fractal-server 2.16.5__py3-none-any.whl → 2.17.0__py3-none-any.whl

fractal_server/app/routes/api/v2/workflowtask.py

@@ -15,7 +15,7 @@ from ._aux_functions import _workflow_insert_task
 from ._aux_functions_tasks import _check_type_filters_compatibility
 from ._aux_functions_tasks import _get_task_read_access
 from fractal_server.app.models import UserOAuth
-from fractal_server.app.routes.auth import current_active_user
+from fractal_server.app.routes.auth import current_user_act_ver_prof
 from fractal_server.app.schemas.v2 import TaskType
 from fractal_server.app.schemas.v2 import WorkflowTaskCreateV2
 from fractal_server.app.schemas.v2 import WorkflowTaskReadV2
@@ -34,7 +34,7 @@ async def create_workflowtask(
     workflow_id: int,
     task_id: int,
     wftask: WorkflowTaskCreateV2,
-    user: UserOAuth = Depends(current_active_user),
+    user: UserOAuth = Depends(current_user_act_ver_prof),
     db: AsyncSession = Depends(get_async_db),
 ) -> WorkflowTaskReadV2 | None:
     """
@@ -103,7 +103,7 @@ async def read_workflowtask(
     project_id: int,
     workflow_id: int,
     workflow_task_id: int,
-    user: UserOAuth = Depends(current_active_user),
+    user: UserOAuth = Depends(current_user_act_ver_prof),
     db: AsyncSession = Depends(get_async_db),
 ):
     workflow_task, _ = await _get_workflow_task_check_owner(
@@ -125,7 +125,7 @@ async def update_workflowtask(
     workflow_id: int,
     workflow_task_id: int,
     workflow_task_update: WorkflowTaskUpdateV2,
-    user: UserOAuth = Depends(current_active_user),
+    user: UserOAuth = Depends(current_user_act_ver_prof),
     db: AsyncSession = Depends(get_async_db),
 ) -> WorkflowTaskReadV2 | None:
     """
@@ -210,7 +210,7 @@ async def delete_workflowtask(
     project_id: int,
     workflow_id: int,
     workflow_task_id: int,
-    user: UserOAuth = Depends(current_active_user),
+    user: UserOAuth = Depends(current_user_act_ver_prof),
     db: AsyncSession = Depends(get_async_db),
 ) -> Response:
     """

fractal_server/app/routes/auth/__init__.py

@@ -1,3 +1,6 @@
+from fastapi import Depends
+from fastapi import HTTPException
+from fastapi import status
 from fastapi_users import FastAPIUsers
 from fastapi_users.authentication import AuthenticationBackend
 from fastapi_users.authentication import BearerTransport
@@ -46,10 +49,36 @@ fastapi_users = FastAPIUsers[UserOAuth, int](
     get_user_manager,
     [token_backend, cookie_backend],
 )
-current_active_user = fastapi_users.current_user(active=True)
-current_active_verified_user = fastapi_users.current_user(
-    active=True, verified=True
+
+# Current-user dependencies
+current_user_act = fastapi_users.current_user(active=True)
+current_user_act_ver = fastapi_users.current_user(
+    active=True,
+    verified=True,
 )
-current_active_superuser = fastapi_users.current_user(
-    active=True, superuser=True
+
+
+async def current_user_act_ver_prof(
+    user: UserOAuth = Depends(current_user_act_ver),
+) -> UserOAuth:
+    """
+    Require a active&verified user, with a non-null `profile_id`.
+
+    Raises 401 if user does not exist or is not active.
+    Raises 403 if user is not verified or has null `profile_id`.
+    """
+    if user.profile_id is None:
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail=(
+                f"Forbidden access "
+                f"({user.is_verified=} {user.profile_id=})."
+            ),
+        )
+    return user
+
+
+current_superuser_act = fastapi_users.current_user(
+    active=True,
+    superuser=True,
 )

fractal_server/app/routes/auth/_aux_auth.py

@@ -9,8 +9,10 @@ from fractal_server.app.models.security import UserGroup
 from fractal_server.app.models.security import UserOAuth
 from fractal_server.app.schemas.user import UserRead
 from fractal_server.app.schemas.user_group import UserGroupRead
-from fractal_server.app.security import FRACTAL_DEFAULT_GROUP_NAME
+from fractal_server.config import get_settings
 from fractal_server.logger import set_logger
+from fractal_server.syringe import Inject
+
 
 logger = set_logger(__name__)
 
