fractal-server 2.9.0a8__py3-none-any.whl → 2.9.0a10__py3-none-any.whl

fractal_server/__init__.py

@@ -1 +1 @@
-__VERSION__ = "2.9.0a8"
+__VERSION__ = "2.9.0a10"

fractal_server/app/routes/admin/v2/task.py

@@ -7,6 +7,7 @@ from fastapi import status
 from pydantic import BaseModel
 from pydantic import EmailStr
 from pydantic import Field
+from sqlmodel import func
 from sqlmodel import select
 
 from fractal_server.app.db import AsyncSession
@@ -60,6 +61,9 @@ async def query_tasks(
     version: Optional[str] = None,
     name: Optional[str] = None,
     max_number_of_results: int = 25,
+    category: Optional[str] = None,
+    modality: Optional[str] = None,
+    author: Optional[str] = None,
     user: UserOAuth = Depends(current_active_superuser),
     db: AsyncSession = Depends(get_async_db),
 ) -> list[TaskV2Info]:
@@ -74,6 +78,9 @@ async def query_tasks(
         version: If not `None`, query for matching `task.version`.
         name: If not `None`, query for contained case insensitive `task.name`.
         max_number_of_results: The maximum length of the response.
+        category:
+        modality:
+        author:
     """
 
     stm = select(TaskV2)
@@ -86,6 +93,12 @@ async def query_tasks(
         stm = stm.where(TaskV2.version == version)
     if name is not None:
         stm = stm.where(TaskV2.name.icontains(name))
+    if category is not None:
+        stm = stm.where(func.lower(TaskV2.category) == category.lower())
+    if modality is not None:
+        stm = stm.where(func.lower(TaskV2.modality) == modality.lower())
+    if author is not None:
+        stm = stm.where(TaskV2.authors.icontains(author))
 
     res = await db.execute(stm)
     task_list = res.scalars().all()

fractal_server/app/routes/auth/current_user.py

@@ -1,6 +1,8 @@
 """
 Definition of `/auth/current-user/` endpoints
 """
+import os
+
 from fastapi import APIRouter
 from fastapi import Depends
 from fastapi_users import schemas
@@ -22,6 +24,8 @@ from fractal_server.app.schemas import UserSettingsReadStrict
 from fractal_server.app.schemas import UserSettingsUpdateStrict
 from fractal_server.app.security import get_user_manager
 from fractal_server.app.security import UserManager
+from fractal_server.config import get_settings
+from fractal_server.syringe import Inject
 
 router_current_user = APIRouter()
 
@@ -109,26 +113,65 @@ async def patch_current_user_settings(
 
 
 @router_current_user.get(
-    "/current-user/viewer-paths/", response_model=list[str]
+    "/current-user/allowed-viewer-paths/", response_model=list[str]
 )
-async def get_current_user_viewer_paths(
+async def get_current_user_allowed_viewer_paths(
     current_user: UserOAuth = Depends(current_active_user),
     db: AsyncSession = Depends(get_async_db),
 ) -> list[str]:
-    """Returns the union of `viewer_paths` for all user's groups"""
-    cmd = (
-        select(UserGroup.viewer_paths)
-        .join(LinkUserGroup)
-        .where(LinkUserGroup.group_id == UserGroup.id)
-        .where(LinkUserGroup.user_id == current_user.id)
-    )
-    res = await db.execute(cmd)
-    viewer_paths_nested = res.scalars().all()
+    """
+    Returns the allowed viewer paths for current user, according to the
+    selected FRACTAL_VIEWER_AUTHORIZATION_SCHEME
+    """
 
-    # Flatten a nested object and make its elements unique
-    all_viewer_paths_set = set(
-        path for _viewer_paths in viewer_paths_nested for path in _viewer_paths
-    )
-    all_viewer_paths = list(all_viewer_paths_set)
+    settings = Inject(get_settings)
+
+    if settings.FRACTAL_VIEWER_AUTHORIZATION_SCHEME == "none":
+        return []
 
