fractal-server 2.17.2__py3-none-any.whl → 2.18.0a0__py3-none-any.whl

fractal_server/app/routes/api/v2/sharing.py

@@ -0,0 +1,312 @@
+from fastapi import APIRouter
+from fastapi import Depends
+from fastapi import HTTPException
+from fastapi import Response
+from fastapi import status
+from pydantic import EmailStr
+from sqlmodel import select
+
+from fractal_server.app.db import AsyncSession
+from fractal_server.app.db import get_async_db
+from fractal_server.app.models import UserOAuth
+from fractal_server.app.models.v2 import LinkUserProjectV2
+from fractal_server.app.models.v2 import ProjectV2
+from fractal_server.app.routes.auth import current_user_act_ver_prof
+from fractal_server.app.schemas.v2 import ProjectAccessRead
+from fractal_server.app.schemas.v2 import ProjectGuestCreate
+from fractal_server.app.schemas.v2 import ProjectGuestRead
+from fractal_server.app.schemas.v2 import ProjectGuestUpdate
+from fractal_server.app.schemas.v2 import ProjectInvitationRead
+
+from ._aux_functions_sharing import get_link_or_404
+from ._aux_functions_sharing import get_pending_invitation_or_404
+from ._aux_functions_sharing import get_user_id_from_email_or_404
+from ._aux_functions_sharing import raise_403_if_not_owner
+from ._aux_functions_sharing import raise_422_if_link_exists
+
+router = APIRouter()
+
+
+@router.get(
+    "/project/{project_id}/guest/",
+    response_model=list[ProjectGuestRead],
+)
+async def get_project_guests(
+    project_id: int,
+    owner: UserOAuth = Depends(current_user_act_ver_prof),
+    db: AsyncSession = Depends(get_async_db),
+) -> list[ProjectGuestRead]:
+    """
+    Get the list of all the guests of your project (verified or not).
+    """
+    await raise_403_if_not_owner(user_id=owner.id, project_id=project_id, db=db)
+    # Get (email, is_verified, permissions) for all guests
+    res = await db.execute(
+        select(
+            UserOAuth.email,
+            LinkUserProjectV2.is_verified,
+            LinkUserProjectV2.permissions,
+        )
+        .join(LinkUserProjectV2, LinkUserProjectV2.user_id == UserOAuth.id)
+        .where(LinkUserProjectV2.project_id == project_id)
+        .where(LinkUserProjectV2.is_owner.is_(False))
+        .order_by(UserOAuth.email)
+    )
+    guest_tuples = res.all()
+    return [
+        dict(
+            email=guest_email,
+            is_verified=is_verified,
+            permissions=permissions,
+        )
+        for guest_email, is_verified, permissions in guest_tuples
+    ]
+
+
+@router.post("/project/{project_id}/guest/", status_code=201)
+async def invite_guest(
+    project_id: int,
+    email: EmailStr,
+    project_invitation: ProjectGuestCreate,
+    owner: UserOAuth = Depends(current_user_act_ver_prof),
+    db: AsyncSession = Depends(get_async_db),
+) -> Response:
+    """
+    Add a guest to your project.
+    """
+    await raise_403_if_not_owner(user_id=owner.id, project_id=project_id, db=db)
+
+    guest_id = await get_user_id_from_email_or_404(user_email=email, db=db)
+
+    await raise_422_if_link_exists(
+        user_id=guest_id,
+        project_id=project_id,
+        db=db,
+    )
+
+    db.add(
+        LinkUserProjectV2(
+            project_id=project_id,
+            user_id=guest_id,
+            is_owner=False,
+            is_verified=False,
+            permissions=project_invitation.permissions,
+        )
+    )
+    await db.commit()
+
+    return Response(status_code=status.HTTP_201_CREATED)
+
+
+@router.patch("/project/{project_id}/guest/", status_code=200)
+async def patch_guest(
+    project_id: int,
+    email: EmailStr,
+    update: ProjectGuestUpdate,
+    owner: UserOAuth = Depends(current_user_act_ver_prof),
+    db: AsyncSession = Depends(get_async_db),
+) -> Response:
+    """
+    Change guest's permissions on your project.
+    """
+    await raise_403_if_not_owner(user_id=owner.id, project_id=project_id, db=db)
+
+    guest_id = await get_user_id_from_email_or_404(user_email=email, db=db)
+
+    if guest_id == owner.id:
+        raise HTTPException(
+            status_code=status.HTTP_422_UNPROCESSABLE_CONTENT,
+            detail="Cannot perform this operation on project owner.",
+        )
+
+    link = await get_link_or_404(
+        user_id=guest_id,
+        project_id=project_id,
+        db=db,
+    )
+
+    # Update link and commit
+    for key, value in update.model_dump(exclude_unset=True).items():
+        setattr(link, key, value)
+    await db.commit()
+
+    return Response(status_code=status.HTTP_200_OK)
+
+
+@router.delete("/project/{project_id}/guest/", status_code=204)
+async def revoke_guest_access(
+    project_id: int,
+    email: EmailStr,
+    owner: UserOAuth = Depends(current_user_act_ver_prof),
+    db: AsyncSession = Depends(get_async_db),
+) -> Response:
+    """
+    Remove a guest from your project.
+    """
+    await raise_403_if_not_owner(user_id=owner.id, project_id=project_id, db=db)
