fractal-server 2.9.0a10__py3-none-any.whl → 2.9.0a11__py3-none-any.whl

fractal_server/__init__.py

@@ -1 +1 @@
-__VERSION__ = "2.9.0a10"
+__VERSION__ = "2.9.0a11"

fractal_server/app/routes/auth/users.py

@@ -8,9 +8,7 @@ from fastapi import status
 from fastapi_users import exceptions
 from fastapi_users import schemas
 from fastapi_users.router.common import ErrorCode
-from sqlalchemy.exc import IntegrityError
 from sqlalchemy.ext.asyncio import AsyncSession
-from sqlmodel import col
 from sqlmodel import func
 from sqlmodel import select
 
@@ -18,9 +16,10 @@ from . import current_active_superuser
 from ...db import get_async_db
 from ...schemas.user import UserRead
 from ...schemas.user import UserUpdate
-from ...schemas.user import UserUpdateWithNewGroupIds
 from ..aux.validate_user_settings import verify_user_has_settings
+from ._aux_auth import _get_default_usergroup_id
 from ._aux_auth import _get_single_user_with_groups
+from ._aux_auth import FRACTAL_DEFAULT_GROUP_NAME
 from fractal_server.app.models import LinkUserGroup
 from fractal_server.app.models import UserGroup
 from fractal_server.app.models import UserOAuth
@@ -28,6 +27,7 @@ from fractal_server.app.models import UserSettings
 from fractal_server.app.routes.auth._aux_auth import _user_or_404
 from fractal_server.app.schemas import UserSettingsRead
 from fractal_server.app.schemas import UserSettingsUpdate
+from fractal_server.app.schemas.user import UserUpdateGroups
 from fractal_server.app.security import get_user_manager
 from fractal_server.app.security import UserManager
 from fractal_server.logger import set_logger
@@ -55,114 +55,43 @@ async def get_user(
 @router_users.patch("/users/{user_id}/", response_model=UserRead)
 async def patch_user(
     user_id: int,
-    user_update: UserUpdateWithNewGroupIds,
+    user_update: UserUpdate,
     current_superuser: UserOAuth = Depends(current_active_superuser),
     user_manager: UserManager = Depends(get_user_manager),
     db: AsyncSession = Depends(get_async_db),
 ):
     """
     Custom version of the PATCH-user route from `fastapi-users`.
-
-    In order to keep the fastapi-users logic in place (which is convenient to
-    update user attributes), we split the endpoint into two branches. We either
-    go through the fastapi-users-based attribute-update branch, or through the
-    branch where we establish new user/group relationships.
-
-    Note that we prevent making both changes at the same time, since it would
-    be more complex to guarantee that endpoint error would leave the database
-    in the same state as before the API call.
     """
 
-    # We prevent simultaneous editing of both user attributes and user/group
-    # associations
-    user_update_dict_without_groups = user_update.dict(
-        exclude_unset=True, exclude={"new_group_ids"}
-    )
-    edit_attributes = user_update_dict_without_groups != {}
-    edit_groups = user_update.new_group_ids is not None
-    if edit_attributes and edit_groups:
-        raise HTTPException(
-            status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
-            detail=(
-                "Cannot modify both user attributes and group membership. "
-                "Please make two independent PATCH calls"
-            ),
-        )
-
     # Check that user exists
     user_to_patch = await _user_or_404(user_id, db)
 
