fractal-server 2.17.2__py3-none-any.whl → 2.18.0__py3-none-any.whl

fractal_server/app/routes/api/v2/dataset.py

@@ -1,3 +1,6 @@
+import os
+from pathlib import Path
+
 from fastapi import APIRouter
 from fastapi import Depends
 from fastapi import HTTPException
@@ -11,16 +14,17 @@ from fractal_server.app.models import UserOAuth
 from fractal_server.app.models.v2 import DatasetV2
 from fractal_server.app.models.v2 import JobV2
 from fractal_server.app.routes.auth import current_user_act_ver_prof
-from fractal_server.app.schemas.v2 import DatasetCreateV2
-from fractal_server.app.schemas.v2 import DatasetReadV2
-from fractal_server.app.schemas.v2 import DatasetUpdateV2
-from fractal_server.app.schemas.v2.dataset import DatasetExportV2
-from fractal_server.app.schemas.v2.dataset import DatasetImportV2
+from fractal_server.app.schemas.v2 import DatasetCreate
+from fractal_server.app.schemas.v2 import DatasetRead
+from fractal_server.app.schemas.v2 import DatasetUpdate
+from fractal_server.app.schemas.v2.dataset import DatasetExport
+from fractal_server.app.schemas.v2.dataset import DatasetImport
+from fractal_server.app.schemas.v2.sharing import ProjectPermissions
 from fractal_server.string_tools import sanitize_string
 from fractal_server.urls import normalize_url
 
-from ._aux_functions import _get_dataset_check_owner
-from ._aux_functions import _get_project_check_owner
+from ._aux_functions import _get_dataset_check_access
+from ._aux_functions import _get_project_check_access
 from ._aux_functions import _get_submitted_jobs_statement
 
 router = APIRouter()
@@ -28,66 +32,82 @@ router = APIRouter()
 
 @router.post(
     "/project/{project_id}/dataset/",
-    response_model=DatasetReadV2,
+    response_model=DatasetRead,
     status_code=status.HTTP_201_CREATED,
 )
 async def create_dataset(
     project_id: int,
-    dataset: DatasetCreateV2,
+    dataset: DatasetCreate,
     user: UserOAuth = Depends(current_user_act_ver_prof),
     db: AsyncSession = Depends(get_async_db),
-) -> DatasetReadV2 | None:
+) -> DatasetRead | None:
     """
     Add new dataset to current project
     """
-    project = await _get_project_check_owner(
-        project_id=project_id, user_id=user.id, db=db
+    project = await _get_project_check_access(
+        project_id=project_id,
+        user_id=user.id,
+        required_permissions=ProjectPermissions.WRITE,
+        db=db,
     )
 
-    if dataset.zarr_dir is None:
-        db_dataset = DatasetV2(
-            project_id=project_id,
-            zarr_dir="__PLACEHOLDER__",
-            **dataset.model_dump(exclude={"zarr_dir"}),
-        )
-        db.add(db_dataset)
-        await db.commit()
-        await db.refresh(db_dataset)
-        path = (
-            f"{user.project_dir}/fractal/"
-            f"{project_id}_{sanitize_string(project.name)}/"
+    db_dataset = DatasetV2(
+        project_id=project_id,
+        zarr_dir="__PLACEHOLDER__",
+        **dataset.model_dump(exclude={"project_dir", "zarr_subfolder"}),
+    )
+    db.add(db_dataset)
+    await db.commit()
+    await db.refresh(db_dataset)
+
+    if dataset.project_dir is None:
+        project_dir = user.project_dirs[0]
+    else:
+        if dataset.project_dir not in user.project_dirs:
+            await db.delete(db_dataset)
+            await db.commit()
+            raise HTTPException(
+                status_code=status.HTTP_403_FORBIDDEN,
+                detail=f"You are not allowed to use {dataset.project_dir=}.",
+            )
+        project_dir = dataset.project_dir
+
+    if dataset.zarr_subfolder is None:
+        zarr_subfolder = (
+            f"fractal/{project_id}_{sanitize_string(project.name)}/"
             f"{db_dataset.id}_{sanitize_string(db_dataset.name)}"
         )
-        normalized_path = normalize_url(path)
-        db_dataset.zarr_dir = normalized_path
-
-        db.add(db_dataset)
-        await db.commit()
-        await db.refresh(db_dataset)
     else:
-        db_dataset = DatasetV2(project_id=project_id, **dataset.model_dump())
-        db.add(db_dataset)
-        await db.commit()
-        await db.refresh(db_dataset)
+        zarr_subfolder = dataset.zarr_subfolder
+
+    zarr_dir = os.path.join(project_dir, zarr_subfolder)
+    db_dataset.zarr_dir = normalize_url(zarr_dir)
+
+    db.add(db_dataset)
+    await db.commit()
+    await db.refresh(db_dataset)
 