-    return all_viewer_paths
+    authorized_paths = []
+
+    # Respond with 422 error if user has no settings
+    verify_user_has_settings(current_user)
+
+    # Load current user settings
+    current_user_settings = await db.get(
+        UserSettings, current_user.user_settings_id
+    )
+    # If project_dir is set, append it to the list of authorized paths
+    if current_user_settings.project_dir is not None:
+        authorized_paths.append(current_user_settings.project_dir)
+
+    # If auth scheme is "users-folders" and `slurm_user` is set,
+    # build and append the user folder
+    if (
+        settings.FRACTAL_VIEWER_AUTHORIZATION_SCHEME == "users-folders"
+        and current_user_settings.slurm_user is not None
+    ):
+        base_folder = settings.FRACTAL_VIEWER_BASE_FOLDER
+        user_folder = os.path.join(
+            base_folder, current_user_settings.slurm_user
+        )
+        authorized_paths.append(user_folder)
+
+    if settings.FRACTAL_VIEWER_AUTHORIZATION_SCHEME == "viewer-paths":
+        # Returns the union of `viewer_paths` for all user's groups
+        cmd = (
+            select(UserGroup.viewer_paths)
+            .join(LinkUserGroup)
+            .where(LinkUserGroup.group_id == UserGroup.id)
+            .where(LinkUserGroup.user_id == current_user.id)
+        )
+        res = await db.execute(cmd)
+        viewer_paths_nested = res.scalars().all()
+
+        # Flatten a nested object and make its elements unique
+        all_viewer_paths_set = set(
+            path
+            for _viewer_paths in viewer_paths_nested
+            for path in _viewer_paths
+        )
+
+        authorized_paths.extend(all_viewer_paths_set)
+
+    return authorized_paths

fractal_server/app/routes/auth/group.py

@@ -6,14 +6,12 @@ from fastapi import Depends
 from fastapi import HTTPException
 from fastapi import Response
 from fastapi import status
-from sqlalchemy.exc import IntegrityError
 from sqlalchemy.ext.asyncio import AsyncSession
-from sqlmodel import col
-from sqlmodel import func
 from sqlmodel import select
 
 from . import current_active_superuser
 from ._aux_auth import _get_single_usergroup_with_user_ids
+from ._aux_auth import _user_or_404
 from ._aux_auth import _usergroup_or_404
 from fractal_server.app.db import get_async_db
 from fractal_server.app.models import LinkUserGroup
@@ -126,42 +124,6 @@ async def update_single_group(
 
     group = await _usergroup_or_404(group_id, db)
 
-    # Check that all required users exist
-    # Note: The reason for introducing `col` is as in
-    # https://sqlmodel.tiangolo.com/tutorial/where/#type-annotations-and-errors,
-    stm = select(func.count()).where(
-        col(UserOAuth.id).in_(group_update.new_user_ids)
-    )
-    res = await db.execute(stm)
-    number_matching_users = res.scalar()
-    if number_matching_users != len(group_update.new_user_ids):
-        raise HTTPException(
-            status_code=status.HTTP_404_NOT_FOUND,
-            detail=(
-                f"Not all requested users (IDs {group_update.new_user_ids}) "
-                "exist."
-            ),
-        )
-
-    # Add new users to existing group
-    for user_id in group_update.new_user_ids:
-        link = LinkUserGroup(user_id=user_id, group_id=group_id)
-        db.add(link)
-    try:
-        await db.commit()
-    except IntegrityError as e:
-        error_msg = (
-            f"Cannot link users with IDs {group_update.new_user_ids} "
-            f"to group {group_id}. "
-            "Likely reason: one of these links already exists.\n"
-            f"Original error: {str(e)}"
-        )
-        logger.info(error_msg)
-        raise HTTPException(
-            status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
-            detail=error_msg,
-        )
-
     # Patch `viewer_paths`
     if group_update.viewer_paths is not None:
         group.viewer_paths = group_update.viewer_paths
@@ -239,3 +201,49 @@ async def patch_user_settings_bulk(
     await db.commit()
 
