PyPI - fractal-server - Versions diffs - 2.18.6__py3-none-any.whl → 2.19.0a0__py3-none-any.whl - Mend

fractal-server 2.18.6py3-none-any.whl → 2.19.0a0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (34) hide show

fractal_server/__init__.py CHANGED Viewed

	@@ -1 +1 @@
1	- __VERSION__ = "2.18.6"
1	+ __VERSION__ = "2.19.0a0"

fractal_server/app/models/security.py CHANGED Viewed

@@ -7,6 +7,8 @@ from sqlalchemy import Column
 from sqlalchemy import String
 from sqlalchemy.dialects.postgresql import ARRAY
 from sqlalchemy.types import DateTime
+from sqlmodel import BOOLEAN
+from sqlmodel import CheckConstraint
 from sqlmodel import Field
 from sqlmodel import Relationship
 from sqlmodel import SQLModel
@@ -100,6 +102,13 @@ class UserOAuth(SQLModel, table=True):
     is_active: bool = Field(default=True, nullable=False)
     is_superuser: bool = Field(default=False, nullable=False)
     is_verified: bool = Field(default=False, nullable=False)
+    is_guest: bool = Field(
+        sa_column=Column(
+            BOOLEAN,
+            server_default="false",
+            nullable=False,
+        ),
+    )
     oauth_accounts: list["OAuthAccount"] = Relationship(
         back_populates="user",
@@ -120,6 +129,13 @@ class UserOAuth(SQLModel, table=True):
         sa_column=Column(ARRAY(String), server_default="{}"),
     )
+    __table_args__ = (
+        CheckConstraint(
+            "NOT (is_superuser AND is_guest)",
+            name="superuser_is_not_guest",
+        ),
+    )
 class UserGroup(SQLModel, table=True):
     """

fractal_server/app/routes/admin/v2/sharing.py CHANGED Viewed

@@ -1,5 +1,8 @@
 from fastapi import APIRouter
 from fastapi import Depends
+from fastapi import HTTPException
+from fastapi import Response
+from fastapi import status
 from sqlalchemy import func
 from sqlmodel import select
@@ -8,11 +11,16 @@ from fractal_server.app.db import get_async_db
 from fractal_server.app.models import LinkUserProjectV2
 from fractal_server.app.models import UserOAuth
 from fractal_server.app.models.v2 import ProjectV2
+from fractal_server.app.routes.api.v2._aux_functions_sharing import (
+    get_pending_invitation_or_404,
+)
 from fractal_server.app.routes.auth import current_superuser_act
+from fractal_server.app.routes.auth._aux_auth import _user_or_404
 from fractal_server.app.routes.pagination import PaginationRequest
 from fractal_server.app.routes.pagination import PaginationResponse
 from fractal_server.app.routes.pagination import get_pagination_params
 from fractal_server.app.schemas.v2 import LinkUserProjectRead
+from fractal_server.app.schemas.v2.sharing import ProjectPermissions
 router = APIRouter()
@@ -101,3 +109,42 @@ async def view_link_user_project(
             for linkuserproject, user_email, project_name in items
         ],
     )
+@router.post("/verify/", status_code=200)
+async def verify_invitation_for_guest(
+    guest_user_id: int,
+    project_id: int,
+    superuser: UserOAuth = Depends(current_superuser_act),
+    db: AsyncSession = Depends(get_async_db),
+) -> None:
+    """
+    Verify the invitation to join a project for a guest user
+    Note that a guest user would not be allowed to do this themselves.
+    """
+    # Get user and verify that they actually are a guest
+    guest_user = await _user_or_404(guest_user_id, db)
+    if not guest_user.is_guest:
+        raise HTTPException(
+            status_code=status.HTTP_422_UNPROCESSABLE_CONTENT,
+            detail="Cannot accept invitations for non-guest users.",
+        )
+    # Find verification and check that permissions are set to R
+    link = await get_pending_invitation_or_404(
+        user_id=guest_user_id, project_id=project_id, db=db
+    )
+    if link.permissions != ProjectPermissions.READ:
+        raise HTTPException(
+            status_code=status.HTTP_422_UNPROCESSABLE_CONTENT,
+            detail=(
+                "Guest users can only have 'r' permission "
+                f"(given: '{link.permissions}')"
+            ),
+        )
+    # Mark the invitation as verified
+    link.is_verified = True
+    await db.commit()
+    return Response(status_code=status.HTTP_200_OK)