     return db_dataset
 
 
 @router.get(
     "/project/{project_id}/dataset/",
-    response_model=list[DatasetReadV2],
+    response_model=list[DatasetRead],
 )
 async def read_dataset_list(
     project_id: int,
     user: UserOAuth = Depends(current_user_act_ver_prof),
     db: AsyncSession = Depends(get_async_db),
-) -> list[DatasetReadV2] | None:
+) -> list[DatasetRead] | None:
     """
     Get dataset list for given project
     """
     # Access control
-    project = await _get_project_check_owner(
-        project_id=project_id, user_id=user.id, db=db
+    project = await _get_project_check_access(
+        project_id=project_id,
+        user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
+        db=db,
     )
     # Find datasets of the current project. Note: this select/where approach
     # has much better scaling than refreshing all elements of
@@ -96,72 +116,62 @@ async def read_dataset_list(
     stm = select(DatasetV2).where(DatasetV2.project_id == project.id)
     res = await db.execute(stm)
     dataset_list = res.scalars().all()
-    await db.close()
     return dataset_list
 
 
 @router.get(
     "/project/{project_id}/dataset/{dataset_id}/",
-    response_model=DatasetReadV2,
+    response_model=DatasetRead,
 )
 async def read_dataset(
     project_id: int,
     dataset_id: int,
     user: UserOAuth = Depends(current_user_act_ver_prof),
     db: AsyncSession = Depends(get_async_db),
-) -> DatasetReadV2 | None:
+) -> DatasetRead | None:
     """
     Get info on a dataset associated to the current project
     """
-    output = await _get_dataset_check_owner(
+    output = await _get_dataset_check_access(
         project_id=project_id,
         dataset_id=dataset_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
     dataset = output["dataset"]
-    await db.close()
     return dataset
 
 
 @router.patch(
     "/project/{project_id}/dataset/{dataset_id}/",
-    response_model=DatasetReadV2,
+    response_model=DatasetRead,
 )
 async def update_dataset(
     project_id: int,
     dataset_id: int,
-    dataset_update: DatasetUpdateV2,
+    dataset_update: DatasetUpdate,
     user: UserOAuth = Depends(current_user_act_ver_prof),
     db: AsyncSession = Depends(get_async_db),
-) -> DatasetReadV2 | None:
+) -> DatasetRead | None:
     """
     Edit a dataset associated to the current project
     """
 
-    output = await _get_dataset_check_owner(
+    output = await _get_dataset_check_access(
         project_id=project_id,
         dataset_id=dataset_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.WRITE,
         db=db,
     )
     db_dataset = output["dataset"]
 
-    if (dataset_update.zarr_dir is not None) and (len(db_dataset.images) != 0):
-        raise HTTPException(
-            status_code=status.HTTP_422_UNPROCESSABLE_CONTENT,
-            detail=(
-                "Cannot modify `zarr_dir` because the dataset has a non-empty "
-                "image list."
-            ),
-        )
-
     for key, value in dataset_update.model_dump(exclude_unset=True).items():
         setattr(db_dataset, key, value)
 
     await db.commit()
     await db.refresh(db_dataset)
-    await db.close()
     return db_dataset
 
 
@@ -178,10 +188,11 @@ async def delete_dataset(
     """
     Delete a dataset associated to the current project
     """
-    output = await _get_dataset_check_owner(
+    output = await _get_dataset_check_access(
         project_id=project_id,
         dataset_id=dataset_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.WRITE,
         db=db,
     )
     dataset = output["dataset"]
@@ -210,25 +221,24 @@ async def delete_dataset(
 
 @router.get(
     "/project/{project_id}/dataset/{dataset_id}/export/",
-    response_model=DatasetExportV2,
+    response_model=DatasetExport,
 )
 async def export_dataset(
     project_id: int,
     dataset_id: int,
     user: UserOAuth = Depends(current_user_act_ver_prof),
     db: AsyncSession = Depends(get_async_db),
-) -> DatasetExportV2 | None:
+) -> DatasetExport | None:
     """
     Export an existing dataset
     """
-    dict_dataset_project = await _get_dataset_check_owner(
+    dict_dataset_project = await _get_dataset_check_access(
         project_id=project_id,
         dataset_id=dataset_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
-    await db.close()
-
     dataset = dict_dataset_project["dataset"]
 
     return dataset
@@ -236,35 +246,38 @@ async def export_dataset(
 
 @router.post(
     "/project/{project_id}/dataset/import/",
-    response_model=DatasetReadV2,
+    response_model=DatasetRead,
     status_code=status.HTTP_201_CREATED,
 )
 async def import_dataset(
     project_id: int,
-    dataset: DatasetImportV2,
+    dataset: DatasetImport,
     user: UserOAuth = Depends(current_user_act_ver_prof),
     db: AsyncSession = Depends(get_async_db),
-) -> DatasetReadV2 | None:
+) -> DatasetRead | None:
     """
     Import an existing dataset into a project
     """
 
