PyPI - fractal-server - Versions diffs - 2.17.1a1__py3-none-any.whl → 2.18.0__py3-none-any.whl - Mend

fractal-server 2.17.1a1py3-none-any.whl → 2.18.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (225) hide show

fractal_server/app/routes/api/v2/_aux_functions.py CHANGED Viewed

@@ -1,37 +1,39 @@
 """
 Auxiliary functions to get object from the database or perform simple checks
 """
 from typing import Any
-from typing import Literal
+from typing import TypedDict
 from fastapi import HTTPException
 from fastapi import status
-from sqlalchemy.exc import MultipleResultsFound
 from sqlalchemy.orm.attributes import flag_modified
 from sqlmodel import select
 from sqlmodel.sql.expression import SelectOfScalar
-from ....models.v2 import DatasetV2
-from ....models.v2 import JobV2
-from ....models.v2 import LinkUserProjectV2
-from ....models.v2 import ProjectV2
-from ....models.v2 import TaskV2
-from ....models.v2 import WorkflowTaskV2
-from ....models.v2 import WorkflowV2
-from ....schemas.v2 import JobStatusTypeV2
 from fractal_server.app.db import AsyncSession
 from fractal_server.app.models import Profile
 from fractal_server.app.models import Resource
 from fractal_server.app.models import UserOAuth
+from fractal_server.app.models.v2 import DatasetV2
+from fractal_server.app.models.v2 import JobV2
+from fractal_server.app.models.v2 import LinkUserProjectV2
+from fractal_server.app.models.v2 import ProjectV2
+from fractal_server.app.models.v2 import TaskV2
+from fractal_server.app.models.v2 import WorkflowTaskV2
+from fractal_server.app.models.v2 import WorkflowV2
+from fractal_server.app.schemas.v2 import JobStatusType
+from fractal_server.app.schemas.v2 import ProjectPermissions
 from fractal_server.logger import set_logger
 logger = set_logger(__name__)
-async def _get_project_check_owner(
+async def _get_project_check_access(
     *,
     project_id: int,
     user_id: int,
+    required_permissions: ProjectPermissions,
     db: AsyncSession,
 ) -> ProjectV2:
     """
@@ -40,6 +42,7 @@ async def _get_project_check_owner(
     Args:
         project_id:
         user_id:
+        required_permissions:
         db:
     Returns:
@@ -47,31 +50,42 @@ async def _get_project_check_owner(
     Raises:
         HTTPException(status_code=403_FORBIDDEN):
-            If the user is not a member of the project
+            - If the user is not a member of the project;
+            - If the user has not accepted the invitation yet;
+            - If the user has not the target permissions.
         HTTPException(status_code=404_NOT_FOUND):
             If the project does not exist
     """
     project = await db.get(ProjectV2, project_id)
-    link_user_project = await db.get(LinkUserProjectV2, (project_id, user_id))
-    if not project:
+    if project is None:
         raise HTTPException(
             status_code=status.HTTP_404_NOT_FOUND, detail="Project not found"
         )
-    if not link_user_project:
+    link_user_project = await db.get(LinkUserProjectV2, (project_id, user_id))
+    if (
+        link_user_project is None
+        or not link_user_project.is_verified
+        or required_permissions not in link_user_project.permissions
+    ):
         raise HTTPException(
             status_code=status.HTTP_403_FORBIDDEN,
-            detail=f"Not allowed on project {project_id}",
+            detail=(
+                "You are not authorized to perform this action. "
+                "If you think this is by mistake, "
+                "please contact the project owner."
