fractal-server 2.8.1__py3-none-any.whl → 2.9.0__py3-none-any.whl

fractal_server/app/routes/api/v2/task_group_lifecycle.py

@@ -0,0 +1,272 @@
+from fastapi import APIRouter
+from fastapi import BackgroundTasks
+from fastapi import Depends
+from fastapi import HTTPException
+from fastapi import Request
+from fastapi import Response
+from fastapi import status
+
+from ...aux.validate_user_settings import validate_user_settings
+from ._aux_functions_task_lifecycle import check_no_ongoing_activity
+from ._aux_functions_task_lifecycle import check_no_submitted_job
+from ._aux_functions_tasks import _get_task_group_full_access
+from fractal_server.app.db import AsyncSession
+from fractal_server.app.db import get_async_db
+from fractal_server.app.models import UserOAuth
+from fractal_server.app.models.v2 import TaskGroupActivityV2
+from fractal_server.app.routes.auth import current_active_user
+from fractal_server.app.schemas.v2 import TaskGroupActivityActionV2
+from fractal_server.app.schemas.v2 import TaskGroupActivityStatusV2
+from fractal_server.app.schemas.v2 import TaskGroupActivityV2Read
+from fractal_server.app.schemas.v2 import TaskGroupReadV2
+from fractal_server.app.schemas.v2 import TaskGroupV2OriginEnum
+from fractal_server.config import get_settings
+from fractal_server.logger import set_logger
+from fractal_server.syringe import Inject
+from fractal_server.tasks.v2.local import deactivate_local
+from fractal_server.tasks.v2.local import reactivate_local
+from fractal_server.tasks.v2.ssh import deactivate_ssh
+from fractal_server.tasks.v2.ssh import reactivate_ssh
+from fractal_server.utils import get_timestamp
+
+router = APIRouter()
+
+
+logger = set_logger(__name__)
+
+
+@router.post(
+    "/{task_group_id}/deactivate/",
+    response_model=TaskGroupActivityV2Read,
+)
+async def deactivate_task_group(
+    task_group_id: int,
+    background_tasks: BackgroundTasks,
+    response: Response,
+    request: Request,
+    user: UserOAuth = Depends(current_active_user),
+    db: AsyncSession = Depends(get_async_db),
+) -> TaskGroupReadV2:
+    """
+    Deactivate task-group venv
+    """
+    # Check access
+    task_group = await _get_task_group_full_access(
+        task_group_id=task_group_id,
+        user_id=user.id,
+        db=db,
+    )
+
+    # Check no other activity is ongoing
+    await check_no_ongoing_activity(task_group_id=task_group_id, db=db)
+
+    # Check no submitted jobs use tasks from this task group
+    await check_no_submitted_job(task_group_id=task_group.id, db=db)
+
+    # Check that task-group is active
+    if not task_group.active:
+        raise HTTPException(
+            status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
+            detail=(
+                f"Cannot deactivate a task group with {task_group.active=}."
+            ),
+        )
+
+    # Shortcut for task-group with origin="other"
+    if task_group.origin == TaskGroupV2OriginEnum.OTHER:
+        task_group.active = False
+        task_group_activity = TaskGroupActivityV2(
+            user_id=task_group.user_id,
+            taskgroupv2_id=task_group.id,
+            status=TaskGroupActivityStatusV2.OK,
+            action=TaskGroupActivityActionV2.DEACTIVATE,
+            pkg_name=task_group.pkg_name,
+            version=(task_group.version or "N/A"),
+            log=(
+                f"Task group has {task_group.origin=}, set "
+                "task_group.active to False and exit."
+            ),
+            timestamp_started=get_timestamp(),
+            timestamp_ended=get_timestamp(),
+        )
+        db.add(task_group)
+        db.add(task_group_activity)
+        await db.commit()
+        response.status_code = status.HTTP_202_ACCEPTED
+        return task_group_activity
+
+    task_group_activity = TaskGroupActivityV2(
+        user_id=task_group.user_id,
+        taskgroupv2_id=task_group.id,
+        status=TaskGroupActivityStatusV2.PENDING,
+        action=TaskGroupActivityActionV2.DEACTIVATE,
+        pkg_name=task_group.pkg_name,
+        version=task_group.version,
+        timestamp_started=get_timestamp(),
+    )
+    task_group.active = False
+    db.add(task_group)
+    db.add(task_group_activity)
+    await db.commit()
+
+    # Submit background task
+    settings = Inject(get_settings)
+    if settings.FRACTAL_RUNNER_BACKEND == "slurm_ssh":
+
+        # Validate user settings (backend-specific)
+        user_settings = await validate_user_settings(
+            user=user, backend=settings.FRACTAL_RUNNER_BACKEND, db=db
+        )
+
+        # User appropriate FractalSSH object
+        ssh_credentials = dict(
+            user=user_settings.ssh_username,
+            host=user_settings.ssh_host,
+            key_path=user_settings.ssh_private_key_path,
+        )
+        fractal_ssh_list = request.app.state.fractal_ssh_list