+
+    guest_id = await get_user_id_from_email_or_404(user_email=email, db=db)
+
+    if guest_id == owner.id:
+        raise HTTPException(
+            status_code=status.HTTP_422_UNPROCESSABLE_CONTENT,
+            detail="Cannot perform this operation on project owner.",
+        )
+
+    link = await get_link_or_404(
+        user_id=guest_id,
+        project_id=project_id,
+        db=db,
+    )
+
+    # Delete link and commit
+    await db.delete(link)
+    await db.commit()
+
+    return Response(status_code=status.HTTP_204_NO_CONTENT)
+
+
+@router.get(
+    "/project/invitation/",
+    response_model=list[ProjectInvitationRead],
+)
+async def get_pending_invitations(
+    user: UserOAuth = Depends(current_user_act_ver_prof),
+    db: AsyncSession = Depends(get_async_db),
+) -> list[ProjectInvitationRead]:
+    """
+    See your current invitations.
+    """
+
+    res = await db.execute(
+        select(
+            ProjectV2.id,
+            ProjectV2.name,
+            LinkUserProjectV2.permissions,
+            (
+                select(UserOAuth.email)
+                .join(
+                    LinkUserProjectV2,
+                    UserOAuth.id == LinkUserProjectV2.user_id,
+                )
+                .where(LinkUserProjectV2.is_owner.is_(True))
+                .where(LinkUserProjectV2.project_id == ProjectV2.id)
+                .scalar_subquery()
+                .correlate(ProjectV2)
+            ),
+        )
+        .join(LinkUserProjectV2, LinkUserProjectV2.project_id == ProjectV2.id)
+        .where(LinkUserProjectV2.user_id == user.id)
+        .where(LinkUserProjectV2.is_verified.is_(False))
+        .order_by(ProjectV2.name)
+    )
+
+    guest_project_info = res.all()
+
+    return [
+        dict(
+            project_id=project_id,
+            project_name=project_name,
+            guest_permissions=guest_permissions,
+            owner_email=owner_email,
+        )
+        for (
+            project_id,
+            project_name,
+            guest_permissions,
+            owner_email,
+        ) in guest_project_info
+    ]
+
+
+@router.get(
+    "/project/{project_id}/access/",
+    response_model=ProjectAccessRead,
+)
+async def get_access_info(
+    project_id: int,
+    user: UserOAuth = Depends(current_user_act_ver_prof),
+    db: AsyncSession = Depends(get_async_db),
+) -> ProjectAccessRead:
+    """
+    Returns information on your relationship with Project[`project_id`].
+    """
+
+    res = await db.execute(
+        select(
+            LinkUserProjectV2.is_owner,
+            LinkUserProjectV2.permissions,
+            (
+                select(UserOAuth.email)
+                .join(
+                    LinkUserProjectV2,
+                    UserOAuth.id == LinkUserProjectV2.user_id,
+                )
+                .where(LinkUserProjectV2.is_owner.is_(True))
+                .where(LinkUserProjectV2.project_id == ProjectV2.id)
+                .scalar_subquery()
+                .correlate(LinkUserProjectV2)
+            ),
+        )
+        .where(LinkUserProjectV2.project_id == project_id)
+        .where(LinkUserProjectV2.user_id == user.id)
+        .where(LinkUserProjectV2.is_verified.is_(True))
+    )
+
+    guest_project_info = res.one_or_none()
+
+    if guest_project_info is None:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail=f"User has no access to project {project_id}.",
+        )
+
+    is_owner, permissions, owner_email = guest_project_info
+
+    return dict(
+        is_owner=is_owner,
+        permissions=permissions,
+        owner_email=owner_email,
+    )
+
+
+@router.post("/project/{project_id}/access/accept/", status_code=200)
+async def accept_project_invitation(
+    project_id: int,
+    user: UserOAuth = Depends(current_user_act_ver_prof),
+    db: AsyncSession = Depends(get_async_db),
+) -> Response:
+    """
+    Accept invitation to project `project_id`.
+    """
+    link = await get_pending_invitation_or_404(
+        user_id=user.id, project_id=project_id, db=db
+    )
+    link.is_verified = True
+    await db.commit()
+
+    return Response(status_code=status.HTTP_200_OK)
+
+
+@router.delete("/project/{project_id}/access/", status_code=204)
+async def leave_project(
+    project_id: int,
+    user: UserOAuth = Depends(current_user_act_ver_prof),
+    db: AsyncSession = Depends(get_async_db),
+) -> Response:
+    """
+    Decline invitation to project `project_id` or stop being a guest of that
+    project.
+    """
+    link = await get_link_or_404(user_id=user.id, project_id=project_id, db=db)
+
+    if link.is_owner:
+        raise HTTPException(
+            status_code=status.HTTP_422_UNPROCESSABLE_CONTENT,
+            detail=f"You are the owner of project {project_id}.",
+        )
+
+    await db.delete(link)
+    await db.commit()
+
+    return Response(status_code=status.HTTP_204_NO_CONTENT)