+            ),
         )
     return project
-async def _get_workflow_check_owner(
+async def _get_workflow_check_access(
     *,
     workflow_id: int,
     project_id: int,
     user_id: int,
+    required_permissions: ProjectPermissions,
     db: AsyncSession,
 ) -> WorkflowV2:
     """
@@ -88,39 +102,43 @@ async def _get_workflow_check_owner(
     Raises:
         HTTPException(status_code=404_NOT_FOUND):
-            If the workflow does not exist
-        HTTPException(status_code=422_UNPROCESSABLE_ENTITY):
-            If the workflow is not associated to the project
+            If the project or the workflow do not exist or if they are not
+            associated
+        HTTPException(status_code=403_FORBIDDEN):
+            If the user is not a member of the project
     """
     # Access control for project
-    project = await _get_project_check_owner(
-        project_id=project_id, user_id=user_id, db=db
+    await _get_project_check_access(
+        project_id=project_id,
+        user_id=user_id,
+        required_permissions=required_permissions,
+        db=db,
     )
-    # Get workflow
-    # (See issue 1087 for 'populate_existing=True')
-    workflow = await db.get(WorkflowV2, workflow_id, populate_existing=True)
+    res = await db.execute(
+        select(WorkflowV2)
+        .where(WorkflowV2.id == workflow_id)
+        .where(WorkflowV2.project_id == project_id)
+        .execution_options(populate_existing=True)  # See issue 1087
+    )
+    workflow = res.scalars().one_or_none()
     if not workflow:
         raise HTTPException(
             status_code=status.HTTP_404_NOT_FOUND, detail="Workflow not found"
         )
-    if workflow.project_id != project.id:
-        raise HTTPException(
-            status_code=status.HTTP_422_UNPROCESSABLE_CONTENT,
-            detail=(f"Invalid {project_id=} for {workflow_id=}."),
-        )
     return workflow
-async def _get_workflow_task_check_owner(
+async def _get_workflow_task_check_access(
     *,
     project_id: int,
     workflow_id: int,
     workflow_task_id: int,
     user_id: int,
+    required_permissions: ProjectPermissions,
     db: AsyncSession,
 ) -> tuple[WorkflowTaskV2, WorkflowV2]:
     """
@@ -138,34 +156,34 @@ async def _get_workflow_task_check_owner(
     Raises:
         HTTPException(status_code=404_NOT_FOUND):
-            If the WorkflowTask does not exist
-        HTTPException(status_code=422_UNPROCESSABLE_ENTITY):
-            If the WorkflowTask is not associated to the Workflow
+            If the project, the workflow or the workflowtask do not exist or
+            if they are not associated
+        HTTPException(status_code=403_FORBIDDEN):
+            If the user is not a member of the project
     """
     # Access control for workflow
-    workflow = await _get_workflow_check_owner(
+    workflow = await _get_workflow_check_access(
         workflow_id=workflow_id,
         project_id=project_id,
         user_id=user_id,
+        required_permissions=required_permissions,
         db=db,
     )
-    # If WorkflowTask is not in the db, exit
-    workflow_task = await db.get(WorkflowTaskV2, workflow_task_id)
-    if not workflow_task:
+    res = await db.execute(
+        select(WorkflowTaskV2)
+        .where(WorkflowTaskV2.id == workflow_task_id)
+        .where(WorkflowTaskV2.workflow_id == workflow_id)
+    )
+    workflow_task = res.scalars().one_or_none()
+    if workflow_task is None:
         raise HTTPException(
             status_code=status.HTTP_404_NOT_FOUND,
             detail="WorkflowTask not found",
         )
-    # If WorkflowTask is not part of the expected Workflow, exit
-    if workflow_id != workflow_task.workflow_id:
-        raise HTTPException(
-            status_code=status.HTTP_422_UNPROCESSABLE_CONTENT,
-            detail=f"Invalid {workflow_id=} for {workflow_task_id=}",
-        )
     return workflow_task, workflow
@@ -220,9 +238,10 @@ async def _check_project_exists(
     """
     stm = (
         select(ProjectV2)
-        .join(LinkUserProjectV2)
+        .join(LinkUserProjectV2, LinkUserProjectV2.project_id == ProjectV2.id)
         .where(ProjectV2.name == project_name)
         .where(LinkUserProjectV2.user_id == user_id)
+        .where(LinkUserProjectV2.is_owner.is_(True))
     )
     res = await db.execute(stm)
     if res.scalars().all():
@@ -232,13 +251,19 @@ async def _check_project_exists(
         )
-async def _get_dataset_check_owner(
+class DatasetOrProject(TypedDict):
+    dataset: DatasetV2
+    project: ProjectV2
+async def _get_dataset_check_access(
     *,
     project_id: int,
     dataset_id: int,
     user_id: int,
+    required_permissions: ProjectPermissions,
     db: AsyncSession,
-) -> dict[Literal["dataset", "project"], DatasetV2 | ProjectV2]:
+) -> DatasetOrProject:
     """
     Get a dataset and a project, after access control on the project
@@ -253,38 +278,49 @@ async def _get_dataset_check_owner(
             `project`).