+        fractal_ssh = fractal_ssh_list.get(**ssh_credentials)
+
+        background_tasks.add_task(
+            deactivate_ssh,
+            task_group_id=task_group.id,
+            task_group_activity_id=task_group_activity.id,
+            fractal_ssh=fractal_ssh,
+            tasks_base_dir=user_settings.ssh_tasks_dir,
+        )
+
+    else:
+        background_tasks.add_task(
+            deactivate_local,
+            task_group_id=task_group.id,
+            task_group_activity_id=task_group_activity.id,
+        )
+
+    logger.debug(
+        "Task group deactivation endpoint: start deactivate "
+        "and return task_group_activity"
+    )
+    response.status_code = status.HTTP_202_ACCEPTED
+    return task_group_activity
+
+
+@router.post(
+    "/{task_group_id}/reactivate/",
+    response_model=TaskGroupActivityV2Read,
+)
+async def reactivate_task_group(
+    task_group_id: int,
+    background_tasks: BackgroundTasks,
+    response: Response,
+    request: Request,
+    user: UserOAuth = Depends(current_active_user),
+    db: AsyncSession = Depends(get_async_db),
+) -> TaskGroupReadV2:
+    """
+    Deactivate task-group venv
+    """
+
+    # Check access
+    task_group = await _get_task_group_full_access(
+        task_group_id=task_group_id,
+        user_id=user.id,
+        db=db,
+    )
+
+    # Check that task-group is not active
+    if task_group.active:
+        raise HTTPException(
+            status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
+            detail=(
+                f"Cannot reactivate a task group with {task_group.active=}."
+            ),
+        )
+
+    # Check no other activity is ongoing
+    await check_no_ongoing_activity(task_group_id=task_group_id, db=db)
+
+    # Check no submitted jobs use tasks from this task group
+    await check_no_submitted_job(task_group_id=task_group.id, db=db)
+
+    # Shortcut for task-group with origin="other"
+    if task_group.origin == TaskGroupV2OriginEnum.OTHER:
+        task_group.active = True
+        task_group_activity = TaskGroupActivityV2(
+            user_id=task_group.user_id,
+            taskgroupv2_id=task_group.id,
+            status=TaskGroupActivityStatusV2.OK,
+            action=TaskGroupActivityActionV2.REACTIVATE,
+            pkg_name=task_group.pkg_name,
+            version=(task_group.version or "N/A"),
+            log=(
+                f"Task group has {task_group.origin=}, set "
+                "task_group.active to True and exit."
+            ),
+            timestamp_started=get_timestamp(),
+            timestamp_ended=get_timestamp(),
+        )
+        db.add(task_group)
+        db.add(task_group_activity)
+        await db.commit()
+        response.status_code = status.HTTP_202_ACCEPTED
+        return task_group_activity
+
+    if task_group.pip_freeze is None:
+        raise HTTPException(
+            status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
+            detail=(
+                "Cannot reactivate a task group with "
+                f"{task_group.pip_freeze=}."
+            ),
+        )
+
+    task_group_activity = TaskGroupActivityV2(
+        user_id=task_group.user_id,
+        taskgroupv2_id=task_group.id,
+        status=TaskGroupActivityStatusV2.PENDING,
+        action=TaskGroupActivityActionV2.REACTIVATE,
+        pkg_name=task_group.pkg_name,
+        version=task_group.version,
+        timestamp_started=get_timestamp(),
+    )
+    db.add(task_group_activity)
+    await db.commit()
+
+    # Submit background task
+    settings = Inject(get_settings)
+    if settings.FRACTAL_RUNNER_BACKEND == "slurm_ssh":
+
+        # Validate user settings (backend-specific)
+        user_settings = await validate_user_settings(
+            user=user, backend=settings.FRACTAL_RUNNER_BACKEND, db=db
+        )
+
+        # Use appropriate FractalSSH object
+        ssh_credentials = dict(
+            user=user_settings.ssh_username,
+            host=user_settings.ssh_host,
+            key_path=user_settings.ssh_private_key_path,
+        )
+        fractal_ssh_list = request.app.state.fractal_ssh_list
+        fractal_ssh = fractal_ssh_list.get(**ssh_credentials)
+
+        background_tasks.add_task(
+            reactivate_ssh,
+            task_group_id=task_group.id,
+            task_group_activity_id=task_group_activity.id,
+            fractal_ssh=fractal_ssh,
+            tasks_base_dir=user_settings.ssh_tasks_dir,
+        )
+
+    else:
+        background_tasks.add_task(
+            reactivate_local,
+            task_group_id=task_group.id,
+            task_group_activity_id=task_group_activity.id,
+        )
+    logger.debug(
+        "Task group reactivation endpoint: start reactivate "
+        "and return task_group_activity"
+    )
+    response.status_code = status.HTTP_202_ACCEPTED
+    return task_group_activity