fractal_server/app/routes/api/v2/status_legacy.py

@@ -8,13 +8,14 @@ from fractal_server.app.db import get_async_db
 from fractal_server.app.models import UserOAuth
 from fractal_server.app.models.v2 import JobV2
 from fractal_server.app.routes.auth import current_user_act_ver_prof
+from fractal_server.app.schemas.v2.sharing import ProjectPermissions
 from fractal_server.app.schemas.v2.status_legacy import LegacyStatusReadV2
 from fractal_server.app.schemas.v2.status_legacy import WorkflowTaskStatusTypeV2
 from fractal_server.logger import set_logger
 
-from ._aux_functions import _get_dataset_check_owner
+from ._aux_functions import _get_dataset_check_access
 from ._aux_functions import _get_submitted_jobs_statement
-from ._aux_functions import _get_workflow_check_owner
+from ._aux_functions import _get_workflow_check_access
 
 router = APIRouter()
 
@@ -42,19 +43,21 @@ async def get_workflowtask_status(
     order). See fractal-server GitHub issues: 793, 1083.
     """
     # Get the dataset DB entry
-    output = await _get_dataset_check_owner(
+    output = await _get_dataset_check_access(
         project_id=project_id,
         dataset_id=dataset_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
     dataset = output["dataset"]
 
