fractal-server 2.17.1a1__py3-none-any.whl → 2.18.0__py3-none-any.whl

fractal_server/app/routes/api/v2/history.py

@@ -6,40 +6,43 @@ from fastapi.responses import JSONResponse
 from sqlmodel import func
 from sqlmodel import select
 
-from ._aux_functions import _get_dataset_check_owner
-from ._aux_functions import _get_submitted_job_or_none
-from ._aux_functions import _get_workflow_check_owner
-from ._aux_functions_history import _verify_workflow_and_dataset_access
-from ._aux_functions_history import get_history_run_or_404
-from ._aux_functions_history import get_history_unit_or_404
-from ._aux_functions_history import get_wftask_check_owner
-from ._aux_functions_history import read_log_file
-from .images import ImagePage
-from .images import ImageQuery
 from fractal_server.app.db import AsyncSession
 from fractal_server.app.db import get_async_db
 from fractal_server.app.models import UserOAuth
 from fractal_server.app.models.v2 import HistoryImageCache
 from fractal_server.app.models.v2 import HistoryRun
 from fractal_server.app.models.v2 import HistoryUnit
+from fractal_server.app.models.v2 import JobV2
 from fractal_server.app.models.v2 import TaskV2
 from fractal_server.app.routes.auth import current_user_act_ver_prof
-from fractal_server.app.routes.pagination import get_pagination_params
 from fractal_server.app.routes.pagination import PaginationRequest
 from fractal_server.app.routes.pagination import PaginationResponse
+from fractal_server.app.routes.pagination import get_pagination_params
 from fractal_server.app.schemas.v2 import HistoryRunRead
 from fractal_server.app.schemas.v2 import HistoryRunReadAggregated
 from fractal_server.app.schemas.v2 import HistoryUnitRead
 from fractal_server.app.schemas.v2 import HistoryUnitStatus
 from fractal_server.app.schemas.v2 import HistoryUnitStatusWithUnset
 from fractal_server.app.schemas.v2 import ImageLogsRequest
-from fractal_server.images.status_tools import enrich_images_unsorted_async
+from fractal_server.app.schemas.v2.sharing import ProjectPermissions
 from fractal_server.images.status_tools import IMAGE_STATUS_KEY
+from fractal_server.images.status_tools import enrich_images_unsorted_async
 from fractal_server.images.tools import aggregate_attributes
 from fractal_server.images.tools import aggregate_types
 from fractal_server.images.tools import filter_image_list
 from fractal_server.logger import set_logger
 
+from ._aux_functions import _get_dataset_check_access
+from ._aux_functions import _get_submitted_jobs_statement
+from ._aux_functions import _get_workflow_check_access
+from ._aux_functions_history import _verify_workflow_and_dataset_access
+from ._aux_functions_history import get_history_run_or_404
+from ._aux_functions_history import get_history_unit_or_404
+from ._aux_functions_history import get_wftask_check_access
+from ._aux_functions_history import read_log_file
+from .images import ImagePage
+from .images import ImageQuery
+
 
 def check_historyrun_related_to_dataset_and_wftask(
     history_run: HistoryRun,
@@ -72,24 +75,28 @@ async def get_workflow_tasks_statuses(
     db: AsyncSession = Depends(get_async_db),
 ) -> JSONResponse:
     # Access control
-    workflow = await _get_workflow_check_owner(
+    workflow = await _get_workflow_check_access(
         project_id=project_id,
         workflow_id=workflow_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
-    await _get_dataset_check_owner(
+    await _get_dataset_check_access(
         project_id=project_id,
         dataset_id=dataset_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
 
-    running_job = await _get_submitted_job_or_none(
-        db=db,
-        dataset_id=dataset_id,
-        workflow_id=workflow_id,
+    res = await db.execute(
+        _get_submitted_jobs_statement()
+        .where(JobV2.dataset_id == dataset_id)
+        .where(JobV2.workflow_id == workflow_id)
     )
+    running_job = res.scalars().one_or_none()
+
     if running_job is not None:
         running_wftasks = workflow.task_list[
             running_job.first_task_index : running_job.last_task_index + 1
@@ -135,19 +142,19 @@ async def get_workflow_tasks_statuses(
                 logger.debug(f"C1: {wftask.id=} not in {running_wftask_ids=}.")
                 response[wftask.id] = dict(status=latest_run.status)
 