     # Preliminary checks
-    await _get_project_check_owner(
+    await _get_project_check_access(
         project_id=project_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.WRITE,
         db=db,
     )
 
-    for image in dataset.images:
-        if not image.zarr_url.startswith(dataset.zarr_dir):
-            raise HTTPException(
-                status_code=status.HTTP_422_UNPROCESSABLE_CONTENT,
-                detail=(
-                    f"Cannot import dataset: zarr_url {image.zarr_url} is not "
-                    f"relative to zarr_dir={dataset.zarr_dir}."
-                ),
-            )
+    if not any(
+        Path(dataset.zarr_dir).is_relative_to(project_dir)
+        for project_dir in user.project_dirs
+    ):
+        raise HTTPException(
+            status_code=status.HTTP_422_UNPROCESSABLE_CONTENT,
+            detail=(
+                f"{dataset.zarr_dir=} is not relative to any of user's project "
+                "dirs."
+            ),
+        )
 
     # Create new Dataset
     db_dataset = DatasetV2(
@@ -274,6 +287,5 @@ async def import_dataset(
     db.add(db_dataset)
     await db.commit()
     await db.refresh(db_dataset)
-    await db.close()
 
     return db_dataset

fractal_server/app/routes/api/v2/history.py

@@ -24,6 +24,7 @@ from fractal_server.app.schemas.v2 import HistoryUnitRead
 from fractal_server.app.schemas.v2 import HistoryUnitStatus
 from fractal_server.app.schemas.v2 import HistoryUnitStatusWithUnset
 from fractal_server.app.schemas.v2 import ImageLogsRequest
+from fractal_server.app.schemas.v2.sharing import ProjectPermissions
 from fractal_server.images.status_tools import IMAGE_STATUS_KEY
 from fractal_server.images.status_tools import enrich_images_unsorted_async
 from fractal_server.images.tools import aggregate_attributes
@@ -31,13 +32,13 @@ from fractal_server.images.tools import aggregate_types
 from fractal_server.images.tools import filter_image_list
 from fractal_server.logger import set_logger
 
-from ._aux_functions import _get_dataset_check_owner
-from ._aux_functions import _get_submitted_job_or_none
-from ._aux_functions import _get_workflow_check_owner
+from ._aux_functions import _get_dataset_check_access
+from ._aux_functions import _get_submitted_jobs_statement
+from ._aux_functions import _get_workflow_check_access
 from ._aux_functions_history import _verify_workflow_and_dataset_access
 from ._aux_functions_history import get_history_run_or_404
 from ._aux_functions_history import get_history_unit_or_404
-from ._aux_functions_history import get_wftask_check_owner
+from ._aux_functions_history import get_wftask_check_access
 from ._aux_functions_history import read_log_file
 from .images import ImagePage
 from .images import ImageQuery
@@ -74,24 +75,28 @@ async def get_workflow_tasks_statuses(
     db: AsyncSession = Depends(get_async_db),
 ) -> JSONResponse:
     # Access control
-    workflow = await _get_workflow_check_owner(
+    workflow = await _get_workflow_check_access(
         project_id=project_id,
         workflow_id=workflow_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
-    await _get_dataset_check_owner(
+    await _get_dataset_check_access(
         project_id=project_id,
         dataset_id=dataset_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
 
-    running_job = await _get_submitted_job_or_none(
-        db=db,
-        dataset_id=dataset_id,
-        workflow_id=workflow_id,
+    res = await db.execute(
+        _get_submitted_jobs_statement()
+        .where(JobV2.dataset_id == dataset_id)
+        .where(JobV2.workflow_id == workflow_id)
     )
+    running_job = res.scalars().one_or_none()
+
     if running_job is not None:
         running_wftasks = workflow.task_list[
             running_job.first_task_index : running_job.last_task_index + 1
@@ -185,11 +190,12 @@ async def get_history_run_list(
     db: AsyncSession = Depends(get_async_db),
 ) -> list[HistoryRunReadAggregated]:
     # Access control
-    await get_wftask_check_owner(
+    await get_wftask_check_access(
         project_id=project_id,
         dataset_id=dataset_id,
         workflowtask_id=workflowtask_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
 
@@ -278,11 +284,12 @@ async def get_history_run_units(
     pagination: PaginationRequest = Depends(get_pagination_params),
 ) -> PaginationResponse[HistoryUnitRead]:
     # Access control
-    await get_wftask_check_owner(
+    await get_wftask_check_access(
         project_id=project_id,
         dataset_id=dataset_id,
         workflowtask_id=workflowtask_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
 