     Raises:
-        HTTPException(status_code=422_UNPROCESSABLE_ENTITY):
-            If the dataset is not associated to the project
+        HTTPException(status_code=404_UNPROCESSABLE_ENTITY):
+            If the project or the dataset do not exist or if they are not
+            associated
+        HTTPException(status_code=403_FORBIDDEN):
+            If the user is not a member of the project
     """
     # Access control for project
-    project = await _get_project_check_owner(
-        project_id=project_id, user_id=user_id, db=db
+    project = await _get_project_check_access(
+        project_id=project_id,
+        user_id=user_id,
+        required_permissions=required_permissions,
+        db=db,
     )
-    # Get dataset
-    # (See issue 1087 for 'populate_existing=True')
-    dataset = await db.get(DatasetV2, dataset_id, populate_existing=True)
+    res = await db.execute(
+        select(DatasetV2)
+        .where(DatasetV2.id == dataset_id)
+        .where(DatasetV2.project_id == project_id)
+        .execution_options(populate_existing=True)  # See issue 1087
+    )
+    dataset = res.scalars().one_or_none()
-    if not dataset:
+    if dataset is None:
         raise HTTPException(
             status_code=status.HTTP_404_NOT_FOUND, detail="Dataset not found"
         )
-    if dataset.project_id != project_id:
-        raise HTTPException(
-            status_code=status.HTTP_422_UNPROCESSABLE_CONTENT,
-            detail=f"Invalid {project_id=} for {dataset_id=}",
-        )
     return dict(dataset=dataset, project=project)
-async def _get_job_check_owner(
+class JobAndProject(TypedDict):
+    job: JobV2
+    project: ProjectV2
+async def _get_job_check_access(
     *,
     project_id: int,
     job_id: int,
     user_id: int,
+    required_permissions: ProjectPermissions,
     db: AsyncSession,
-) -> dict[Literal["job", "project"], JobV2 | ProjectV2]:
+) -> JobAndProject:
     """
     Get a job and a project, after access control on the project
@@ -299,26 +335,32 @@ async def _get_job_check_owner(
             `project`).
     Raises:
-        HTTPException(status_code=422_UNPROCESSABLE_ENTITY):
-            If the job is not associated to the project
+        HTTPException(status_code=404_UNPROCESSABLE_ENTITY):
+            If the project or the job do not exist or if they are not
+            associated
+        HTTPException(status_code=403_FORBIDDEN):
+            If the user is not a member of the project
     """
     # Access control for project
-    project = await _get_project_check_owner(
+    project = await _get_project_check_access(
         project_id=project_id,
         user_id=user_id,
+        required_permissions=required_permissions,
         db=db,
     )
-    # Get dataset
-    job = await db.get(JobV2, job_id)
-    if not job:
+    res = await db.execute(
+        select(JobV2)
+        .where(JobV2.id == job_id)
+        .where(JobV2.project_id == project_id)
+    )
+    job = res.scalars().one_or_none()
+    if job is None:
         raise HTTPException(
             status_code=status.HTTP_404_NOT_FOUND, detail="Job not found"
         )
-    if job.project_id != project_id:
-        raise HTTPException(
-            status_code=status.HTTP_422_UNPROCESSABLE_CONTENT,
-            detail=f"Invalid {project_id=} for {job_id=}",
-        )
     return dict(job=job, project=project)
@@ -328,7 +370,7 @@ def _get_submitted_jobs_statement() -> SelectOfScalar:
         A sqlmodel statement that selects all `Job`s with
         `Job.status` equal to `submitted`.