-    if edit_groups:
-        # Establish new user/group relationships
-
-        # Check that all required groups exist
-        # Note: The reason for introducing `col` is as in
-        # https://sqlmodel.tiangolo.com/tutorial/where/#type-annotations-and-errors,
-        stm = select(func.count()).where(
-            col(UserGroup.id).in_(user_update.new_group_ids)
+    # Modify user attributes
+    try:
+        user = await user_manager.update(
+            user_update,
+            user_to_patch,
+            safe=False,
+            request=None,
+        )
+        validated_user = schemas.model_validate(UserOAuth, user)
+        patched_user = await db.get(
+            UserOAuth, validated_user.id, populate_existing=True
+        )
+    except exceptions.InvalidPasswordException as e:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail={
+                "code": ErrorCode.UPDATE_USER_INVALID_PASSWORD,
+                "reason": e.reason,
+            },
+        )
+    except exceptions.UserAlreadyExists:
+        raise HTTPException(
+            status.HTTP_400_BAD_REQUEST,
+            detail=ErrorCode.UPDATE_USER_EMAIL_ALREADY_EXISTS,
         )
-        res = await db.execute(stm)
-        number_matching_groups = res.scalar()
-        if number_matching_groups != len(user_update.new_group_ids):
-            raise HTTPException(
-                status_code=status.HTTP_404_NOT_FOUND,
-                detail=(
-                    "Not all requested groups (IDs: "
-                    f"{user_update.new_group_ids}) exist."
-                ),
-            )
-
-        for new_group_id in user_update.new_group_ids:
-            link = LinkUserGroup(user_id=user_id, group_id=new_group_id)
-            db.add(link)
-
-        try:
-            await db.commit()
-        except IntegrityError as e:
-            error_msg = (
-                f"Cannot link groups with IDs {user_update.new_group_ids} "
-                f"to user {user_id}. "
-                "Likely reason: one of these links already exists.\n"
-                f"Original error: {str(e)}"
-            )
-            logger.info(error_msg)
-            raise HTTPException(
-                status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
-                detail=error_msg,
-            )
-        patched_user = user_to_patch
-    elif edit_attributes:
-        # Modify user attributes
-        try:
-            user_update_without_groups = UserUpdate(
-                **user_update_dict_without_groups
-            )
-            user = await user_manager.update(
-                user_update_without_groups,
-                user_to_patch,
-                safe=False,
-                request=None,
-            )
-            validated_user = schemas.model_validate(UserOAuth, user)
-            patched_user = await db.get(
-                UserOAuth, validated_user.id, populate_existing=True
-            )
-        except exceptions.InvalidPasswordException as e:
-            raise HTTPException(
-                status_code=status.HTTP_400_BAD_REQUEST,
-                detail={
-                    "code": ErrorCode.UPDATE_USER_INVALID_PASSWORD,
-                    "reason": e.reason,
-                },
-            )
-        except exceptions.UserAlreadyExists:
-            raise HTTPException(
-                status.HTTP_400_BAD_REQUEST,
-                detail=ErrorCode.UPDATE_USER_EMAIL_ALREADY_EXISTS,
-            )
-    else:
-        # Nothing to do, just continue
-        patched_user = user_to_patch
 
     # Enrich user object with `group_ids_names` attribute
     patched_user_with_groups = await _get_single_user_with_groups(
@@ -203,6 +132,75 @@ async def list_users(
     return user_list
 
 
+@router_users.post("/users/{user_id}/set-groups/", response_model=UserRead)
+async def set_user_groups(
+    user_id: int,
+    user_update: UserUpdateGroups,
+    superuser: UserOAuth = Depends(current_active_superuser),
+    db: AsyncSession = Depends(get_async_db),
+) -> UserRead:
+
+    # Preliminary check that all objects exist in the db
+    user = await _user_or_404(user_id=user_id, db=db)
+    target_group_ids = user_update.group_ids
+    stm = select(func.count(UserGroup.id)).where(
+        UserGroup.id.in_(target_group_ids)
+    )
+    res = await db.execute(stm)
+    count = res.scalar()
+    if count != len(target_group_ids):
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail=f"Some UserGroups in {target_group_ids} do not exist.",
+        )
+
+    # Check that default group is not being removed
+    default_group_id = await _get_default_usergroup_id(db=db)
+    if default_group_id not in target_group_ids:
+        raise HTTPException(
+            status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
+            detail=(
+                f"Cannot remove user from "
+                f"'{FRACTAL_DEFAULT_GROUP_NAME}' group.",
+            ),
+        )
+
+    # Prepare lists of links to be removed
+    res = await db.execute(
+        select(LinkUserGroup)
+        .where(LinkUserGroup.user_id == user_id)
+        .where(LinkUserGroup.group_id.not_in(target_group_ids))
+    )
+    links_to_remove = res.scalars().all()
+
+    # Prepare lists of links to be added
+    res = await db.execute(
+        select(LinkUserGroup.group_id)
+        .where(LinkUserGroup.user_id == user_id)
+        .where(LinkUserGroup.group_id.in_(target_group_ids))
+    )
+    ids_links_already_in = res.scalars().all()
+    ids_links_to_add = set(target_group_ids) - set(ids_links_already_in)
+
+    # Remove/create links as needed
+    for link in links_to_remove:
+        logger.info(
+            f"Removing LinkUserGroup with {link.user_id=} "
+            f"and {link.group_id=}."
+        )
+        await db.delete(link)
+    for group_id in ids_links_to_add:
+        logger.info(
+            f"Creating new LinkUserGroup with {user_id=} " f"and {group_id=}."
+        )
+        db.add(LinkUserGroup(user_id=user_id, group_id=group_id))
+    await db.commit()
+
+    user_with_groups = await _get_single_user_with_groups(user, db)
+
+    return user_with_groups
+
+
 @router_users.get(
     "/users/{user_id}/settings/", response_model=UserSettingsRead
 )