fractal_server/app/routes/api/__init__.py CHANGED Viewed

@@ -1,57 +1,9 @@
-"""
-`api` module
-"""
 from fastapi import APIRouter
-from fastapi import Depends
-import fractal_server
-from fractal_server.app.models import UserOAuth
-from fractal_server.app.routes.auth import current_superuser_act
-from fractal_server.config import get_db_settings
-from fractal_server.config import get_email_settings
-from fractal_server.config import get_oauth_settings
-from fractal_server.config import get_settings
-from fractal_server.syringe import Inject
+from .alive import router as router_alive
+from .settings import router as router_settings
 router_api = APIRouter()
-@router_api.get("/alive/")
-async def alive():
-    return dict(
-        alive=True,
-        version=fractal_server.__VERSION__,
-    )
-@router_api.get("/settings/app/")
-async def view_settings(
-    user: UserOAuth = Depends(current_superuser_act),
-):
-    settings = Inject(get_settings)
-    return settings.model_dump()
-@router_api.get("/settings/database/")
-async def view_db_settings(
-    user: UserOAuth = Depends(current_superuser_act),
-):
-    settings = Inject(get_db_settings)
-    return settings.model_dump()
-@router_api.get("/settings/email/")
-async def view_email_settings(
-    user: UserOAuth = Depends(current_superuser_act),
-):
-    settings = Inject(get_email_settings)
-    return settings.model_dump()
-@router_api.get("/settings/oauth/")
-async def view_oauth_settings(
-    user: UserOAuth = Depends(current_superuser_act),
-):
-    settings = Inject(get_oauth_settings)
-    return settings.model_dump()
+router_api.include_router(router_alive)
+router_api.include_router(router_settings)

fractal_server/app/routes/api/alive.py ADDED Viewed

@@ -0,0 +1,13 @@
+from fastapi import APIRouter
+import fractal_server
+router = APIRouter()
+@router.get("/alive/")
+async def alive():
+    return dict(
+        alive=True,
+        version=fractal_server.__VERSION__,
+    )

fractal_server/app/routes/api/settings.py ADDED Viewed

@@ -0,0 +1,44 @@
+from fastapi import APIRouter
+from fastapi import Depends
+from fractal_server.app.models import UserOAuth
+from fractal_server.app.routes.auth import current_superuser_act
+from fractal_server.config import get_db_settings
+from fractal_server.config import get_email_settings
+from fractal_server.config import get_oauth_settings
+from fractal_server.config import get_settings
+from fractal_server.syringe import Inject
+router = APIRouter()
+@router.get("/settings/app/")
+async def view_settings(
+    user: UserOAuth = Depends(current_superuser_act),
+):
+    settings = Inject(get_settings)
+    return settings.model_dump()
+@router.get("/settings/database/")
+async def view_db_settings(
+    user: UserOAuth = Depends(current_superuser_act),
+):
+    settings = Inject(get_db_settings)
+    return settings.model_dump()
+@router.get("/settings/email/")
+async def view_email_settings(
+    user: UserOAuth = Depends(current_superuser_act),
+):
+    settings = Inject(get_email_settings)
+    return settings.model_dump()
+@router.get("/settings/oauth/")
+async def view_oauth_settings(
+    user: UserOAuth = Depends(current_superuser_act),
+):
+    settings = Inject(get_oauth_settings)
+    return settings.model_dump()