@@ -22,13 +24,16 @@ async def _get_single_user_with_groups(
     """
     Enrich a user object by filling its `group_ids_names` attribute.
 
-    Arguments:
+    Args:
         user: The current `UserOAuth` object
         db: Async db session
 
     Returns:
         A `UserRead` object with `group_ids_names` dict
     """
+
+    settings = Inject(get_settings)
+
     stm_groups = (
         select(UserGroup)
         .join(LinkUserGroup)
@@ -39,25 +44,25 @@ async def _get_single_user_with_groups(
     groups = res.scalars().unique().all()
     group_ids_names = [(group.id, group.name) for group in groups]
 
-    # Check that Fractal Default Group is the first of the list. If not, fix.
+    # Identify the default-group position in the list of groups
     index = next(
         (
-            i
-            for i, group_tuple in enumerate(group_ids_names)
-            if group_tuple[1] == FRACTAL_DEFAULT_GROUP_NAME
+            ind
+            for ind, group_tuple in enumerate(group_ids_names)
+            if group_tuple[1] == settings.FRACTAL_DEFAULT_GROUP_NAME
         ),
         None,
     )
-    if index is None:
-        logger.warning(
-            f"User {user.id} not in "
-            f"default UserGroup '{FRACTAL_DEFAULT_GROUP_NAME}'"
-        )
-    elif index != 0:
+    if (index is None) or (index == 0):
+        # Either the default group does not exist, or it is already the first
+        # one. No action needed.
+        pass
+    else:
+        # Move the default group to the first position
         default_group = group_ids_names.pop(index)
         group_ids_names.insert(0, default_group)
-    else:
-        pass
+
+    # Create dump of `user.oauth_accounts` relationship
     oauth_accounts = [
         oauth_account.model_dump() for oauth_account in user.oauth_accounts
     ]
@@ -75,7 +80,7 @@ async def _get_single_usergroup_with_user_ids(
     """
     Get a group, and construct its `user_ids` list.
 
-    Arguments:
+    Args:
         group_id:
         db:
 
@@ -98,7 +103,7 @@ async def _user_or_404(user_id: int, db: AsyncSession) -> UserOAuth:
     """
     Get a user from db, or raise a 404 HTTP exception if missing.
 
-    Arguments:
+    Args:
         user_id: ID of the user
         db: Async db session
     """
@@ -121,17 +126,31 @@ async def _usergroup_or_404(usergroup_id: int, db: AsyncSession) -> UserGroup:
     return user
 
 
-async def _get_default_usergroup_id(db: AsyncSession) -> int:
+async def _get_default_usergroup_id_or_none(db: AsyncSession) -> int | None:
+    """
+    Return the ID of the group named `"All"`, if `FRACTAL_DEFAULT_GROUP_NAME`
+    is set and such group exists. Return `None`, if
+    `FRACTAL_DEFAULT_GROUP_NAME=None` or if the `"All"` group does not exist.
+    """
+    settings = Inject(get_settings)
     stm = select(UserGroup.id).where(
-        UserGroup.name == FRACTAL_DEFAULT_GROUP_NAME
+        UserGroup.name == settings.FRACTAL_DEFAULT_GROUP_NAME
     )
     res = await db.execute(stm)
     user_group_id = res.scalars().one_or_none()
-    if user_group_id is None:
+
+    if (
+        settings.FRACTAL_DEFAULT_GROUP_NAME is not None
+        and user_group_id is None
+    ):
         raise HTTPException(
             status_code=status.HTTP_404_NOT_FOUND,
-            detail=f"User group '{FRACTAL_DEFAULT_GROUP_NAME}' not found.",
+            detail=(
+                f"User group '{settings.FRACTAL_DEFAULT_GROUP_NAME}'"
+                " not found.",
+            ),
         )
+
     return user_group_id
 
