PyPI - fractal-server - Versions diffs - 2.17.2__py3-none-any.whl → 2.18.0a0__py3-none-any.whl - Mend

fractal-server 2.17.2py3-none-any.whl → 2.18.0a0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (34) hide show

fractal_server/app/routes/api/v2/dataset.py CHANGED Viewed

@@ -16,11 +16,12 @@ from fractal_server.app.schemas.v2 import DatasetReadV2
 from fractal_server.app.schemas.v2 import DatasetUpdateV2
 from fractal_server.app.schemas.v2.dataset import DatasetExportV2
 from fractal_server.app.schemas.v2.dataset import DatasetImportV2
+from fractal_server.app.schemas.v2.sharing import ProjectPermissions
 from fractal_server.string_tools import sanitize_string
 from fractal_server.urls import normalize_url
-from ._aux_functions import _get_dataset_check_owner
-from ._aux_functions import _get_project_check_owner
+from ._aux_functions import _get_dataset_check_access
+from ._aux_functions import _get_project_check_access
 from ._aux_functions import _get_submitted_jobs_statement
 router = APIRouter()
@@ -40,8 +41,11 @@ async def create_dataset(
     """
     Add new dataset to current project
     """
-    project = await _get_project_check_owner(
-        project_id=project_id, user_id=user.id, db=db
+    project = await _get_project_check_access(
+        project_id=project_id,
+        user_id=user.id,
+        required_permissions=ProjectPermissions.WRITE,
+        db=db,
     )
     if dataset.zarr_dir is None:
@@ -86,8 +90,11 @@ async def read_dataset_list(
     Get dataset list for given project
     """
     # Access control
-    project = await _get_project_check_owner(
-        project_id=project_id, user_id=user.id, db=db
+    project = await _get_project_check_access(
+        project_id=project_id,
+        user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
+        db=db,
     )
     # Find datasets of the current project. Note: this select/where approach
     # has much better scaling than refreshing all elements of
@@ -96,7 +103,6 @@ async def read_dataset_list(
     stm = select(DatasetV2).where(DatasetV2.project_id == project.id)
     res = await db.execute(stm)
     dataset_list = res.scalars().all()
-    await db.close()
     return dataset_list
@@ -113,14 +119,14 @@ async def read_dataset(
     """
     Get info on a dataset associated to the current project
     """
-    output = await _get_dataset_check_owner(
+    output = await _get_dataset_check_access(
         project_id=project_id,
         dataset_id=dataset_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
     dataset = output["dataset"]
-    await db.close()
     return dataset
@@ -139,10 +145,11 @@ async def update_dataset(
     Edit a dataset associated to the current project
     """
-    output = await _get_dataset_check_owner(
+    output = await _get_dataset_check_access(
         project_id=project_id,
         dataset_id=dataset_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.WRITE,
         db=db,
     )
     db_dataset = output["dataset"]
@@ -161,7 +168,6 @@ async def update_dataset(
     await db.commit()
     await db.refresh(db_dataset)
-    await db.close()
     return db_dataset
@@ -178,10 +184,11 @@ async def delete_dataset(
     """
     Delete a dataset associated to the current project
     """
-    output = await _get_dataset_check_owner(
+    output = await _get_dataset_check_access(
         project_id=project_id,
         dataset_id=dataset_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.WRITE,
         db=db,
     )
     dataset = output["dataset"]
@@ -221,14 +228,13 @@ async def export_dataset(
     """
     Export an existing dataset
     """
-    dict_dataset_project = await _get_dataset_check_owner(
+    dict_dataset_project = await _get_dataset_check_access(
         project_id=project_id,
         dataset_id=dataset_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
-    await db.close()
     dataset = dict_dataset_project["dataset"]
     return dataset
@@ -250,9 +256,10 @@ async def import_dataset(
     """
     # Preliminary checks
-    await _get_project_check_owner(
+    await _get_project_check_access(
         project_id=project_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.WRITE,
         db=db,
     )
@@ -274,6 +281,5 @@ async def import_dataset(
     db.add(db_dataset)
     await db.commit()
     await db.refresh(db_dataset)
-    await db.close()
     return db_dataset