fractal_server/app/routes/api/v2/dataset.py CHANGED Viewed

@@ -13,7 +13,8 @@ from fractal_server.app.db import get_async_db
 from fractal_server.app.models import UserOAuth
 from fractal_server.app.models.v2 import DatasetV2
 from fractal_server.app.models.v2 import JobV2
-from fractal_server.app.routes.auth import current_user_act_ver_prof
+from fractal_server.app.routes.auth import get_api_guest
+from fractal_server.app.routes.auth import get_api_user
 from fractal_server.app.schemas.v2 import DatasetCreate
 from fractal_server.app.schemas.v2 import DatasetRead
 from fractal_server.app.schemas.v2 import DatasetUpdate
@@ -38,7 +39,7 @@ router = APIRouter()
 async def create_dataset(
     project_id: int,
     dataset: DatasetCreate,
-    user: UserOAuth = Depends(current_user_act_ver_prof),
+    user: UserOAuth = Depends(get_api_user),
     db: AsyncSession = Depends(get_async_db),
 ) -> DatasetRead | None:
     """
@@ -96,7 +97,7 @@ async def create_dataset(
 )
 async def read_dataset_list(
     project_id: int,
-    user: UserOAuth = Depends(current_user_act_ver_prof),
+    user: UserOAuth = Depends(get_api_guest),
     db: AsyncSession = Depends(get_async_db),
 ) -> list[DatasetRead] | None:
     """
@@ -126,7 +127,7 @@ async def read_dataset_list(
 async def read_dataset(
     project_id: int,
     dataset_id: int,
-    user: UserOAuth = Depends(current_user_act_ver_prof),
+    user: UserOAuth = Depends(get_api_guest),
     db: AsyncSession = Depends(get_async_db),
 ) -> DatasetRead | None:
     """
@@ -151,7 +152,7 @@ async def update_dataset(
     project_id: int,
     dataset_id: int,
     dataset_update: DatasetUpdate,
-    user: UserOAuth = Depends(current_user_act_ver_prof),
+    user: UserOAuth = Depends(get_api_user),
     db: AsyncSession = Depends(get_async_db),
 ) -> DatasetRead | None:
     """
@@ -182,7 +183,7 @@ async def update_dataset(
 async def delete_dataset(
     project_id: int,
     dataset_id: int,
-    user: UserOAuth = Depends(current_user_act_ver_prof),
+    user: UserOAuth = Depends(get_api_user),
     db: AsyncSession = Depends(get_async_db),
 ) -> Response:
     """
@@ -226,7 +227,7 @@ async def delete_dataset(
 async def export_dataset(
     project_id: int,
     dataset_id: int,
-    user: UserOAuth = Depends(current_user_act_ver_prof),
+    user: UserOAuth = Depends(get_api_guest),
     db: AsyncSession = Depends(get_async_db),
 ) -> DatasetExport | None:
     """
@@ -252,7 +253,7 @@ async def export_dataset(
 async def import_dataset(
     project_id: int,
     dataset: DatasetImport,
-    user: UserOAuth = Depends(current_user_act_ver_prof),
+    user: UserOAuth = Depends(get_api_user),
     db: AsyncSession = Depends(get_async_db),
 ) -> DatasetRead | None:
     """