 

fractal_server/app/routes/auth/current_user.py

@@ -5,26 +5,28 @@ import os
 
 from fastapi import APIRouter
 from fastapi import Depends
-from fastapi_users import schemas
 from sqlalchemy.ext.asyncio import AsyncSession
 from sqlmodel import select
 
-from . import current_active_user
-from ...db import get_async_db
-from ...schemas.user import UserRead
-from ...schemas.user import UserUpdate
-from ...schemas.user import UserUpdateStrict
-from ..aux.validate_user_settings import verify_user_has_settings
-from ._aux_auth import _get_single_user_with_groups
+from fractal_server.app.db import get_async_db
 from fractal_server.app.models import LinkUserGroup
+from fractal_server.app.models import Profile
+from fractal_server.app.models import Resource
 from fractal_server.app.models import UserGroup
 from fractal_server.app.models import UserOAuth
-from fractal_server.app.models import UserSettings
-from fractal_server.app.schemas import UserSettingsReadStrict
-from fractal_server.app.schemas import UserSettingsUpdateStrict
+from fractal_server.app.routes.auth import current_user_act
+from fractal_server.app.routes.auth import current_user_act_ver
+from fractal_server.app.routes.auth._aux_auth import (
+    _get_single_user_with_groups,
+)
+from fractal_server.app.schemas import UserProfileInfo
+from fractal_server.app.schemas.user import UserRead
+from fractal_server.app.schemas.user import UserUpdate
+from fractal_server.app.schemas.user import UserUpdateStrict
 from fractal_server.app.security import get_user_manager
 from fractal_server.app.security import UserManager
-from fractal_server.config import get_settings
+from fractal_server.config import DataAuthScheme
+from fractal_server.config import get_data_settings
 from fractal_server.syringe import Inject
 
 router_current_user = APIRouter()
@@ -33,7 +35,7 @@ router_current_user = APIRouter()
 @router_current_user.get("/current-user/", response_model=UserRead)
 async def get_current_user(
     group_ids_names: bool = False,
-    user: UserOAuth = Depends(current_active_user),
+    user: UserOAuth = Depends(current_user_act),
     db: AsyncSession = Depends(get_async_db),
 ):
     """
@@ -49,7 +51,7 @@ async def get_current_user(
 @router_current_user.patch("/current-user/", response_model=UserRead)
 async def patch_current_user(
     user_update: UserUpdateStrict,
-    current_user: UserOAuth = Depends(current_active_user),
+    current_user: UserOAuth = Depends(current_user_act),
     user_manager: UserManager = Depends(get_user_manager),
     db: AsyncSession = Depends(get_async_db),
 ):
@@ -64,7 +66,7 @@ async def patch_current_user(
     # their own password
 
     user = await user_manager.update(update, current_user, safe=True)
-    validated_user = schemas.model_validate(UserOAuth, user.model_dump())
+    validated_user = UserOAuth.model_validate(user.model_dump())
 
     patched_user = await db.get(
         UserOAuth, validated_user.id, populate_existing=True
@@ -76,83 +78,71 @@ async def patch_current_user(
 
