {})
+                if not granted:
+                    identities = perm.get("grantedToIdentitiesV2", [])
+                    for identity in identities:
+                        user = identity.get("user", {})
+                        if user.get("email"):
+                            permissions.add(user["email"].lower())
+                        elif user.get("id"):
+                            permissions.add(user["id"])
+                
+                user = granted.get("user", {})
+                if user.get("email"):
+                    permissions.add(user["email"].lower())
+                elif user.get("id"):
+                    permissions.add(user["id"])
+                
+                # Nếu có grantedToV2 (site group)
+                granted_v2 = perm.get("grantedToV2", {})
+                site_group = granted_v2.get("siteGroup", {})
+                if site_group.get("displayName"):
+                    permissions.add(f"group:{site_group['displayName']}")
+            
+            return list(permissions) if permissions else ["*"]
+            
+        except Exception as e:
+            logger.warning(f"Failed to get permissions for {item_id}: {e}. Defaulting to ['*']")
+            return ["*"]
+
     def download_file(self, target_item: Dict) -> bytes:
         """
         Download file content from SharePoint.