fractal_server/app/routes/api/v2/history.py CHANGED Viewed

@@ -14,7 +14,7 @@ from fractal_server.app.models.v2 import HistoryRun
 from fractal_server.app.models.v2 import HistoryUnit
 from fractal_server.app.models.v2 import JobV2
 from fractal_server.app.models.v2 import TaskV2
-from fractal_server.app.routes.auth import current_user_act_ver_prof
+from fractal_server.app.routes.auth import get_api_guest
 from fractal_server.app.routes.pagination import PaginationRequest
 from fractal_server.app.routes.pagination import PaginationResponse
 from fractal_server.app.routes.pagination import get_pagination_params
@@ -71,7 +71,7 @@ async def get_workflow_tasks_statuses(
     project_id: int,
     dataset_id: int,
     workflow_id: int,
-    user: UserOAuth = Depends(current_user_act_ver_prof),
+    user: UserOAuth = Depends(get_api_guest),
     db: AsyncSession = Depends(get_async_db),
 ) -> JSONResponse:
     # Access control
@@ -186,7 +186,7 @@ async def get_history_run_list(
     project_id: int,
     dataset_id: int,
     workflowtask_id: int,
-    user: UserOAuth = Depends(current_user_act_ver_prof),
+    user: UserOAuth = Depends(get_api_guest),
     db: AsyncSession = Depends(get_async_db),
 ) -> list[HistoryRunReadAggregated]:
     # Access control
@@ -279,7 +279,7 @@ async def get_history_run_units(
     workflowtask_id: int,
     history_run_id: int,
     unit_status: HistoryUnitStatus | None = None,
-    user: UserOAuth = Depends(current_user_act_ver_prof),
+    user: UserOAuth = Depends(get_api_guest),
     db: AsyncSession = Depends(get_async_db),
     pagination: PaginationRequest = Depends(get_pagination_params),
 ) -> PaginationResponse[HistoryUnitRead]:
@@ -339,7 +339,7 @@ async def get_history_images(
     dataset_id: int,
     workflowtask_id: int,
     request_body: ImageQuery,
-    user: UserOAuth = Depends(current_user_act_ver_prof),
+    user: UserOAuth = Depends(get_api_guest),
     db: AsyncSession = Depends(get_async_db),
     pagination: PaginationRequest = Depends(get_pagination_params),
 ) -> ImagePage:
@@ -423,7 +423,7 @@ async def get_history_images(
 async def get_image_log(
     project_id: int,
     request_data: ImageLogsRequest,
-    user: UserOAuth = Depends(current_user_act_ver_prof),
+    user: UserOAuth = Depends(get_api_guest),
     db: AsyncSession = Depends(get_async_db),
 ) -> JSONResponse:
     # Access control
@@ -482,7 +482,7 @@ async def get_history_unit_log(
     history_unit_id: int,
     workflowtask_id: int,
     dataset_id: int,
-    user: UserOAuth = Depends(current_user_act_ver_prof),
+    user: UserOAuth = Depends(get_api_guest),
     db: AsyncSession = Depends(get_async_db),
 ) -> JSONResponse:
     # Access control
@@ -535,7 +535,7 @@ async def get_history_unit_log(
 async def get_dataset_history(
     project_id: int,
     dataset_id: int,
-    user: UserOAuth = Depends(current_user_act_ver_prof),
+    user: UserOAuth = Depends(get_api_guest),
     db: AsyncSession = Depends(get_async_db),
 ) -> list[HistoryRunRead]:
     """

fractal_server/app/routes/api/v2/images.py CHANGED Viewed

@@ -12,7 +12,8 @@ from fractal_server.app.db import AsyncSession
 from fractal_server.app.db import get_async_db
 from fractal_server.app.models import HistoryImageCache
 from fractal_server.app.models import UserOAuth
-from fractal_server.app.routes.auth import current_user_act_ver_prof
+from fractal_server.app.routes.auth import get_api_guest
+from fractal_server.app.routes.auth import get_api_user
 from fractal_server.app.routes.pagination import PaginationRequest
 from fractal_server.app.routes.pagination import PaginationResponse
 from fractal_server.app.routes.pagination import get_pagination_params
@@ -62,7 +63,7 @@ async def post_new_image(
     project_id: int,
     dataset_id: int,
     new_image: SingleImage,
-    user: UserOAuth = Depends(current_user_act_ver_prof),
+    user: UserOAuth = Depends(get_api_user),
     db: AsyncSession = Depends(get_async_db),
 ) -> Response:
     output = await _get_dataset_check_access(
@@ -118,7 +119,7 @@ async def query_dataset_images(
     dataset_id: int,
     query: ImageQueryWithZarrUrl | None = None,
     pagination: PaginationRequest = Depends(get_pagination_params),
-    user: UserOAuth = Depends(current_user_act_ver_prof),
+    user: UserOAuth = Depends(get_api_guest),
     db: AsyncSession = Depends(get_async_db),
 ) -> ImagePage:
     page = pagination.page
@@ -193,7 +194,7 @@ async def delete_dataset_images(
     project_id: int,
     dataset_id: int,
     zarr_url: str,
-    user: UserOAuth = Depends(current_user_act_ver_prof),
+    user: UserOAuth = Depends(get_api_user),
     db: AsyncSession = Depends(get_async_db),
 ) -> Response:
     output = await _get_dataset_check_access(
@@ -241,7 +242,7 @@ async def patch_dataset_image(
     project_id: int,
     dataset_id: int,
     image_update: SingleImageUpdate,
-    user: UserOAuth = Depends(current_user_act_ver_prof),
+    user: UserOAuth = Depends(get_api_user),
     db: AsyncSession = Depends(get_async_db),
 ):
     output = await _get_dataset_check_access(