fractal_server/app/routes/api/v2/history.py CHANGED Viewed

@@ -24,6 +24,7 @@ from fractal_server.app.schemas.v2 import HistoryUnitRead
 from fractal_server.app.schemas.v2 import HistoryUnitStatus
 from fractal_server.app.schemas.v2 import HistoryUnitStatusWithUnset
 from fractal_server.app.schemas.v2 import ImageLogsRequest
+from fractal_server.app.schemas.v2.sharing import ProjectPermissions
 from fractal_server.images.status_tools import IMAGE_STATUS_KEY
 from fractal_server.images.status_tools import enrich_images_unsorted_async
 from fractal_server.images.tools import aggregate_attributes
@@ -31,13 +32,13 @@ from fractal_server.images.tools import aggregate_types
 from fractal_server.images.tools import filter_image_list
 from fractal_server.logger import set_logger
-from ._aux_functions import _get_dataset_check_owner
+from ._aux_functions import _get_dataset_check_access
 from ._aux_functions import _get_submitted_job_or_none
-from ._aux_functions import _get_workflow_check_owner
+from ._aux_functions import _get_workflow_check_access
 from ._aux_functions_history import _verify_workflow_and_dataset_access
 from ._aux_functions_history import get_history_run_or_404
 from ._aux_functions_history import get_history_unit_or_404
-from ._aux_functions_history import get_wftask_check_owner
+from ._aux_functions_history import get_wftask_check_access
 from ._aux_functions_history import read_log_file
 from .images import ImagePage
 from .images import ImageQuery
@@ -74,16 +75,18 @@ async def get_workflow_tasks_statuses(
     db: AsyncSession = Depends(get_async_db),
 ) -> JSONResponse:
     # Access control
-    workflow = await _get_workflow_check_owner(
+    workflow = await _get_workflow_check_access(
         project_id=project_id,
         workflow_id=workflow_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
-    await _get_dataset_check_owner(
+    await _get_dataset_check_access(
         project_id=project_id,
         dataset_id=dataset_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
@@ -185,11 +188,12 @@ async def get_history_run_list(
     db: AsyncSession = Depends(get_async_db),
 ) -> list[HistoryRunReadAggregated]:
     # Access control
-    await get_wftask_check_owner(
+    await get_wftask_check_access(
         project_id=project_id,
         dataset_id=dataset_id,
         workflowtask_id=workflowtask_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
@@ -278,11 +282,12 @@ async def get_history_run_units(
     pagination: PaginationRequest = Depends(get_pagination_params),
 ) -> PaginationResponse[HistoryUnitRead]:
     # Access control
-    await get_wftask_check_owner(
+    await get_wftask_check_access(
         project_id=project_id,
         dataset_id=dataset_id,
         workflowtask_id=workflowtask_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
@@ -337,11 +342,12 @@ async def get_history_images(
     pagination: PaginationRequest = Depends(get_pagination_params),
 ) -> ImagePage:
     # Access control and object retrieval
-    wftask = await get_wftask_check_owner(
+    wftask = await get_wftask_check_access(
         project_id=project_id,
         dataset_id=dataset_id,
         workflowtask_id=workflowtask_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
     res = await _verify_workflow_and_dataset_access(
@@ -349,6 +355,7 @@ async def get_history_images(
         workflow_id=wftask.workflow_id,
         dataset_id=dataset_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
     dataset = res["dataset"]
@@ -418,11 +425,12 @@ async def get_image_log(
     db: AsyncSession = Depends(get_async_db),
 ) -> JSONResponse:
     # Access control
-    wftask = await get_wftask_check_owner(
+    wftask = await get_wftask_check_access(
         project_id=project_id,
         dataset_id=request_data.dataset_id,
         workflowtask_id=request_data.workflowtask_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
@@ -475,11 +483,12 @@ async def get_history_unit_log(
     db: AsyncSession = Depends(get_async_db),
 ) -> JSONResponse:
     # Access control
-    wftask = await get_wftask_check_owner(
+    wftask = await get_wftask_check_access(
         project_id=project_id,
         dataset_id=dataset_id,
         workflowtask_id=workflowtask_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
@@ -530,10 +539,11 @@ async def get_dataset_history(
     timestamp.
     """
     # Access control
-    await _get_dataset_check_owner(
+    await _get_dataset_check_access(
         project_id=project_id,
         dataset_id=dataset_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )

fractal_server/app/routes/api/v2/images.py CHANGED Viewed

@@ -16,6 +16,7 @@ from fractal_server.app.routes.auth import current_user_act_ver_prof
 from fractal_server.app.routes.pagination import PaginationRequest
 from fractal_server.app.routes.pagination import PaginationResponse
 from fractal_server.app.routes.pagination import get_pagination_params
+from fractal_server.app.schemas.v2.sharing import ProjectPermissions
 from fractal_server.images import SingleImage
 from fractal_server.images import SingleImageUpdate
 from fractal_server.images.tools import aggregate_attributes
@@ -26,7 +27,7 @@ from fractal_server.types import AttributeFilters
 from fractal_server.types import ImageAttributeValue
 from fractal_server.types import TypeFilters
-from ._aux_functions import _get_dataset_check_owner
+from ._aux_functions import _get_dataset_check_access
 router = APIRouter()
@@ -64,8 +65,12 @@ async def post_new_image(
     user: UserOAuth = Depends(current_user_act_ver_prof),
     db: AsyncSession = Depends(get_async_db),
 ) -> Response:
-    output = await _get_dataset_check_owner(
-        project_id=project_id, dataset_id=dataset_id, user_id=user.id, db=db
+    output = await _get_dataset_check_access(
+        project_id=project_id,
+        dataset_id=dataset_id,
+        user_id=user.id,
+        required_permissions=ProjectPermissions.WRITE,
+        db=db,
     )
     dataset = output["dataset"]
@@ -119,8 +124,12 @@ async def query_dataset_images(
     page = pagination.page
     page_size = pagination.page_size
-    output = await _get_dataset_check_owner(
-        project_id=project_id, dataset_id=dataset_id, user_id=user.id, db=db
+    output = await _get_dataset_check_access(
+        project_id=project_id,
+        dataset_id=dataset_id,
+        user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
+        db=db,
     )
     dataset = output["dataset"]
     images = dataset.images
@@ -187,8 +196,12 @@ async def delete_dataset_images(
     user: UserOAuth = Depends(current_user_act_ver_prof),
     db: AsyncSession = Depends(get_async_db),
 ) -> Response:
-    output = await _get_dataset_check_owner(
-        project_id=project_id, dataset_id=dataset_id, user_id=user.id, db=db
+    output = await _get_dataset_check_access(
+        project_id=project_id,
+        dataset_id=dataset_id,
+        user_id=user.id,
+        required_permissions=ProjectPermissions.WRITE,
+        db=db,
     )
     dataset = output["dataset"]
@@ -231,10 +244,11 @@ async def patch_dataset_image(
     user: UserOAuth = Depends(current_user_act_ver_prof),
     db: AsyncSession = Depends(get_async_db),
 ):
-    output = await _get_dataset_check_owner(
+    output = await _get_dataset_check_access(
         project_id=project_id,
         dataset_id=dataset_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.WRITE,
         db=db,
     )
     db_dataset = output["dataset"]