fractal_server/app/schemas/user.py

@@ -3,6 +3,7 @@ from typing import Optional
 from fastapi_users import schemas
 from pydantic import BaseModel
 from pydantic import Extra
+from pydantic import Field
 from pydantic import validator
 
 from ._validators import val_unique_list
@@ -11,8 +12,8 @@ from ._validators import valstr
 __all__ = (
     "UserRead",
     "UserUpdate",
+    "UserUpdateGroups",
     "UserCreate",
-    "UserUpdateWithNewGroupIds",
 )
 
 
@@ -45,7 +46,7 @@ class UserRead(schemas.BaseUser[int]):
     oauth_accounts: list[OAuthAccountRead]
 
 
-class UserUpdate(schemas.BaseUserUpdate):
+class UserUpdate(schemas.BaseUserUpdate, extra=Extra.forbid):
     """
     Schema for `User` update.
 
@@ -82,14 +83,6 @@ class UserUpdateStrict(BaseModel, extra=Extra.forbid):
     pass
 
 
-class UserUpdateWithNewGroupIds(UserUpdate):
-    new_group_ids: Optional[list[int]] = None
-
-    _val_unique = validator("new_group_ids", allow_reuse=True)(
-        val_unique_list("new_group_ids")
-    )
-
-
 class UserCreate(schemas.BaseUserCreate):
     """
     Schema for `User` creation.
@@ -103,3 +96,16 @@ class UserCreate(schemas.BaseUserCreate):
     # Validators
 
     _username = validator("username", allow_reuse=True)(valstr("username"))
+
+
+class UserUpdateGroups(BaseModel, extra=Extra.forbid):
+    """
+    Schema for `POST /auth/users/{user_id}/set-groups/`
+
+    """
+
+    group_ids: list[int] = Field(min_items=1)
+
+    _group_ids = validator("group_ids", allow_reuse=True)(
+        val_unique_list("group_ids")
+    )

{fractal_server-2.9.0a10.dist-info → fractal_server-2.9.0a11.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: fractal-server
-Version: 2.9.0a10
+Version: 2.9.0a11
 Summary: Server component of the Fractal analytics platform
 Home-page: https://github.com/fractal-analytics-platform/fractal-server
 License: BSD-3-Clause