fractal_server/app/routes/api/v2/workflow.py

@@ -23,7 +23,7 @@ from ._aux_functions import _get_submitted_jobs_statement
 from ._aux_functions import _get_workflow_check_owner
 from ._aux_functions_tasks import _add_warnings_to_workflow_tasks
 from fractal_server.app.models import UserOAuth
-from fractal_server.app.models.v2.task import TaskGroupV2
+from fractal_server.app.models.v2 import TaskGroupV2
 from fractal_server.app.routes.auth import current_active_user
 
 router = APIRouter()

fractal_server/app/routes/api/v2/workflow_import.py

@@ -21,10 +21,10 @@ from ._aux_functions import _workflow_insert_task
 from ._aux_functions_tasks import _add_warnings_to_workflow_tasks
 from fractal_server.app.models import LinkUserGroup
 from fractal_server.app.models import UserOAuth
-from fractal_server.app.models.v2.task import TaskGroupV2
+from fractal_server.app.models.v2 import TaskGroupV2
 from fractal_server.app.routes.auth import current_active_user
 from fractal_server.app.routes.auth._aux_auth import _get_default_usergroup_id
-from fractal_server.app.schemas.v2.task import TaskImportV2
+from fractal_server.app.schemas.v2 import TaskImportV2
 from fractal_server.logger import set_logger
 
 router = APIRouter()

fractal_server/app/routes/auth/current_user.py

@@ -1,6 +1,8 @@
 """
 Definition of `/auth/current-user/` endpoints
 """
+import os
+
 from fastapi import APIRouter
 from fastapi import Depends
 from fastapi_users import schemas
@@ -22,6 +24,8 @@ from fractal_server.app.schemas import UserSettingsReadStrict
 from fractal_server.app.schemas import UserSettingsUpdateStrict
 from fractal_server.app.security import get_user_manager
 from fractal_server.app.security import UserManager
+from fractal_server.config import get_settings
+from fractal_server.syringe import Inject
 
 router_current_user = APIRouter()
 