 
 @router_current_user.get(
-    "/current-user/settings/", response_model=UserSettingsReadStrict
+    "/current-user/profile-info/",
+    response_model=UserProfileInfo,
 )
-async def get_current_user_settings(
-    current_user: UserOAuth = Depends(current_active_user),
+async def get_current_user_profile_info(
+    current_user: UserOAuth = Depends(current_user_act),
     db: AsyncSession = Depends(get_async_db),
-) -> UserSettingsReadStrict:
-    verify_user_has_settings(current_user)
-    user_settings = await db.get(UserSettings, current_user.user_settings_id)
-    return user_settings
-
-
-@router_current_user.patch(
-    "/current-user/settings/", response_model=UserSettingsReadStrict
-)
-async def patch_current_user_settings(
-    settings_update: UserSettingsUpdateStrict,
-    current_user: UserOAuth = Depends(current_active_user),
-    db: AsyncSession = Depends(get_async_db),
-) -> UserSettingsReadStrict:
-    verify_user_has_settings(current_user)
-    current_user_settings = await db.get(
-        UserSettings, current_user.user_settings_id
+) -> UserProfileInfo:
+    stm = (
+        select(Resource, Profile)
+        .join(UserOAuth)
+        .where(Resource.id == Profile.resource_id)
+        .where(Profile.id == UserOAuth.profile_id)
+        .where(UserOAuth.id == current_user.id)
     )
+    res = await db.execute(stm)
+    db_data = res.one_or_none()
+    if db_data is None:
+        response_data = dict(has_profile=False)
+    else:
+        resource, profile = db_data
+        response_data = dict(
+            has_profile=True,
+            resource_name=resource.name,
+            profile_name=profile.name,
+            username=profile.username,
+        )
 
-    for k, v in settings_update.model_dump(exclude_unset=True).items():
-        setattr(current_user_settings, k, v)
-
-    db.add(current_user_settings)
-    await db.commit()
-    await db.refresh(current_user_settings)
-
-    return current_user_settings
+    return response_data
 
 
 @router_current_user.get(
     "/current-user/allowed-viewer-paths/", response_model=list[str]
 )
 async def get_current_user_allowed_viewer_paths(
-    current_user: UserOAuth = Depends(current_active_user),
+    current_user: UserOAuth = Depends(current_user_act_ver),
     db: AsyncSession = Depends(get_async_db),
 ) -> list[str]:
     """
     Returns the allowed viewer paths for current user, according to the
-    selected FRACTAL_VIEWER_AUTHORIZATION_SCHEME
+    selected FRACTAL_DATA_AUTH_SCHEME
     """
 
-    settings = Inject(get_settings)
-
-    if settings.FRACTAL_VIEWER_AUTHORIZATION_SCHEME == "none":
-        return []
+    data_settings = Inject(get_data_settings)
 
     authorized_paths = []
 
-    # Respond with 422 error if user has no settings
-    verify_user_has_settings(current_user)
+    if data_settings.FRACTAL_DATA_AUTH_SCHEME == DataAuthScheme.NONE:
+        return authorized_paths
 
-    # Load current user settings
-    current_user_settings = await db.get(
-        UserSettings, current_user.user_settings_id
-    )
-    # If project_dir is set, append it to the list of authorized paths
-    if current_user_settings.project_dir is not None:
-        authorized_paths.append(current_user_settings.project_dir)
+    # Append `project_dir` to the list of authorized paths
+    authorized_paths.append(current_user.project_dir)
 
     # If auth scheme is "users-folders" and `slurm_user` is set,
     # build and append the user folder
     if (
-        settings.FRACTAL_VIEWER_AUTHORIZATION_SCHEME == "users-folders"
-        and current_user_settings.slurm_user is not None
+        data_settings.FRACTAL_DATA_AUTH_SCHEME == DataAuthScheme.USERS_FOLDERS
+        and current_user.profile_id is not None
     ):
-        base_folder = settings.FRACTAL_VIEWER_BASE_FOLDER
-        user_folder = os.path.join(
-            base_folder, current_user_settings.slurm_user
-        )
-        authorized_paths.append(user_folder)
+        profile = await db.get(Profile, current_user.profile_id)
+        if profile is not None and profile.username is not None:
+            base_folder = data_settings.FRACTAL_DATA_BASE_FOLDER
+            user_folder = os.path.join(base_folder, profile.username)
+            authorized_paths.append(user_folder)
 