     # Get the workflow DB entry
-    workflow = await _get_workflow_check_owner(
+    workflow = await _get_workflow_check_access(
         project_id=project_id,
         workflow_id=workflow_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
 

fractal_server/app/routes/api/v2/submit.py

@@ -27,6 +27,7 @@ from fractal_server.app.schemas.v2 import JobCreateV2
 from fractal_server.app.schemas.v2 import JobReadV2
 from fractal_server.app.schemas.v2 import JobStatusTypeV2
 from fractal_server.app.schemas.v2 import ResourceType
+from fractal_server.app.schemas.v2.sharing import ProjectPermissions
 from fractal_server.config import get_settings
 from fractal_server.logger import set_logger
 from fractal_server.runner.set_start_and_last_task_index import (
@@ -35,8 +36,8 @@ from fractal_server.runner.set_start_and_last_task_index import (
 from fractal_server.runner.v2.submit_workflow import submit_workflow
 from fractal_server.syringe import Inject
 
-from ._aux_functions import _get_dataset_check_owner
-from ._aux_functions import _get_workflow_check_owner
+from ._aux_functions import _get_dataset_check_access
+from ._aux_functions import _get_workflow_check_access
 from ._aux_functions import clean_app_job_list_v2
 from ._aux_functions_tasks import _check_type_filters_compatibility
 
@@ -72,10 +73,11 @@ async def apply_workflow(
         )
         request.app.state.jobsV2 = new_jobs_list
 
-    output = await _get_dataset_check_owner(
+    output = await _get_dataset_check_access(
         project_id=project_id,
         dataset_id=dataset_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.EXECUTE,
         db=db,
     )
     project = output["project"]
@@ -92,8 +94,12 @@ async def apply_workflow(
             detail="Project resource does not match with user's resource",
         )
 
-    workflow = await _get_workflow_check_owner(
-        project_id=project_id, workflow_id=workflow_id, user_id=user.id, db=db
+    workflow = await _get_workflow_check_access(
+        project_id=project_id,
+        workflow_id=workflow_id,
+        user_id=user.id,
+        required_permissions=ProjectPermissions.EXECUTE,
+        db=db,
     )
     num_tasks = len(workflow.task_list)
     if num_tasks == 0:

fractal_server/app/routes/api/v2/task_version_update.py

@@ -21,9 +21,10 @@ from fractal_server.app.routes.auth import current_user_act_ver_prof
 from fractal_server.app.schemas.v2 import TaskType
 from fractal_server.app.schemas.v2 import WorkflowTaskReadV2
 from fractal_server.app.schemas.v2 import WorkflowTaskReplaceV2
+from fractal_server.app.schemas.v2.sharing import ProjectPermissions
 
-from ._aux_functions import _get_workflow_check_owner
-from ._aux_functions import _get_workflow_task_check_owner
+from ._aux_functions import _get_workflow_check_access
+from ._aux_functions import _get_workflow_task_check_access
 from ._aux_functions_task_version_update import get_new_workflow_task_meta
 from ._aux_functions_tasks import _check_type_filters_compatibility
 from ._aux_functions_tasks import _get_task_group_or_404
@@ -79,10 +80,11 @@ async def get_workflow_version_update_candidates(
     user: UserOAuth = Depends(current_user_act_ver_prof),
     db: AsyncSession = Depends(get_async_db),
 ) -> list[list[TaskVersionRead]]:
-    workflow = await _get_workflow_check_owner(
+    workflow = await _get_workflow_check_access(
         project_id=project_id,
         workflow_id=workflow_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
 