fractal_server/app/routes/api/v2/job.py CHANGED Viewed

@@ -20,12 +20,13 @@ from fractal_server.app.routes.aux._job import _write_shutdown_file
 from fractal_server.app.routes.aux._runner import _check_shutdown_is_supported
 from fractal_server.app.schemas.v2 import JobReadV2
 from fractal_server.app.schemas.v2 import JobStatusTypeV2
+from fractal_server.app.schemas.v2.sharing import ProjectPermissions
 from fractal_server.runner.filenames import WORKFLOW_LOG_FILENAME
 from fractal_server.zip_tools import _zip_folder_to_byte_stream_iterator
-from ._aux_functions import _get_job_check_owner
-from ._aux_functions import _get_project_check_owner
-from ._aux_functions import _get_workflow_check_owner
+from ._aux_functions import _get_job_check_access
+from ._aux_functions import _get_project_check_access
+from ._aux_functions import _get_workflow_check_access
 # https://docs.python.org/3/library/asyncio-task.html#asyncio.to_thread
@@ -53,6 +54,7 @@ async def get_user_jobs(
             LinkUserProjectV2, LinkUserProjectV2.project_id == JobV2.project_id
         )
         .where(LinkUserProjectV2.user_id == user.id)
+        .where(LinkUserProjectV2.is_owner.is_(True))
     )
     res = await db.execute(stm)
     job_list = res.scalars().all()
@@ -77,8 +79,12 @@ async def get_workflow_jobs(
     """
     Returns all the jobs related to a specific workflow
     """
-    await _get_workflow_check_owner(
-        project_id=project_id, workflow_id=workflow_id, user_id=user.id, db=db
+    await _get_workflow_check_access(
+        project_id=project_id,
+        workflow_id=workflow_id,
+        user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
+        db=db,
     )
     stm = select(JobV2).where(JobV2.workflow_id == workflow_id)
     res = await db.execute(stm)
@@ -94,8 +100,12 @@ async def get_latest_job(
     user: UserOAuth = Depends(current_user_act_ver_prof),
     db: AsyncSession = Depends(get_async_db),
 ) -> JobReadV2:
-    await _get_workflow_check_owner(
-        project_id=project_id, workflow_id=workflow_id, user_id=user.id, db=db
+    await _get_workflow_check_access(
+        project_id=project_id,
+        workflow_id=workflow_id,
+        user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
+        db=db,
     )
     stm = (
         select(JobV2)
@@ -130,10 +140,11 @@ async def read_job(
     Return info on an existing job
     """
-    output = await _get_job_check_owner(
+    output = await _get_job_check_access(
         project_id=project_id,
         job_id=job_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
     job = output["job"]
@@ -162,10 +173,11 @@ async def download_job_logs(
     """
     Download zipped job folder
     """
-    output = await _get_job_check_owner(
+    output = await _get_job_check_access(
         project_id=project_id,
         job_id=job_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
     job = output["job"]
@@ -193,8 +205,11 @@ async def get_job_list(
     """
     Get job list for given project
     """
-    project = await _get_project_check_owner(
-        project_id=project_id, user_id=user.id, db=db
+    project = await _get_project_check_access(
+        project_id=project_id,
+        user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
+        db=db,
     )
     stm = select(JobV2).where(JobV2.project_id == project.id)
@@ -225,10 +240,11 @@ async def stop_job(
     _check_shutdown_is_supported()
     # Get job from DB
-    output = await _get_job_check_owner(
+    output = await _get_job_check_access(
         project_id=project_id,
         job_id=job_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.EXECUTE,
         db=db,
     )
     job = output["job"]

fractal_server/app/routes/api/v2/pre_submission_checks.py CHANGED Viewed

@@ -11,14 +11,15 @@ from fractal_server.app.models import UserOAuth
 from fractal_server.app.routes.auth import current_user_act_ver_prof
 from fractal_server.app.schemas.v2 import HistoryUnitStatus
 from fractal_server.app.schemas.v2 import TaskType
+from fractal_server.app.schemas.v2.sharing import ProjectPermissions
 from fractal_server.images.status_tools import IMAGE_STATUS_KEY
 from fractal_server.images.status_tools import enrich_images_unsorted_async
 from fractal_server.images.tools import aggregate_types
 from fractal_server.images.tools import filter_image_list
 from fractal_server.types import AttributeFilters
-from ._aux_functions import _get_dataset_check_owner
-from ._aux_functions import _get_workflow_task_check_owner
+from ._aux_functions import _get_dataset_check_access
+from ._aux_functions import _get_workflow_task_check_access
 from .images import ImageQuery
 router = APIRouter()
@@ -37,8 +38,12 @@ async def verify_unique_types(
     db: AsyncSession = Depends(get_async_db),
 ) -> list[str]:
     # Get dataset
-    output = await _get_dataset_check_owner(
-        project_id=project_id, dataset_id=dataset_id, user_id=user.id, db=db
+    output = await _get_dataset_check_access(
+        project_id=project_id,
+        dataset_id=dataset_id,
+        user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
+        db=db,
     )
     dataset = output["dataset"]
@@ -97,11 +102,12 @@ async def check_non_processed_images(
     user: UserOAuth = Depends(current_user_act_ver_prof),
     db: AsyncSession = Depends(get_async_db),
 ) -> JSONResponse:
-    db_workflow_task, db_workflow = await _get_workflow_task_check_owner(
+    db_workflow_task, db_workflow = await _get_workflow_task_check_access(
         project_id=project_id,
         workflow_task_id=workflowtask_id,
         workflow_id=workflow_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
@@ -121,10 +127,11 @@ async def check_non_processed_images(
         # Skip check if previous task is converter
         return JSONResponse(status_code=200, content=[])
-    res = await _get_dataset_check_owner(
+    res = await _get_dataset_check_access(
         project_id=project_id,
         dataset_id=dataset_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
     dataset = res["dataset"]