     """
-    stm = select(JobV2).where(JobV2.status == JobStatusTypeV2.SUBMITTED)
+    stm = select(JobV2).where(JobV2.status == JobStatusType.SUBMITTED)
     return stm
@@ -338,7 +380,7 @@ async def _workflow_has_submitted_job(
 ) -> bool:
     res = await db.execute(
         select(JobV2.id)
-        .where(JobV2.status == JobStatusTypeV2.SUBMITTED)
+        .where(JobV2.status == JobStatusType.SUBMITTED)
         .where(JobV2.workflow_id == workflow_id)
         .limit(1)
     )
@@ -411,14 +453,18 @@ async def _workflow_insert_task(
     flag_modified(db_workflow, "task_list")
     await db.commit()
-    # See issue 1087 for 'populate_existing=True'
-    wf_task = await db.get(WorkflowTaskV2, wf_task.id, populate_existing=True)
+    wf_task = await db.get(
+        WorkflowTaskV2,
+        wf_task.id,
+        populate_existing=True,  # See issue 1087
+    )
     return wf_task
-async def clean_app_job_list_v2(
-    db: AsyncSession, jobs_list: list[int]
+async def clean_app_job_list(
+    db: AsyncSession,
+    jobs_list: list[int],
 ) -> list[int]:
     """
     Remove from a job list all jobs with status different from submitted.
@@ -430,14 +476,14 @@ async def clean_app_job_list_v2(
     Return:
         List of IDs for submitted jobs.
     """
+    logger.info(f"[clean_app_job_list] START - {jobs_list=}.")
     stmt = select(JobV2).where(JobV2.id.in_(jobs_list))
     result = await db.execute(stmt)
     db_jobs_list = result.scalars().all()
     submitted_job_ids = [
-        job.id
-        for job in db_jobs_list
-        if job.status == JobStatusTypeV2.SUBMITTED
+        job.id for job in db_jobs_list if job.status == JobStatusType.SUBMITTED
     ]
+    logger.info(f"[clean_app_job_list] END - {submitted_job_ids=}.")
     return submitted_job_ids
@@ -507,49 +553,11 @@ async def _get_workflowtask_or_404(
         return wftask
-async def _get_submitted_job_or_none(
-    *,
-    dataset_id: int,
-    workflow_id: int,
-    db: AsyncSession,
-) -> JobV2 | None:
-    """
-    Get the submitted job for given dataset/workflow, if any.
-    This function also handles the invalid branch where more than one job
-    is found.
-    Args:
-        dataset_id:
-        workflow_id:
-        db:
-    """
-    res = await db.execute(
-        _get_submitted_jobs_statement()
-        .where(JobV2.dataset_id == dataset_id)
-        .where(JobV2.workflow_id == workflow_id)
-    )
-    try:
-        return res.scalars().one_or_none()
-    except MultipleResultsFound as e:
-        error_msg = (
-            "Multiple running jobs found for "
-            f"{dataset_id=} and {workflow_id=}."
-        )
-        logger.error(f"{error_msg} Original error: {str(e)}.")