@@ -337,11 +344,12 @@ async def get_history_images(
     pagination: PaginationRequest = Depends(get_pagination_params),
 ) -> ImagePage:
     # Access control and object retrieval
-    wftask = await get_wftask_check_owner(
+    wftask = await get_wftask_check_access(
         project_id=project_id,
         dataset_id=dataset_id,
         workflowtask_id=workflowtask_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
     res = await _verify_workflow_and_dataset_access(
@@ -349,6 +357,7 @@ async def get_history_images(
         workflow_id=wftask.workflow_id,
         dataset_id=dataset_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
     dataset = res["dataset"]
@@ -418,11 +427,12 @@ async def get_image_log(
     db: AsyncSession = Depends(get_async_db),
 ) -> JSONResponse:
     # Access control
-    wftask = await get_wftask_check_owner(
+    wftask = await get_wftask_check_access(
         project_id=project_id,
         dataset_id=request_data.dataset_id,
         workflowtask_id=request_data.workflowtask_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
 
@@ -475,11 +485,12 @@ async def get_history_unit_log(
     db: AsyncSession = Depends(get_async_db),
 ) -> JSONResponse:
     # Access control
-    wftask = await get_wftask_check_owner(
+    wftask = await get_wftask_check_access(
         project_id=project_id,
         dataset_id=dataset_id,
         workflowtask_id=workflowtask_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
 
@@ -530,10 +541,11 @@ async def get_dataset_history(
     timestamp.
     """
     # Access control
-    await _get_dataset_check_owner(
+    await _get_dataset_check_access(
         project_id=project_id,
         dataset_id=dataset_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
 

fractal_server/app/routes/api/v2/images.py

@@ -16,6 +16,7 @@ from fractal_server.app.routes.auth import current_user_act_ver_prof
 from fractal_server.app.routes.pagination import PaginationRequest
 from fractal_server.app.routes.pagination import PaginationResponse
 from fractal_server.app.routes.pagination import get_pagination_params
+from fractal_server.app.schemas.v2.sharing import ProjectPermissions
 from fractal_server.images import SingleImage
 from fractal_server.images import SingleImageUpdate
 from fractal_server.images.tools import aggregate_attributes
@@ -26,7 +27,7 @@ from fractal_server.types import AttributeFilters
 from fractal_server.types import ImageAttributeValue
 from fractal_server.types import TypeFilters
 
-from ._aux_functions import _get_dataset_check_owner
+from ._aux_functions import _get_dataset_check_access
 
 router = APIRouter()
 
@@ -64,8 +65,12 @@ async def post_new_image(
     user: UserOAuth = Depends(current_user_act_ver_prof),
     db: AsyncSession = Depends(get_async_db),
 ) -> Response:
-    output = await _get_dataset_check_owner(
-        project_id=project_id, dataset_id=dataset_id, user_id=user.id, db=db
+    output = await _get_dataset_check_access(
+        project_id=project_id,
+        dataset_id=dataset_id,
+        user_id=user.id,
+        required_permissions=ProjectPermissions.WRITE,
+        db=db,
     )
     dataset = output["dataset"]
 
@@ -119,8 +124,12 @@ async def query_dataset_images(
     page = pagination.page
     page_size = pagination.page_size
 
-    output = await _get_dataset_check_owner(
-        project_id=project_id, dataset_id=dataset_id, user_id=user.id, db=db
+    output = await _get_dataset_check_access(
+        project_id=project_id,
+        dataset_id=dataset_id,
+        user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
+        db=db,
     )
     dataset = output["dataset"]
     images = dataset.images
@@ -187,8 +196,12 @@ async def delete_dataset_images(
     user: UserOAuth = Depends(current_user_act_ver_prof),
     db: AsyncSession = Depends(get_async_db),
 ) -> Response:
-    output = await _get_dataset_check_owner(
-        project_id=project_id, dataset_id=dataset_id, user_id=user.id, db=db
+    output = await _get_dataset_check_access(
+        project_id=project_id,
+        dataset_id=dataset_id,
+        user_id=user.id,
+        required_permissions=ProjectPermissions.WRITE,
+        db=db,
     )
     dataset = output["dataset"]
 
@@ -231,10 +244,11 @@ async def patch_dataset_image(
     user: UserOAuth = Depends(current_user_act_ver_prof),
     db: AsyncSession = Depends(get_async_db),
 ):
-    output = await _get_dataset_check_owner(
+    output = await _get_dataset_check_access(
         project_id=project_id,
         dataset_id=dataset_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.WRITE,
         db=db,
     )
     db_dataset = output["dataset"]