fractal_server/app/routes/api/v2/project.py CHANGED Viewed

@@ -16,20 +16,22 @@ from fractal_server.app.routes.aux.validate_user_profile import (
     validate_user_profile,
 )
 from fractal_server.app.schemas.v2 import ProjectCreateV2
+from fractal_server.app.schemas.v2 import ProjectPermissions
 from fractal_server.app.schemas.v2 import ProjectReadV2
 from fractal_server.app.schemas.v2 import ProjectUpdateV2
-from fractal_server.logger import reset_logger_handlers
 from fractal_server.logger import set_logger
 from ._aux_functions import _check_project_exists
-from ._aux_functions import _get_project_check_owner
+from ._aux_functions import _get_project_check_access
 from ._aux_functions import _get_submitted_jobs_statement
+logger = set_logger(__name__)
 router = APIRouter()
 @router.get("/project/", response_model=list[ProjectReadV2])
 async def get_list_project(
+    is_owner: bool = True,
     user: UserOAuth = Depends(current_user_act_ver_prof),
     db: AsyncSession = Depends(get_async_db),
 ) -> list[ProjectV2]:
@@ -40,6 +42,8 @@ async def get_list_project(
         select(ProjectV2)
         .join(LinkUserProjectV2, LinkUserProjectV2.project_id == ProjectV2.id)
         .where(LinkUserProjectV2.user_id == user.id)
+        .where(LinkUserProjectV2.is_owner == is_owner)
+        .where(LinkUserProjectV2.is_verified.is_(True))
     )
     res = await db.execute(stm)
     project_list = res.scalars().all()
@@ -73,7 +77,13 @@ async def create_project(
     db.add(db_project)
     await db.flush()
-    link = LinkUserProjectV2(project_id=db_project.id, user_id=user.id)
+    link = LinkUserProjectV2(
+        project_id=db_project.id,
+        user_id=user.id,
+        is_owner=True,
+        is_verified=True,
+        permissions=ProjectPermissions.EXECUTE,
+    )
     db.add(link)
     await db.commit()
@@ -91,8 +101,11 @@ async def read_project(
     """
     Return info on an existing project
     """
-    project = await _get_project_check_owner(
-        project_id=project_id, user_id=user.id, db=db
+    project = await _get_project_check_access(
+        project_id=project_id,
+        user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
+        db=db,
     )
     await db.close()
     return project
@@ -105,8 +118,11 @@ async def update_project(
     user: UserOAuth = Depends(current_user_act_ver_prof),
     db: AsyncSession = Depends(get_async_db),
 ):
-    project = await _get_project_check_owner(
-        project_id=project_id, user_id=user.id, db=db
+    project = await _get_project_check_access(
+        project_id=project_id,
+        user_id=user.id,
+        required_permissions=ProjectPermissions.WRITE,
+        db=db,
     )
     # Check that there is no project with the same user and name
@@ -134,10 +150,18 @@ async def delete_project(
     Delete project
     """
-    project = await _get_project_check_owner(
-        project_id=project_id, user_id=user.id, db=db
+    project = await _get_project_check_access(
+        project_id=project_id,
+        user_id=user.id,
+        required_permissions=ProjectPermissions.EXECUTE,
+        db=db,
     )
-    logger = set_logger(__name__)
+    link_user_project = await db.get(LinkUserProjectV2, (project_id, user.id))
+    if not link_user_project.is_owner:
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="Only the owner can delete a Project.",
+        )
     # Fail if there exist jobs that are submitted and in relation with the
     # current project.
@@ -154,13 +178,12 @@ async def delete_project(
             ),
         )
-    logger.info(f"Adding Project[{project.id}] to deletion.")
+    logger.debug(f"Add project {project.id} to deletion.")
     await db.delete(project)
-    logger.info("Committing changes to db...")
+    logger.debug("Commit changes to db")
     await db.commit()
-    logger.info("Everything  has been deleted correctly.")
-    reset_logger_handlers(logger)
+    logger.debug("Everything  has been deleted correctly.")
     return Response(status_code=status.HTTP_204_NO_CONTENT)

fractal-server 2.17.2__py3-none-any.whl → 2.18.0a0__py3-none-any.whl

fractal-server 2.17.2py3-none-any.whl → 2.18.0a0py3-none-any.whl