fractal_server/app/routes/api/v2/job.py CHANGED Viewed

@@ -15,7 +15,8 @@ from fractal_server.app.db import get_async_db
 from fractal_server.app.models import UserOAuth
 from fractal_server.app.models.v2 import JobV2
 from fractal_server.app.models.v2 import LinkUserProjectV2
-from fractal_server.app.routes.auth import current_user_act_ver_prof
+from fractal_server.app.routes.auth import get_api_guest
+from fractal_server.app.routes.auth import get_api_user
 from fractal_server.app.routes.aux._job import _write_shutdown_file
 from fractal_server.app.routes.aux._runner import _check_shutdown_is_supported
 from fractal_server.app.schemas.v2 import JobRead
@@ -41,12 +42,12 @@ router = APIRouter()
 @router.get("/job/", response_model=list[JobRead])
 async def get_user_jobs(
-    user: UserOAuth = Depends(current_user_act_ver_prof),
+    user: UserOAuth = Depends(get_api_guest),
     log: bool = True,
     db: AsyncSession = Depends(get_async_db),
 ) -> list[JobRead]:
     """
-    Returns all the jobs of the current user
+    Returns all the jobs from projects linked to the current user
     """
     stm = (
         select(JobV2)
@@ -73,7 +74,7 @@ async def get_user_jobs(
 async def get_workflow_jobs(
     project_id: int,
     workflow_id: int,
-    user: UserOAuth = Depends(current_user_act_ver_prof),
+    user: UserOAuth = Depends(get_api_guest),
     db: AsyncSession = Depends(get_async_db),
 ) -> list[JobRead] | None:
     """
@@ -100,7 +101,7 @@ async def get_latest_job(
     project_id: int,
     workflow_id: int,
     dataset_id: int,
-    user: UserOAuth = Depends(current_user_act_ver_prof),
+    user: UserOAuth = Depends(get_api_guest),
     db: AsyncSession = Depends(get_async_db),
 ) -> JobRead:
     await _get_workflow_check_access(
@@ -136,7 +137,7 @@ async def read_job(
     project_id: int,
     job_id: int,
     show_tmp_logs: bool = False,
-    user: UserOAuth = Depends(current_user_act_ver_prof),
+    user: UserOAuth = Depends(get_api_guest),
     db: AsyncSession = Depends(get_async_db),
 ) -> JobRead | None:
     """
@@ -169,7 +170,7 @@ async def read_job(
 async def download_job_logs(
     project_id: int,
     job_id: int,
-    user: UserOAuth = Depends(current_user_act_ver_prof),
+    user: UserOAuth = Depends(get_api_guest),
     db: AsyncSession = Depends(get_async_db),
 ) -> StreamingResponse:
     """
@@ -200,7 +201,7 @@ async def download_job_logs(
 )
 async def get_job_list(
     project_id: int,
-    user: UserOAuth = Depends(current_user_act_ver_prof),
+    user: UserOAuth = Depends(get_api_guest),
     log: bool = True,
     db: AsyncSession = Depends(get_async_db),
 ) -> list[JobRead] | None:
@@ -234,7 +235,7 @@ async def get_job_list(
 async def stop_job(
     project_id: int,
     job_id: int,
-    user: UserOAuth = Depends(current_user_act_ver_prof),
+    user: UserOAuth = Depends(get_api_user),
     db: AsyncSession = Depends(get_async_db),
 ) -> Response:
     """