-    if settings.FRACTAL_VIEWER_AUTHORIZATION_SCHEME == "viewer-paths":
+    if data_settings.FRACTAL_DATA_AUTH_SCHEME == DataAuthScheme.VIEWER_PATHS:
         # Returns the union of `viewer_paths` for all user's groups
         cmd = (
             select(UserGroup.viewer_paths)
@@ -169,7 +159,6 @@ async def get_current_user_allowed_viewer_paths(
             for _viewer_paths in viewer_paths_nested
             for path in _viewer_paths
         }
-
         authorized_paths.extend(all_viewer_paths_set)
 
     return authorized_paths

fractal_server/app/routes/auth/group.py

@@ -9,8 +9,8 @@ from fastapi import status
 from sqlalchemy.ext.asyncio import AsyncSession
 from sqlmodel import select
 
-from . import current_active_superuser
-from ._aux_auth import _get_default_usergroup_id
+from . import current_superuser_act
+from ._aux_auth import _get_default_usergroup_id_or_none
 from ._aux_auth import _get_single_usergroup_with_user_ids
 from ._aux_auth import _user_or_404
 from ._aux_auth import _usergroup_or_404
@@ -18,16 +18,16 @@ from fractal_server.app.db import get_async_db
 from fractal_server.app.models import LinkUserGroup
 from fractal_server.app.models import UserGroup
 from fractal_server.app.models import UserOAuth
-from fractal_server.app.models import UserSettings
 from fractal_server.app.schemas.user_group import UserGroupCreate
 from fractal_server.app.schemas.user_group import UserGroupRead
 from fractal_server.app.schemas.user_group import UserGroupUpdate
-from fractal_server.app.schemas.user_settings import UserSettingsUpdate
-from fractal_server.app.security import FRACTAL_DEFAULT_GROUP_NAME
+from fractal_server.config import get_settings
 from fractal_server.logger import set_logger
+from fractal_server.syringe import Inject
 
 logger = set_logger(__name__)
 
+
 router_group = APIRouter()
 
 
@@ -36,11 +36,11 @@ router_group = APIRouter()
 )
 async def get_list_user_groups(
     user_ids: bool = False,
-    user: UserOAuth = Depends(current_active_superuser),
+    user: UserOAuth = Depends(current_superuser_act),
     db: AsyncSession = Depends(get_async_db),
 ) -> list[UserGroupRead]:
     # Get all groups
-    stm_all_groups = select(UserGroup)
+    stm_all_groups = select(UserGroup).order_by(UserGroup.id)
     res = await db.execute(stm_all_groups)
     groups = res.scalars().all()
 
@@ -70,7 +70,7 @@ async def get_list_user_groups(
 )
 async def get_single_user_group(
     group_id: int,
-    user: UserOAuth = Depends(current_active_superuser),
+    user: UserOAuth = Depends(current_superuser_act),
     db: AsyncSession = Depends(get_async_db),
 ) -> UserGroupRead:
     group = await _get_single_usergroup_with_user_ids(group_id=group_id, db=db)
@@ -84,7 +84,7 @@ async def get_single_user_group(
 )
 async def create_single_group(
     group_create: UserGroupCreate,
-    user: UserOAuth = Depends(current_active_superuser),
+    user: UserOAuth = Depends(current_superuser_act),
     db: AsyncSession = Depends(get_async_db),
 ) -> UserGroupRead:
     # Check that name is not already in use
@@ -116,7 +116,7 @@ async def create_single_group(
 async def update_single_group(
     group_id: int,
     group_update: UserGroupUpdate,
-    user: UserOAuth = Depends(current_active_superuser),
+    user: UserOAuth = Depends(current_superuser_act),
     db: AsyncSession = Depends(get_async_db),
 ) -> UserGroupRead:
     group = await _usergroup_or_404(group_id, db)
@@ -137,58 +137,38 @@ async def update_single_group(
 @router_group.delete("/group/{group_id}/", status_code=204)
 async def delete_single_group(
     group_id: int,
-    user: UserOAuth = Depends(current_active_superuser),
+    user: UserOAuth = Depends(current_superuser_act),
     db: AsyncSession = Depends(get_async_db),
 ) -> Response:
+    """
+    Delete a user group.
+
+    If `FRACTAL_DEFAULT_GROUP_NAME="All"`, a group named `"All"` cannot be
+    deleted. If `FRACTAL_DEFAULT_GROUP_NAME=None`, any group can be deleted.
+    """
+    settings = Inject(get_settings)
     group = await _usergroup_or_404(group_id, db)
 