-        response[wftask.id][
-            "num_available_images"
-        ] = latest_run.num_available_images
+        response[wftask.id]["num_available_images"] = (
+            latest_run.num_available_images
+        )
 
         for target_status in HistoryUnitStatus:
             stm = (
                 select(func.count(HistoryImageCache.zarr_url))
-                .join(HistoryUnit)
+                .join(
+                    HistoryUnit,
+                    HistoryImageCache.latest_history_unit_id == HistoryUnit.id,
+                )
                 .where(HistoryImageCache.dataset_id == dataset_id)
                 .where(HistoryImageCache.workflowtask_id == wftask.id)
-                .where(
-                    HistoryImageCache.latest_history_unit_id == HistoryUnit.id
-                )
                 .where(HistoryUnit.status == target_status)
             )
             res = await db.execute(stm)
@@ -183,11 +190,12 @@ async def get_history_run_list(
     db: AsyncSession = Depends(get_async_db),
 ) -> list[HistoryRunReadAggregated]:
     # Access control
-    await get_wftask_check_owner(
+    await get_wftask_check_access(
         project_id=project_id,
         dataset_id=dataset_id,
         workflowtask_id=workflowtask_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
 
@@ -276,11 +284,12 @@ async def get_history_run_units(
     pagination: PaginationRequest = Depends(get_pagination_params),
 ) -> PaginationResponse[HistoryUnitRead]:
     # Access control
-    await get_wftask_check_owner(
+    await get_wftask_check_access(
         project_id=project_id,
         dataset_id=dataset_id,
         workflowtask_id=workflowtask_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
 
@@ -335,11 +344,12 @@ async def get_history_images(
     pagination: PaginationRequest = Depends(get_pagination_params),
 ) -> ImagePage:
     # Access control and object retrieval
-    wftask = await get_wftask_check_owner(
+    wftask = await get_wftask_check_access(
         project_id=project_id,
         dataset_id=dataset_id,
         workflowtask_id=workflowtask_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
     res = await _verify_workflow_and_dataset_access(
@@ -347,6 +357,7 @@ async def get_history_images(
         workflow_id=wftask.workflow_id,
         dataset_id=dataset_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
     dataset = res["dataset"]
@@ -416,11 +427,12 @@ async def get_image_log(
     db: AsyncSession = Depends(get_async_db),
 ) -> JSONResponse:
     # Access control
-    wftask = await get_wftask_check_owner(
+    wftask = await get_wftask_check_access(
         project_id=project_id,
         dataset_id=request_data.dataset_id,
         workflowtask_id=request_data.workflowtask_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
 
@@ -444,11 +456,20 @@ async def get_image_log(
         db=db,
     )
 
+    # Get job.working_dir
+    res = await db.execute(
+        select(JobV2.working_dir)
+        .join(HistoryRun, HistoryRun.job_id == JobV2.id)
+        .where(HistoryRun.id == history_unit.history_run_id)
+    )
+    job_working_dir = res.scalar_one_or_none()
+
     # Get log or placeholder text
     log = read_log_file(
         logfile=history_unit.logfile,
-        wftask=wftask,
+        task_name=wftask.task.name,
         dataset_id=request_data.dataset_id,
+        job_working_dir=job_working_dir,
     )
     return JSONResponse(content=log)
 
@@ -464,11 +485,12 @@ async def get_history_unit_log(
     db: AsyncSession = Depends(get_async_db),
 ) -> JSONResponse:
     # Access control
-    wftask = await get_wftask_check_owner(
+    wftask = await get_wftask_check_access(
         project_id=project_id,
         dataset_id=dataset_id,
         workflowtask_id=workflowtask_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
 
@@ -495,11 +517,14 @@ async def get_history_unit_log(
         workflowtask_id=workflowtask_id,
     )
 
+    job = await db.get(JobV2, history_run.job_id)
+
     # Get log or placeholder text
     log = read_log_file(
         logfile=history_unit.logfile,
-        wftask=wftask,
+        task_name=wftask.task.name,
         dataset_id=dataset_id,
+        job_working_dir=job.working_dir,
     )
     return JSONResponse(content=log)
 