fractal_server/app/routes/api/v2/pre_submission_checks.py CHANGED Viewed

@@ -8,7 +8,7 @@ from pydantic import Field
 from fractal_server.app.db import AsyncSession
 from fractal_server.app.db import get_async_db
 from fractal_server.app.models import UserOAuth
-from fractal_server.app.routes.auth import current_user_act_ver_prof
+from fractal_server.app.routes.auth import get_api_guest
 from fractal_server.app.schemas.v2 import HistoryUnitStatus
 from fractal_server.app.schemas.v2 import TaskType
 from fractal_server.app.schemas.v2.sharing import ProjectPermissions
@@ -34,7 +34,7 @@ async def verify_unique_types(
     dataset_id: int,
     workflowtask_id: int,
     query: ImageQuery | None = None,
-    user: UserOAuth = Depends(current_user_act_ver_prof),
+    user: UserOAuth = Depends(get_api_guest),
     db: AsyncSession = Depends(get_async_db),
 ) -> list[str]:
     # Get dataset
@@ -99,7 +99,7 @@ async def check_non_processed_images(
     workflow_id: int,
     workflowtask_id: int,
     filters: NonProcessedImagesPayload,
-    user: UserOAuth = Depends(current_user_act_ver_prof),
+    user: UserOAuth = Depends(get_api_guest),
     db: AsyncSession = Depends(get_async_db),
 ) -> JSONResponse:
     db_workflow_task, db_workflow = await _get_workflow_task_check_access(

fractal_server/app/routes/api/v2/project.py CHANGED Viewed

@@ -11,7 +11,8 @@ from fractal_server.app.models import UserOAuth
 from fractal_server.app.models.v2 import JobV2
 from fractal_server.app.models.v2 import LinkUserProjectV2
 from fractal_server.app.models.v2 import ProjectV2
-from fractal_server.app.routes.auth import current_user_act_ver_prof
+from fractal_server.app.routes.auth import get_api_guest
+from fractal_server.app.routes.auth import get_api_user
 from fractal_server.app.routes.aux.validate_user_profile import (
     validate_user_profile,
 )
@@ -32,7 +33,7 @@ router = APIRouter()
 @router.get("/project/", response_model=list[ProjectRead])
 async def get_list_project(
     is_owner: bool = True,
-    user: UserOAuth = Depends(current_user_act_ver_prof),
+    user: UserOAuth = Depends(get_api_guest),
     db: AsyncSession = Depends(get_async_db),
 ) -> list[ProjectV2]:
     """
@@ -53,7 +54,7 @@ async def get_list_project(
 @router.post("/project/", response_model=ProjectRead, status_code=201)
 async def create_project(
     project: ProjectCreate,
-    user: UserOAuth = Depends(current_user_act_ver_prof),
+    user: UserOAuth = Depends(get_api_user),
     db: AsyncSession = Depends(get_async_db),
 ) -> ProjectRead | None:
     """
@@ -94,7 +95,7 @@ async def create_project(
 @router.get("/project/{project_id}/", response_model=ProjectRead)
 async def read_project(
     project_id: int,
-    user: UserOAuth = Depends(current_user_act_ver_prof),
+    user: UserOAuth = Depends(get_api_guest),
     db: AsyncSession = Depends(get_async_db),
 ) -> ProjectRead | None:
     """
@@ -113,7 +114,7 @@ async def read_project(
 async def update_project(
     project_id: int,
     project_update: ProjectUpdate,
-    user: UserOAuth = Depends(current_user_act_ver_prof),
+    user: UserOAuth = Depends(get_api_user),
     db: AsyncSession = Depends(get_async_db),
 ):
     project = await _get_project_check_access(
@@ -140,7 +141,7 @@ async def update_project(
 @router.delete("/project/{project_id}/", status_code=204)
 async def delete_project(
     project_id: int,
-    user: UserOAuth = Depends(current_user_act_ver_prof),
+    user: UserOAuth = Depends(get_api_user),
     db: AsyncSession = Depends(get_async_db),
 ) -> Response:
     """