@@ -109,26 +113,65 @@ async def patch_current_user_settings(
 
 
 @router_current_user.get(
-    "/current-user/viewer-paths/", response_model=list[str]
+    "/current-user/allowed-viewer-paths/", response_model=list[str]
 )
-async def get_current_user_viewer_paths(
+async def get_current_user_allowed_viewer_paths(
     current_user: UserOAuth = Depends(current_active_user),
     db: AsyncSession = Depends(get_async_db),
 ) -> list[str]:
-    """Returns the union of `viewer_paths` for all user's groups"""
-    cmd = (
-        select(UserGroup.viewer_paths)
-        .join(LinkUserGroup)
-        .where(LinkUserGroup.group_id == UserGroup.id)
-        .where(LinkUserGroup.user_id == current_user.id)
-    )
-    res = await db.execute(cmd)
-    viewer_paths_nested = res.scalars().all()
+    """
+    Returns the allowed viewer paths for current user, according to the
+    selected FRACTAL_VIEWER_AUTHORIZATION_SCHEME
+    """
 
-    # Flatten a nested object and make its elements unique
-    all_viewer_paths_set = set(
-        path for _viewer_paths in viewer_paths_nested for path in _viewer_paths
-    )
-    all_viewer_paths = list(all_viewer_paths_set)
+    settings = Inject(get_settings)
+
+    if settings.FRACTAL_VIEWER_AUTHORIZATION_SCHEME == "none":
+        return []
 
-    return all_viewer_paths
+    authorized_paths = []
+
+    # Respond with 422 error if user has no settings
+    verify_user_has_settings(current_user)
+
+    # Load current user settings
+    current_user_settings = await db.get(
+        UserSettings, current_user.user_settings_id
+    )
+    # If project_dir is set, append it to the list of authorized paths
+    if current_user_settings.project_dir is not None:
+        authorized_paths.append(current_user_settings.project_dir)
+
+    # If auth scheme is "users-folders" and `slurm_user` is set,
+    # build and append the user folder
+    if (
+        settings.FRACTAL_VIEWER_AUTHORIZATION_SCHEME == "users-folders"
+        and current_user_settings.slurm_user is not None
+    ):
+        base_folder = settings.FRACTAL_VIEWER_BASE_FOLDER
+        user_folder = os.path.join(
+            base_folder, current_user_settings.slurm_user
+        )
+        authorized_paths.append(user_folder)
+
+    if settings.FRACTAL_VIEWER_AUTHORIZATION_SCHEME == "viewer-paths":
+        # Returns the union of `viewer_paths` for all user's groups
+        cmd = (
+            select(UserGroup.viewer_paths)
+            .join(LinkUserGroup)
+            .where(LinkUserGroup.group_id == UserGroup.id)
+            .where(LinkUserGroup.user_id == current_user.id)
+        )
+        res = await db.execute(cmd)
+        viewer_paths_nested = res.scalars().all()
+
+        # Flatten a nested object and make its elements unique
+        all_viewer_paths_set = set(
+            path
+            for _viewer_paths in viewer_paths_nested
+            for path in _viewer_paths
+        )
+
+        authorized_paths.extend(all_viewer_paths_set)
+
+    return authorized_paths

fractal_server/app/routes/auth/group.py

@@ -6,14 +6,13 @@ from fastapi import Depends
 from fastapi import HTTPException
 from fastapi import Response
 from fastapi import status
-from sqlalchemy.exc import IntegrityError
 from sqlalchemy.ext.asyncio import AsyncSession
-from sqlmodel import col
-from sqlmodel import func
 from sqlmodel import select
 
 from . import current_active_superuser
+from ._aux_auth import _get_default_usergroup_id
 from ._aux_auth import _get_single_usergroup_with_user_ids
+from ._aux_auth import _user_or_404
 from ._aux_auth import _usergroup_or_404
 from fractal_server.app.db import get_async_db
 from fractal_server.app.models import LinkUserGroup
@@ -126,42 +125,6 @@ async def update_single_group(
 
     group = await _usergroup_or_404(group_id, db)
 