@@ -516,10 +541,11 @@ async def get_dataset_history(
     timestamp.
     """
     # Access control
-    await _get_dataset_check_owner(
+    await _get_dataset_check_access(
         project_id=project_id,
         dataset_id=dataset_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
 

fractal_server/app/routes/api/v2/images.py

@@ -8,15 +8,15 @@ from pydantic import Field
 from sqlalchemy.orm.attributes import flag_modified
 from sqlmodel import delete
 
-from ._aux_functions import _get_dataset_check_owner
 from fractal_server.app.db import AsyncSession
 from fractal_server.app.db import get_async_db
 from fractal_server.app.models import HistoryImageCache
 from fractal_server.app.models import UserOAuth
 from fractal_server.app.routes.auth import current_user_act_ver_prof
-from fractal_server.app.routes.pagination import get_pagination_params
 from fractal_server.app.routes.pagination import PaginationRequest
 from fractal_server.app.routes.pagination import PaginationResponse
+from fractal_server.app.routes.pagination import get_pagination_params
+from fractal_server.app.schemas.v2.sharing import ProjectPermissions
 from fractal_server.images import SingleImage
 from fractal_server.images import SingleImageUpdate
 from fractal_server.images.tools import aggregate_attributes
@@ -27,6 +27,8 @@ from fractal_server.types import AttributeFilters
 from fractal_server.types import ImageAttributeValue
 from fractal_server.types import TypeFilters
 
+from ._aux_functions import _get_dataset_check_access
+
 router = APIRouter()
 
 
@@ -63,8 +65,12 @@ async def post_new_image(
     user: UserOAuth = Depends(current_user_act_ver_prof),
     db: AsyncSession = Depends(get_async_db),
 ) -> Response:
-    output = await _get_dataset_check_owner(
-        project_id=project_id, dataset_id=dataset_id, user_id=user.id, db=db
+    output = await _get_dataset_check_access(
+        project_id=project_id,
+        dataset_id=dataset_id,
+        user_id=user.id,
+        required_permissions=ProjectPermissions.WRITE,
+        db=db,
     )
     dataset = output["dataset"]
 
@@ -118,8 +124,12 @@ async def query_dataset_images(
     page = pagination.page
     page_size = pagination.page_size
 
-    output = await _get_dataset_check_owner(
-        project_id=project_id, dataset_id=dataset_id, user_id=user.id, db=db
+    output = await _get_dataset_check_access(
+        project_id=project_id,
+        dataset_id=dataset_id,
+        user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
+        db=db,
     )
     dataset = output["dataset"]
     images = dataset.images
@@ -186,8 +196,12 @@ async def delete_dataset_images(
     user: UserOAuth = Depends(current_user_act_ver_prof),
     db: AsyncSession = Depends(get_async_db),
 ) -> Response:
-    output = await _get_dataset_check_owner(
-        project_id=project_id, dataset_id=dataset_id, user_id=user.id, db=db
+    output = await _get_dataset_check_access(
+        project_id=project_id,
+        dataset_id=dataset_id,
+        user_id=user.id,
+        required_permissions=ProjectPermissions.WRITE,
+        db=db,
     )
     dataset = output["dataset"]
 
@@ -230,10 +244,11 @@ async def patch_dataset_image(
     user: UserOAuth = Depends(current_user_act_ver_prof),
     db: AsyncSession = Depends(get_async_db),
 ):
-    output = await _get_dataset_check_owner(
+    output = await _get_dataset_check_access(
         project_id=project_id,
         dataset_id=dataset_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.WRITE,
         db=db,
     )
     db_dataset = output["dataset"]

fractal_server/app/routes/api/v2/job.py

@@ -10,21 +10,23 @@ from fastapi import status
 from fastapi.responses import StreamingResponse
 from sqlmodel import select
 