-        raise HTTPException(
-            status_code=status.HTTP_422_UNPROCESSABLE_CONTENT,
-            detail=error_msg,
-        )
 async def _get_user_resource_id(user_id: int, db: AsyncSession) -> int | None:
     res = await db.execute(
         select(Resource.id)
-        .join(Profile)
-        .join(UserOAuth)
-        .where(Resource.id == Profile.resource_id)
-        .where(Profile.id == UserOAuth.profile_id)
+        .join(Profile, Resource.id == Profile.resource_id)
+        .join(UserOAuth, Profile.id == UserOAuth.profile_id)
         .where(UserOAuth.id == user_id)
     )
     resource_id = res.scalar_one_or_none()

fractal_server/app/routes/api/v2/_aux_functions_history.py CHANGED Viewed

@@ -1,3 +1,4 @@
+import os
 from pathlib import Path
 from typing import Literal
@@ -12,16 +13,15 @@ from fractal_server.app.models.v2 import HistoryUnit
 from fractal_server.app.models.v2 import WorkflowV2
 from fractal_server.app.routes.api.v2._aux_functions import _get_dataset_or_404
 from fractal_server.app.routes.api.v2._aux_functions import (
-    _get_project_check_owner,
-)
-from fractal_server.app.routes.api.v2._aux_functions import (
-    _get_workflow_or_404,
+    _get_project_check_access,
 )
+from fractal_server.app.routes.api.v2._aux_functions import _get_workflow_or_404
 from fractal_server.app.routes.api.v2._aux_functions import (
     _get_workflowtask_or_404,
 )
+from fractal_server.app.schemas.v2.sharing import ProjectPermissions
 from fractal_server.logger import set_logger
+from fractal_server.zip_tools import _read_single_file_from_zip
 logger = set_logger(__name__)
@@ -66,27 +66,51 @@ async def get_history_run_or_404(
 def read_log_file(
     *,
-    logfile: str | None,
-    wftask: WorkflowTaskV2,
+    task_name: str,
     dataset_id: int,
-):
-    if logfile is None or not Path(logfile).exists():
-        logger.debug(
-            f"Logs for task '{wftask.task.name}' in dataset "
-            f"{dataset_id} are not available ({logfile=})."
-        )
-        return (
-            f"Logs for task '{wftask.task.name}' in dataset "
-            f"{dataset_id} are not available."
-        )
+    logfile: str,
+    job_working_dir: str,
+) -> str:
+    """
+    Returns the contents of a Job's log file, either directly from the working
+    directory or from the corresponding ZIP archive.
+    The function first checks if `logfile` exists on disk.
+    If not, it checks if the Job working directory has been zipped and tries to
+    read `logfile` from within the archive.
+    (Note: it is assumed that `logfile` is relative to `job_working_dir`)
+    """
+    archive_path = os.path.normpath(job_working_dir) + ".zip"
     try:
-        with open(logfile) as f:
-            return f.read()
+        if Path(logfile).exists():
+            with open(logfile) as f:
+                return f.read()
+        elif Path(archive_path).exists():
+            relative_logfile = (
+                Path(logfile).relative_to(job_working_dir).as_posix()
+            )
+            return _read_single_file_from_zip(
+                file_path=relative_logfile, archive_path=archive_path
+            )
+        else:
+            logger.error(
+                f"Error while retrieving logs for {logfile=} and "
+                f"{archive_path=}: both files do not exist."
+            )
+            return (
+                f"Logs for task '{task_name}' in dataset "
+                f"{dataset_id} are not available."
+            )
     except Exception as e:
+        logger.error(
+            f"Error while retrieving logs for {logfile=} and {archive_path=}. "
+            f"Original error: {str(e)}"
+        )
         return (
-            f"Error while retrieving logs for task '{wftask.task.name}' "
-            f"in dataset {dataset_id}. Original error: {str(e)}."
+            f"Error while retrieving logs for task '{task_name}' "
+            f"in dataset {dataset_id}."