-    # Check that all required users exist
-    # Note: The reason for introducing `col` is as in
-    # https://sqlmodel.tiangolo.com/tutorial/where/#type-annotations-and-errors,
-    stm = select(func.count()).where(
-        col(UserOAuth.id).in_(group_update.new_user_ids)
-    )
-    res = await db.execute(stm)
-    number_matching_users = res.scalar()
-    if number_matching_users != len(group_update.new_user_ids):
-        raise HTTPException(
-            status_code=status.HTTP_404_NOT_FOUND,
-            detail=(
-                f"Not all requested users (IDs {group_update.new_user_ids}) "
-                "exist."
-            ),
-        )
-
-    # Add new users to existing group
-    for user_id in group_update.new_user_ids:
-        link = LinkUserGroup(user_id=user_id, group_id=group_id)
-        db.add(link)
-    try:
-        await db.commit()
-    except IntegrityError as e:
-        error_msg = (
-            f"Cannot link users with IDs {group_update.new_user_ids} "
-            f"to group {group_id}. "
-            "Likely reason: one of these links already exists.\n"
-            f"Original error: {str(e)}"
-        )
-        logger.info(error_msg)
-        raise HTTPException(
-            status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
-            detail=error_msg,
-        )
-
     # Patch `viewer_paths`
     if group_update.viewer_paths is not None:
         group.viewer_paths = group_update.viewer_paths
@@ -239,3 +202,68 @@ async def patch_user_settings_bulk(
     await db.commit()
 
     return Response(status_code=status.HTTP_200_OK)
+
+
+@router_group.post("/group/{group_id}/add-user/{user_id}/", status_code=200)
+async def add_user_to_group(
+    group_id: int,
+    user_id: int,
+    superuser: UserOAuth = Depends(current_active_superuser),
+    db: AsyncSession = Depends(get_async_db),
+) -> UserGroupRead:
+    await _usergroup_or_404(group_id, db)
+    user = await _user_or_404(user_id, db)
+    link = await db.get(LinkUserGroup, (group_id, user_id))
+    if link is None:
+        db.add(LinkUserGroup(group_id=group_id, user_id=user_id))
+        await db.commit()
+    else:
+        raise HTTPException(
+            status_code=422,
+            detail=(
+                f"User '{user.email}' is already a member of group {group_id}."
+            ),
+        )
+    group = await _get_single_usergroup_with_user_ids(group_id=group_id, db=db)
+    return group
+
+
+@router_group.post("/group/{group_id}/remove-user/{user_id}/", status_code=200)
+async def remove_user_from_group(
+    group_id: int,
+    user_id: int,
+    superuser: UserOAuth = Depends(current_active_superuser),
+    db: AsyncSession = Depends(get_async_db),
+) -> UserGroupRead:
+
+    # Check that user and group exist
+    await _usergroup_or_404(group_id, db)
+    user = await _user_or_404(user_id, db)
+
+    # Check that group is not the default one
+    default_user_group_id = await _get_default_usergroup_id(db=db)
+    if default_user_group_id == group_id:
+        raise HTTPException(
+            status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
+            detail=(
+                f"Cannot remove user from '{FRACTAL_DEFAULT_GROUP_NAME}' "
+                "group.",
+            ),
+        )
+
+    link = await db.get(LinkUserGroup, (group_id, user_id))
+    if link is None:
+        # If user and group are not linked, fail
+        raise HTTPException(
+            status_code=422,
+            detail=f"User '{user.email}' is not a member of group {group_id}.",
+        )
+    else:
+        # If user and group are linked, delete the link
+        await db.delete(link)
+        await db.commit()
+
+    # Enrich the response object with user_ids
+    group = await _get_single_usergroup_with_user_ids(group_id=group_id, db=db)
+
+    return group