-from .....zip_tools import _zip_folder_to_byte_stream_iterator
-from ....db import AsyncSession
-from ....db import get_async_db
-from ....models.v2 import JobV2
-from ....models.v2 import ProjectV2
-from ....schemas.v2 import JobReadV2
-from ....schemas.v2 import JobStatusTypeV2
-from ...aux._job import _write_shutdown_file
-from ...aux._runner import _check_shutdown_is_supported
-from ._aux_functions import _get_job_check_owner
-from ._aux_functions import _get_project_check_owner
-from ._aux_functions import _get_workflow_check_owner
+from fractal_server.app.db import AsyncSession
+from fractal_server.app.db import get_async_db
 from fractal_server.app.models import UserOAuth
+from fractal_server.app.models.v2 import JobV2
+from fractal_server.app.models.v2 import LinkUserProjectV2
 from fractal_server.app.routes.auth import current_user_act_ver_prof
+from fractal_server.app.routes.aux._job import _write_shutdown_file
+from fractal_server.app.routes.aux._runner import _check_shutdown_is_supported
+from fractal_server.app.schemas.v2 import JobRead
+from fractal_server.app.schemas.v2 import JobStatusType
+from fractal_server.app.schemas.v2.sharing import ProjectPermissions
 from fractal_server.runner.filenames import WORKFLOW_LOG_FILENAME
+from fractal_server.zip_tools import _zip_folder_to_byte_stream_iterator
+
+from ._aux_functions import _get_job_check_access
+from ._aux_functions import _get_project_check_access
+from ._aux_functions import _get_workflow_check_access
 
 
 # https://docs.python.org/3/library/asyncio-task.html#asyncio.to_thread
@@ -37,19 +39,22 @@ async def zip_folder_threaded(folder: str) -> Iterator[bytes]:
 router = APIRouter()
 
 
-@router.get("/job/", response_model=list[JobReadV2])
+@router.get("/job/", response_model=list[JobRead])
 async def get_user_jobs(
     user: UserOAuth = Depends(current_user_act_ver_prof),
     log: bool = True,
     db: AsyncSession = Depends(get_async_db),
-) -> list[JobReadV2]:
+) -> list[JobRead]:
     """
     Returns all the jobs of the current user
     """
     stm = (
         select(JobV2)
-        .join(ProjectV2)
-        .where(ProjectV2.user_list.any(UserOAuth.id == user.id))
+        .join(
+            LinkUserProjectV2, LinkUserProjectV2.project_id == JobV2.project_id
+        )
+        .where(LinkUserProjectV2.user_id == user.id)
+        .where(LinkUserProjectV2.is_owner.is_(True))
     )
     res = await db.execute(stm)
     job_list = res.scalars().all()
@@ -63,19 +68,23 @@ async def get_user_jobs(
 
 @router.get(
     "/project/{project_id}/workflow/{workflow_id}/job/",
-    response_model=list[JobReadV2],
+    response_model=list[JobRead],
 )
 async def get_workflow_jobs(
     project_id: int,
     workflow_id: int,
     user: UserOAuth = Depends(current_user_act_ver_prof),
     db: AsyncSession = Depends(get_async_db),
-) -> list[JobReadV2] | None:
+) -> list[JobRead] | None:
     """
     Returns all the jobs related to a specific workflow
     """
-    await _get_workflow_check_owner(
-        project_id=project_id, workflow_id=workflow_id, user_id=user.id, db=db
+    await _get_workflow_check_access(
+        project_id=project_id,
+        workflow_id=workflow_id,
+        user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
+        db=db,
     )
     stm = select(JobV2).where(JobV2.workflow_id == workflow_id)
     res = await db.execute(stm)
@@ -90,9 +99,13 @@ async def get_latest_job(
     dataset_id: int,
     user: UserOAuth = Depends(current_user_act_ver_prof),
     db: AsyncSession = Depends(get_async_db),
-) -> JobReadV2:
-    await _get_workflow_check_owner(
-        project_id=project_id, workflow_id=workflow_id, user_id=user.id, db=db
+) -> JobRead:
+    await _get_workflow_check_access(
+        project_id=project_id,
+        workflow_id=workflow_id,
+        user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
+        db=db,
     )
     stm = (
         select(JobV2)
@@ -114,7 +127,7 @@ async def get_latest_job(
 
 @router.get(
     "/project/{project_id}/job/{job_id}/",
-    response_model=JobReadV2,
+    response_model=JobRead,
 )
 async def read_job(
     project_id: int,
@@ -122,21 +135,22 @@ async def read_job(
     show_tmp_logs: bool = False,
     user: UserOAuth = Depends(current_user_act_ver_prof),
     db: AsyncSession = Depends(get_async_db),
-) -> JobReadV2 | None:
+) -> JobRead | None:
     """
     Return info on an existing job
     """
 
-    output = await _get_job_check_owner(
+    output = await _get_job_check_access(
         project_id=project_id,
         job_id=job_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
     job = output["job"]
     await db.close()
 