-    if group.name == FRACTAL_DEFAULT_GROUP_NAME:
+    if group.name == settings.FRACTAL_DEFAULT_GROUP_NAME:
         raise HTTPException(
             status_code=status.HTTP_422_UNPROCESSABLE_CONTENT,
             detail=(
                 "Cannot delete default UserGroup "
-                f"'{FRACTAL_DEFAULT_GROUP_NAME}'."
+                f"'{settings.FRACTAL_DEFAULT_GROUP_NAME}'."
             ),
         )
 
-    # Delete
-
     await db.delete(group)
     await db.commit()
 
     return Response(status_code=status.HTTP_204_NO_CONTENT)
 
 
-@router_group.patch("/group/{group_id}/user-settings/", status_code=200)
-async def patch_user_settings_bulk(
-    group_id: int,
-    settings_update: UserSettingsUpdate,
-    superuser: UserOAuth = Depends(current_active_superuser),
-    db: AsyncSession = Depends(get_async_db),
-):
-    await _usergroup_or_404(group_id, db)
-    res = await db.execute(
-        select(UserSettings)
-        .join(UserOAuth)
-        .where(LinkUserGroup.user_id == UserOAuth.id)
-        .where(LinkUserGroup.group_id == group_id)
-    )
-    settings_list = res.scalars().all()
-    update = settings_update.model_dump(exclude_unset=True)
-    for settings in settings_list:
-        for k, v in update.items():
-            setattr(settings, k, v)
-        db.add(settings)
-    await db.commit()
-
-    return Response(status_code=status.HTTP_200_OK)
-
-
 @router_group.post("/group/{group_id}/add-user/{user_id}/", status_code=200)
 async def add_user_to_group(
     group_id: int,
     user_id: int,
-    superuser: UserOAuth = Depends(current_active_superuser),
+    superuser: UserOAuth = Depends(current_superuser_act),
     db: AsyncSession = Depends(get_async_db),
 ) -> UserGroupRead:
     await _usergroup_or_404(group_id, db)
@@ -212,21 +192,24 @@ async def add_user_to_group(
 async def remove_user_from_group(
     group_id: int,
     user_id: int,
-    superuser: UserOAuth = Depends(current_active_superuser),
+    superuser: UserOAuth = Depends(current_superuser_act),
     db: AsyncSession = Depends(get_async_db),
 ) -> UserGroupRead:
+    settings = Inject(get_settings)
     # Check that user and group exist
     await _usergroup_or_404(group_id, db)
     user = await _user_or_404(user_id, db)
 
     # Check that group is not the default one
-    default_user_group_id = await _get_default_usergroup_id(db=db)
-    if default_user_group_id == group_id:
+    default_user_group_id_or_none = await _get_default_usergroup_id_or_none(
+        db=db
+    )
+    if default_user_group_id_or_none == group_id:
         raise HTTPException(
             status_code=status.HTTP_422_UNPROCESSABLE_CONTENT,
             detail=(
-                f"Cannot remove user from '{FRACTAL_DEFAULT_GROUP_NAME}' "
-                "group.",
+                f"Cannot remove user from "
+                f"'{settings.FRACTAL_DEFAULT_GROUP_NAME}' group.",
             ),
         )