@@ -182,11 +184,12 @@ async def replace_workflowtask(
     db: AsyncSession = Depends(get_async_db),
 ) -> WorkflowTaskReadV2:
     # Get objects from database
-    workflow_task, workflow = await _get_workflow_task_check_owner(
+    workflow_task, workflow = await _get_workflow_task_check_access(
         project_id=project_id,
         workflow_id=workflow_id,
         workflow_task_id=workflow_task_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.WRITE,
         db=db,
     )
     new_task = await _get_task_read_access(

fractal_server/app/routes/api/v2/workflow.py

@@ -20,12 +20,13 @@ from fractal_server.app.schemas.v2 import WorkflowExportV2
 from fractal_server.app.schemas.v2 import WorkflowReadV2
 from fractal_server.app.schemas.v2 import WorkflowReadV2WithWarnings
 from fractal_server.app.schemas.v2 import WorkflowUpdateV2
+from fractal_server.app.schemas.v2.sharing import ProjectPermissions
 from fractal_server.images.tools import merge_type_filters
 
 from ._aux_functions import _check_workflow_exists
-from ._aux_functions import _get_project_check_owner
+from ._aux_functions import _get_project_check_access
 from ._aux_functions import _get_submitted_jobs_statement
-from ._aux_functions import _get_workflow_check_owner
+from ._aux_functions import _get_workflow_check_access
 from ._aux_functions import _workflow_has_submitted_job
 from ._aux_functions_tasks import _add_warnings_to_workflow_tasks
 
@@ -45,8 +46,11 @@ async def get_workflow_list(
     Get workflow list for given project
     """
     # Access control
-    project = await _get_project_check_owner(
-        project_id=project_id, user_id=user.id, db=db
+    project = await _get_project_check_access(
+        project_id=project_id,
+        user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
+        db=db,
     )
     # Find workflows of the current project. Note: this select/where approach
     # has much better scaling than refreshing all elements of
@@ -71,8 +75,11 @@ async def create_workflow(
     """
     Create a workflow, associate to a project
     """
-    await _get_project_check_owner(
-        project_id=project_id, user_id=user.id, db=db
+    await _get_project_check_access(
+        project_id=project_id,
+        user_id=user.id,
+        required_permissions=ProjectPermissions.WRITE,
+        db=db,
     )
     await _check_workflow_exists(
         name=workflow.name, project_id=project_id, db=db
@@ -100,10 +107,11 @@ async def read_workflow(
     Get info on an existing workflow
     """
 
-    workflow = await _get_workflow_check_owner(
+    workflow = await _get_workflow_check_access(
         project_id=project_id,
         workflow_id=workflow_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
 
@@ -133,10 +141,11 @@ async def update_workflow(
     """
     Edit a workflow
     """
-    workflow = await _get_workflow_check_owner(
+    workflow = await _get_workflow_check_access(
         project_id=project_id,
         workflow_id=workflow_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.WRITE,
         db=db,
     )
 
@@ -208,10 +217,11 @@ async def delete_workflow(
     Delete a workflow
     """
 
-    workflow = await _get_workflow_check_owner(
+    workflow = await _get_workflow_check_access(
         project_id=project_id,
         workflow_id=workflow_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.WRITE,
         db=db,
     )
 
@@ -252,10 +262,11 @@ async def export_workflow(
     """
     Export an existing workflow, after stripping all IDs
     """
-    workflow = await _get_workflow_check_owner(
+    workflow = await _get_workflow_check_access(
         project_id=project_id,
         workflow_id=workflow_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
     wf_task_list = []
@@ -293,10 +304,11 @@ async def get_workflow_type_filters(
     Get info on type/type-filters flow for a workflow.
     """
 