-    if show_tmp_logs and (job.status == JobStatusTypeV2.SUBMITTED):
+    if show_tmp_logs and (job.status == JobStatusType.SUBMITTED):
         try:
             with open(f"{job.working_dir}/{WORKFLOW_LOG_FILENAME}") as f:
                 job.log = f.read()
@@ -159,10 +173,11 @@ async def download_job_logs(
     """
     Download zipped job folder
     """
-    output = await _get_job_check_owner(
+    output = await _get_job_check_access(
         project_id=project_id,
         job_id=job_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
     job = output["job"]
@@ -179,19 +194,22 @@ async def download_job_logs(
 
 @router.get(
     "/project/{project_id}/job/",
-    response_model=list[JobReadV2],
+    response_model=list[JobRead],
 )
 async def get_job_list(
     project_id: int,
     user: UserOAuth = Depends(current_user_act_ver_prof),
     log: bool = True,
     db: AsyncSession = Depends(get_async_db),
-) -> list[JobReadV2] | None:
+) -> list[JobRead] | None:
     """
     Get job list for given project
     """
-    project = await _get_project_check_owner(
-        project_id=project_id, user_id=user.id, db=db
+    project = await _get_project_check_access(
+        project_id=project_id,
+        user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
+        db=db,
     )
 
     stm = select(JobV2).where(JobV2.project_id == project.id)
@@ -222,10 +240,11 @@ async def stop_job(
     _check_shutdown_is_supported()
 
     # Get job from DB
-    output = await _get_job_check_owner(
+    output = await _get_job_check_access(
         project_id=project_id,
         job_id=job_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.EXECUTE,
         db=db,
     )
     job = output["job"]

fractal_server/app/routes/api/v2/pre_submission_checks.py

@@ -5,21 +5,23 @@ from fastapi.responses import JSONResponse
 from pydantic import BaseModel
 from pydantic import Field
 
-from ._aux_functions import _get_dataset_check_owner
-from ._aux_functions import _get_workflow_task_check_owner
-from .images import ImageQuery
 from fractal_server.app.db import AsyncSession
 from fractal_server.app.db import get_async_db
 from fractal_server.app.models import UserOAuth
 from fractal_server.app.routes.auth import current_user_act_ver_prof
 from fractal_server.app.schemas.v2 import HistoryUnitStatus
 from fractal_server.app.schemas.v2 import TaskType
-from fractal_server.images.status_tools import enrich_images_unsorted_async
+from fractal_server.app.schemas.v2.sharing import ProjectPermissions
 from fractal_server.images.status_tools import IMAGE_STATUS_KEY
+from fractal_server.images.status_tools import enrich_images_unsorted_async
 from fractal_server.images.tools import aggregate_types
 from fractal_server.images.tools import filter_image_list
 from fractal_server.types import AttributeFilters
 
+from ._aux_functions import _get_dataset_check_access
+from ._aux_functions import _get_workflow_task_check_access
+from .images import ImageQuery
+
 router = APIRouter()
 
 
@@ -36,8 +38,12 @@ async def verify_unique_types(
     db: AsyncSession = Depends(get_async_db),
 ) -> list[str]:
     # Get dataset
-    output = await _get_dataset_check_owner(
-        project_id=project_id, dataset_id=dataset_id, user_id=user.id, db=db
+    output = await _get_dataset_check_access(
+        project_id=project_id,
+        dataset_id=dataset_id,
+        user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
+        db=db,
     )
     dataset = output["dataset"]
 
@@ -96,11 +102,12 @@ async def check_non_processed_images(
     user: UserOAuth = Depends(current_user_act_ver_prof),
     db: AsyncSession = Depends(get_async_db),
 ) -> JSONResponse:
-    db_workflow_task, db_workflow = await _get_workflow_task_check_owner(
+    db_workflow_task, db_workflow = await _get_workflow_task_check_access(
         project_id=project_id,
         workflow_task_id=workflowtask_id,
         workflow_id=workflow_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
 
@@ -120,10 +127,11 @@ async def check_non_processed_images(
         # Skip check if previous task is converter
         return JSONResponse(status_code=200, content=[])
 
-    res = await _get_dataset_check_owner(
+    res = await _get_dataset_check_access(
         project_id=project_id,
         dataset_id=dataset_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
     dataset = res["dataset"]