         )
@@ -96,6 +120,7 @@ async def _verify_workflow_and_dataset_access(
     workflow_id: int,
     dataset_id: int,
     user_id: int,
+    required_permissions: ProjectPermissions,
     db: AsyncSession,
 ) -> dict[Literal["dataset", "workflow"], DatasetV2 | WorkflowV2]:
     """
@@ -108,9 +133,10 @@ async def _verify_workflow_and_dataset_access(
         user_id:
         db:
     """
-    await _get_project_check_owner(
+    await _get_project_check_access(
         project_id=project_id,
         user_id=user_id,
+        required_permissions=required_permissions,
         db=db,
     )
     workflow = await _get_workflow_or_404(
@@ -135,12 +161,13 @@ async def _verify_workflow_and_dataset_access(
     return dict(dataset=dataset, workflow=workflow)
-async def get_wftask_check_owner(
+async def get_wftask_check_access(
     *,
     project_id: int,
     dataset_id: int,
     workflowtask_id: int,
     user_id: int,
+    required_permissions: ProjectPermissions,
     db: AsyncSession,
 ) -> WorkflowTaskV2:
     """
@@ -161,6 +188,7 @@ async def get_wftask_check_owner(
         project_id=project_id,
         dataset_id=dataset_id,
         workflow_id=wftask.workflow_id,
+        required_permissions=required_permissions,
         user_id=user_id,
         db=db,
     )

fractal_server/app/routes/api/v2/_aux_functions_sharing.py ADDED Viewed

@@ -0,0 +1,97 @@
+from fastapi import HTTPException
+from fastapi import status
+from sqlmodel import select
+from fractal_server.app.db import AsyncSession
+from fractal_server.app.models import UserOAuth
+from fractal_server.app.models.v2 import LinkUserProjectV2
+async def raise_403_if_not_owner(
+    *,
+    user_id: int,
+    project_id: int,
+    db: AsyncSession,
+) -> None:
+    """
+    Raises 403 if User[`user_id`] is not owner of Project[`project_id`],
+    regardless of whether the User or Project exists.
+    """
+    res = await db.execute(
+        select(LinkUserProjectV2)
+        .where(LinkUserProjectV2.project_id == project_id)
+        .where(LinkUserProjectV2.user_id == user_id)
+        .where(LinkUserProjectV2.is_owner.is_(True))
+    )
+    link = res.scalars().one_or_none()
+    if link is None:
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="Current user is not the project owner.",
+        )
+    return link
+async def get_link_or_404(
+    *, user_id: int, project_id: int, db: AsyncSession
+) -> LinkUserProjectV2:
+    """
+    Raises 404 if User[`user_id`] is not linked to Project[`project_id`],
+    regardless of whether the User or Project exists.
+    """
+    link = await db.get(LinkUserProjectV2, (project_id, user_id))
+    if link is None:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="User is not linked to project.",
+        )
+    return link
+async def get_pending_invitation_or_404(
+    *, user_id: int, project_id: int, db: AsyncSession
+) -> LinkUserProjectV2:
+    """
+    Raises 404 if User[`user_id`] has not a pending invitation to
+    Project[`project_id`], regardless of whether the User or Project exists.
+    """
+    link = await get_link_or_404(user_id=user_id, project_id=project_id, db=db)
+    if link.is_verified:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="No pending invitation for user on this project.",
+        )
+    return link
+async def raise_422_if_link_exists(
+    *, user_id: int, project_id: int, db: AsyncSession
+) -> None:
+    """
+    Raises 422 if User[`user_id`] is linked Project[`project_id`], regardless
+    of whether the User or Project exists.
+    """
+    link = await db.get(LinkUserProjectV2, (project_id, user_id))
+    if link is not None:
+        raise HTTPException(
+            status_code=status.HTTP_422_UNPROCESSABLE_CONTENT,
+            detail="User is already associated to project.",
+        )
+    return
+async def get_user_id_from_email_or_404(
+    *, user_email: str, db: AsyncSession
+) -> int:
+    """
+    Raises 404 if there is no User with email `user_email`.
+    """
+    res = await db.execute(
+        select(UserOAuth.id).where(UserOAuth.email == user_email)
+    )
+    user_id = res.scalar_one_or_none()
+    if user_id is None:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND, detail="User not found."
+        )
+    return user_id

fractal-server 2.17.1a1__py3-none-any.whl → 2.18.0__py3-none-any.whl

fractal-server 2.17.1a1py3-none-any.whl → 2.18.0py3-none-any.whl