-    workflow = await _get_workflow_check_owner(
+    workflow = await _get_workflow_check_access(
         project_id=project_id,
         workflow_id=workflow_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.READ,
         db=db,
     )
 

fractal_server/app/routes/api/v2/workflow_import.py

@@ -24,10 +24,11 @@ from fractal_server.app.schemas.v2 import TaskImportV2Legacy
 from fractal_server.app.schemas.v2 import WorkflowImportV2
 from fractal_server.app.schemas.v2 import WorkflowReadV2WithWarnings
 from fractal_server.app.schemas.v2 import WorkflowTaskCreateV2
+from fractal_server.app.schemas.v2.sharing import ProjectPermissions
 from fractal_server.logger import set_logger
 
 from ._aux_functions import _check_workflow_exists
-from ._aux_functions import _get_project_check_owner
+from ._aux_functions import _get_project_check_access
 from ._aux_functions import _get_user_resource_id
 from ._aux_functions import _workflow_insert_task
 from ._aux_functions_tasks import _add_warnings_to_workflow_tasks
@@ -65,7 +66,7 @@ async def _get_user_accessible_taskgroups(
     )
     res = await db.execute(stm)
     accessible_task_groups = res.scalars().all()
-    logger.info(
+    logger.debug(
         f"Found {len(accessible_task_groups)} accessible "
         f"task groups for {user_id=}."
     )
@@ -120,7 +121,7 @@ async def _get_task_by_taskimport(
         `id` of the matching task, or `None`.
     """
 
-    logger.info(f"[_get_task_by_taskimport] START, {task_import=}")
+    logger.debug(f"[_get_task_by_taskimport] START, {task_import=}")
 
     # Filter by `pkg_name` and by presence of a task with given `name`.
     matching_task_groups = [
@@ -132,7 +133,7 @@ async def _get_task_by_taskimport(
         )
     ]
     if len(matching_task_groups) < 1:
-        logger.info(
+        logger.debug(
             "[_get_task_by_taskimport] "
             f"No task group with {task_import.pkg_name=} "
             f"and a task with {task_import.name=}."
@@ -142,13 +143,13 @@ async def _get_task_by_taskimport(
     # Determine target `version`
     # Note that task_import.version cannot be "", due to a validator
     if task_import.version is None:
-        logger.info(
+        logger.debug(
             "[_get_task_by_taskimport] "
             "No version requested, looking for latest."
         )
         latest_task = max(matching_task_groups, key=lambda tg: tg.version or "")
         version = latest_task.version
-        logger.info(
+        logger.debug(
             f"[_get_task_by_taskimport] Latest version set to {version}."
         )
     else:
@@ -160,19 +161,19 @@ async def _get_task_by_taskimport(
     )
 
     if len(final_matching_task_groups) < 1:
-        logger.info(
+        logger.debug(
             "[_get_task_by_taskimport] "
             "No task group left after filtering by version."
         )
         return None
     elif len(final_matching_task_groups) == 1:
         final_task_group = final_matching_task_groups[0]
-        logger.info(
+        logger.debug(
             "[_get_task_by_taskimport] "
             "Found a single task group, after filtering by version."
         )
     else:
-        logger.info(
+        logger.debug(
             "[_get_task_by_taskimport] "
             f"Found {len(final_matching_task_groups)} task groups, "
             "after filtering by version."
@@ -184,7 +185,7 @@ async def _get_task_by_taskimport(
             default_group_id=default_group_id,
         )
         if final_task_group is None:
-            logger.info(
+            logger.debug(
                 "[_get_task_by_taskimport] Disambiguation returned None."
             )
             return None
@@ -199,7 +200,7 @@ async def _get_task_by_taskimport(
         None,
     )
 
-    logger.info(f"[_get_task_by_taskimport] END, {task_import=}, {task_id=}.")
+    logger.debug(f"[_get_task_by_taskimport] END, {task_import=}, {task_id=}.")
 
     return task_id
 
@@ -222,9 +223,10 @@ async def import_workflow(
     user_resource_id = await _get_user_resource_id(user_id=user.id, db=db)
 
     # Preliminary checks
-    await _get_project_check_owner(
+    await _get_project_check_access(
         project_id=project_id,
         user_id=user.id,
+        required_permissions=ProjectPermissions.WRITE,
         db=db,
     )
     await _check_workflow_exists(