fractal_server/app/routes/api/v2/sharing.py CHANGED Viewed

@@ -11,7 +11,8 @@ from fractal_server.app.db import get_async_db
 from fractal_server.app.models import UserOAuth
 from fractal_server.app.models.v2 import LinkUserProjectV2
 from fractal_server.app.models.v2 import ProjectV2
-from fractal_server.app.routes.auth import current_user_act_ver_prof
+from fractal_server.app.routes.auth import get_api_guest
+from fractal_server.app.routes.auth import get_api_user
 from fractal_server.app.schemas.v2 import ProjectAccessRead
 from fractal_server.app.schemas.v2 import ProjectGuestCreate
 from fractal_server.app.schemas.v2 import ProjectGuestRead
@@ -33,7 +34,7 @@ router = APIRouter()
 )
 async def get_project_guests(
     project_id: int,
-    owner: UserOAuth = Depends(current_user_act_ver_prof),
+    owner: UserOAuth = Depends(get_api_guest),
     db: AsyncSession = Depends(get_async_db),
 ) -> list[ProjectGuestRead]:
     """
@@ -68,7 +69,7 @@ async def invite_guest(
     project_id: int,
     email: EmailStr,
     project_invitation: ProjectGuestCreate,
-    owner: UserOAuth = Depends(current_user_act_ver_prof),
+    owner: UserOAuth = Depends(get_api_user),
     db: AsyncSession = Depends(get_async_db),
 ) -> Response:
     """
@@ -103,7 +104,7 @@ async def patch_guest(
     project_id: int,
     email: EmailStr,
     update: ProjectGuestUpdate,
-    owner: UserOAuth = Depends(current_user_act_ver_prof),
+    owner: UserOAuth = Depends(get_api_user),
     db: AsyncSession = Depends(get_async_db),
 ) -> Response:
     """
@@ -137,7 +138,7 @@ async def patch_guest(
 async def revoke_guest_access(
     project_id: int,
     email: EmailStr,
-    owner: UserOAuth = Depends(current_user_act_ver_prof),
+    owner: UserOAuth = Depends(get_api_user),
     db: AsyncSession = Depends(get_async_db),
 ) -> Response:
     """
@@ -171,13 +172,20 @@ async def revoke_guest_access(
     response_model=list[ProjectInvitationRead],
 )
 async def get_pending_invitations(
-    user: UserOAuth = Depends(current_user_act_ver_prof),
+    user: UserOAuth = Depends(get_api_guest),
     db: AsyncSession = Depends(get_async_db),
 ) -> list[ProjectInvitationRead]:
     """
     See your current invitations.
     """
+    if user.is_guest:
+        # The user's attribute `is_guest` is used to identify guest accounts,
+        # i.e. accounts with read only permissions on the API.
+        # This is a different concept from a project guest, which is a regular
+        # account with which a project has been shared.
+        return []
     res = await db.execute(
         select(
             ProjectV2.id,
@@ -225,7 +233,7 @@ async def get_pending_invitations(
 )
 async def get_access_info(
     project_id: int,
-    user: UserOAuth = Depends(current_user_act_ver_prof),
+    user: UserOAuth = Depends(get_api_guest),
     db: AsyncSession = Depends(get_async_db),
 ) -> ProjectAccessRead:
     """
@@ -272,7 +280,7 @@ async def get_access_info(
 @router.post("/project/{project_id}/access/accept/", status_code=200)
 async def accept_project_invitation(
     project_id: int,
-    user: UserOAuth = Depends(current_user_act_ver_prof),
+    user: UserOAuth = Depends(get_api_user),
     db: AsyncSession = Depends(get_async_db),
 ) -> Response:
     """
@@ -290,7 +298,7 @@ async def accept_project_invitation(
 @router.delete("/project/{project_id}/access/", status_code=204)
 async def leave_project(
     project_id: int,
-    user: UserOAuth = Depends(current_user_act_ver_prof),
+    user: UserOAuth = Depends(get_api_user),
     db: AsyncSession = Depends(get_async_db),
 ) -> Response:
     """

fractal-server 2.18.6__py3-none-any.whl → 2.19.0a0__py3-none-any.whl

fractal-server 2.18.6py3-none-any.whl → 2.19.0a0py3-none-any.whl