{fractal_server-2.9.0a10.dist-info → fractal_server-2.9.0a11.dist-info}/RECORD

@@ -1,4 +1,4 @@
-fractal_server/__init__.py,sha256=bOb7y0ERfwPyi1oCYCLL0TUUUEB3QNEldOxpWFB5zGo,25
+fractal_server/__init__.py,sha256=awxUTr6llNkjH1-5c-_yED0mpNs4APblXMX5R7fA0Qs,25
 fractal_server/__main__.py,sha256=dEkCfzLLQrIlxsGC-HBfoR-RBMWnJDgNrxYTyzmE9c0,6146
 fractal_server/alembic.ini,sha256=MWwi7GzjzawI9cCAK1LW7NxIBQDUqD12-ptJoq5JpP0,3153
 fractal_server/app/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -68,7 +68,7 @@ fractal_server/app/routes/auth/login.py,sha256=tSu6OBLOieoBtMZB4JkBAdEgH2Y8KqPGS
 fractal_server/app/routes/auth/oauth.py,sha256=AnFHbjqL2AgBX3eksI931xD6RTtmbciHBEuGf9YJLjU,1895
 fractal_server/app/routes/auth/register.py,sha256=DlHq79iOvGd_gt2v9uwtsqIKeO6i_GKaW59VIkllPqY,587
 fractal_server/app/routes/auth/router.py,sha256=tzJrygXFZlmV_uWelVqTOJMEH-3Fr7ydwlgx1LxRjxY,527
-fractal_server/app/routes/auth/users.py,sha256=FzKNoB-wD32AkVOj1Vi29lGGyOl8NSMCRL9tEhxqpJk,8403
+fractal_server/app/routes/auth/users.py,sha256=kZv-Ls224WBFiuvVeM584LhYq_BLz6HQ9HpWbWQxRRM,7808
 fractal_server/app/routes/aux/__init__.py,sha256=LR4bR7RunHAK6jc9IR2bReQd-BdXADdnDccXI4uGeGY,731
 fractal_server/app/routes/aux/_job.py,sha256=q-RCiW17yXnZKAC_0La52RLvhqhxuvbgQJ2MlGXOj8A,702
 fractal_server/app/routes/aux/_runner.py,sha256=FdCVla5DxGAZ__aB7Z8dEJzD_RIeh5tftjrPyqkr8N8,895
@@ -135,7 +135,7 @@ fractal_server/app/runner/v2/task_interface.py,sha256=hT3p-bRGsLNAR_dNv_PYFoqzIF
 fractal_server/app/runner/versions.py,sha256=dSaPRWqmFPHjg20kTCHmi_dmGNcCETflDtDLronNanU,852
 fractal_server/app/schemas/__init__.py,sha256=stURAU_t3AOBaH0HSUbV-GKhlPKngnnIMoqWc3orFyI,135
 fractal_server/app/schemas/_validators.py,sha256=T5EswIJAJRvawfzqWtPcN2INAfiBXyE4m0iwQm4ht-0,3149
-fractal_server/app/schemas/user.py,sha256=aUD8YAcfYTEO06TEUoTx4heVrXFiX7E2Mb8D2--4FsA,2130
+fractal_server/app/schemas/user.py,sha256=icjox9gK_invW44Nh_L4CvqfRa92qghyQhmevyg09nQ,2243
 fractal_server/app/schemas/user_group.py,sha256=t30Kd07PY43G_AqFDb8vjdInTeLeU9WvFZDx8fVLPSI,1750
 fractal_server/app/schemas/user_settings.py,sha256=TalISeEfCrtN8LgqbLx1Q8ZPoeiZnbksg5NYAVzkIqY,3527
 fractal_server/app/schemas/v1/__init__.py,sha256=CrBGgBhoemCvmZ70ZUchM-jfVAICnoa7AjZBAtL2UB0,1852
@@ -238,8 +238,8 @@ fractal_server/tasks/v2/utils_templates.py,sha256=C5WLuY3uGG2s53OEL-__H35-fmSlgu
 fractal_server/urls.py,sha256=5o_qq7PzKKbwq12NHSQZDmDitn5RAOeQ4xufu-2v9Zk,448
 fractal_server/utils.py,sha256=utvmBx8K9I8hRWFquxna2pBaOqe0JifDL_NVPmihEJI,3525
 fractal_server/zip_tools.py,sha256=GjDgo_sf6V_DDg6wWeBlZu5zypIxycn_l257p_YVKGc,4876
-fractal_server-2.9.0a10.dist-info/LICENSE,sha256=QKAharUuhxL58kSoLizKJeZE3mTCBnX6ucmz8W0lxlk,1576
-fractal_server-2.9.0a10.dist-info/METADATA,sha256=m2WwGM-wSD_5ffYqaGCVERw4RZ7yhM7VtxSdlGt3xGQ,4586
-fractal_server-2.9.0a10.dist-info/WHEEL,sha256=sP946D7jFCHeNz5Iq4fL4Lu-PrWrFsgfLXbbkciIZwg,88
-fractal_server-2.9.0a10.dist-info/entry_points.txt,sha256=8tV2kynvFkjnhbtDnxAqImL6HMVKsopgGfew0DOp5UY,58
-fractal_server-2.9.0a10.dist-info/RECORD,,
+fractal_server-2.9.0a11.dist-info/LICENSE,sha256=QKAharUuhxL58kSoLizKJeZE3mTCBnX6ucmz8W0lxlk,1576
+fractal_server-2.9.0a11.dist-info/METADATA,sha256=0SUdcGO7gPL9_VuNTLt10VitKNIgZTgQ5VL4FV2xjX8,4586
+fractal_server-2.9.0a11.dist-info/WHEEL,sha256=sP946D7jFCHeNz5Iq4fL4Lu-PrWrFsgfLXbbkciIZwg,88
+fractal_server-2.9.0a11.dist-info/entry_points.txt,sha256=8tV2kynvFkjnhbtDnxAqImL6HMVKsopgGfew0DOp5UY,58
+fractal_server-2.9.0a11.dist-info/RECORD,,