     return Response(status_code=status.HTTP_200_OK)
+
+
+@router_group.post("/group/{group_id}/add-user/{user_id}/", status_code=200)
+async def add_user_to_group(
+    group_id: int,
+    user_id: int,
+    superuser: UserOAuth = Depends(current_active_superuser),
+    db: AsyncSession = Depends(get_async_db),
+) -> UserGroupRead:
+    await _usergroup_or_404(group_id, db)
+    user = await _user_or_404(user_id, db)
+    link = await db.get(LinkUserGroup, (group_id, user_id))
+    if link is None:
+        db.add(LinkUserGroup(group_id=group_id, user_id=user_id))
+        await db.commit()
+    else:
+        raise HTTPException(
+            status_code=422,
+            detail=(
+                f"User '{user.email}' is already a member of group {group_id}."
+            ),
+        )
+    group = await _get_single_usergroup_with_user_ids(group_id=group_id, db=db)
+    return group
+
+
+@router_group.post("/group/{group_id}/remove-user/{user_id}/", status_code=200)
+async def remove_user_from_group(
+    group_id: int,
+    user_id: int,
+    superuser: UserOAuth = Depends(current_active_superuser),
+    db: AsyncSession = Depends(get_async_db),
+) -> UserGroupRead:
+    await _usergroup_or_404(group_id, db)
+    user = await _user_or_404(user_id, db)
+    link = await db.get(LinkUserGroup, (group_id, user_id))
+    if link is None:
+        raise HTTPException(
+            status_code=422,
+            detail=f"User '{user.email}' is not a member of group {group_id}.",
+        )
+    else:
+        await db.delete(link)
+        await db.commit()
+    group = await _get_single_usergroup_with_user_ids(group_id=group_id, db=db)
+    return group

fractal_server/app/schemas/user_group.py

@@ -59,21 +59,10 @@ class UserGroupCreate(BaseModel, extra=Extra.forbid):
 class UserGroupUpdate(BaseModel, extra=Extra.forbid):
     """
     Schema for `UserGroup` update
-
-    NOTE: `new_user_ids` does not correspond to a column of the `UserGroup`
-    table, but it is rather used to create new `LinkUserGroup` rows.
-
-    Attributes:
-        new_user_ids: IDs of groups to be associated to user.
     """
 
-    new_user_ids: list[int] = Field(default_factory=list)
     viewer_paths: Optional[list[str]] = None
 
-    _val_unique = validator("new_user_ids", allow_reuse=True)(
-        val_unique_list("new_user_ids")
-    )
-
     @validator("viewer_paths")
     def viewer_paths_validator(cls, value):
         for i, path in enumerate(value):

fractal_server/config.py

@@ -87,7 +87,7 @@ class Settings(BaseSettings):
     """
     Contains all the configuration variables for Fractal Server
 
-    The attributes of this class are set from the environtment.
+    The attributes of this class are set from the environment.
     """
 
     class Config:
@@ -383,7 +383,7 @@ class Settings(BaseSettings):
     @root_validator(pre=True)
     def check_tasks_python(cls, values) -> None:
         """
-        Perform multiple checks of the Python-intepreter variables.
+        Perform multiple checks of the Python-interpreter variables.
 
         1. Each `FRACTAL_TASKS_PYTHON_X_Y` variable must be an absolute path,
             if set.
@@ -432,7 +432,7 @@ class Settings(BaseSettings):
                 f"{current_version_dot}"
             )
 
-            # Unset all existing intepreters variable
+            # Unset all existing interpreters variable
             for _version in ["3_9", "3_10", "3_11", "3_12"]:
                 key = f"FRACTAL_TASKS_PYTHON_{_version}"
                 if _version == current_version:
@@ -498,6 +498,36 @@ class Settings(BaseSettings):
     Maximum value at which to update `pip` before performing task collection.
     """
 
+    FRACTAL_VIEWER_AUTHORIZATION_SCHEME: Literal[
+        "viewer-paths", "users-folders", "none"
+    ] = "none"
+    """
+    Defines how the list of allowed viewer paths is built.
+
+    This variable affects the `GET /auth/current-user/allowed-viewer-paths/`
+    response, which is then consumed by
+    [fractal-vizarr-viewer](https://github.com/fractal-analytics-platform/fractal-vizarr-viewer).
+
+    Options:
+
+    - "viewer-paths": The list of allowed viewer paths will include the user's
+      `project_dir` along with any path defined in user groups' `viewer_paths`
+      attributes.
+    - "users-folders": The list will consist of the user's `project_dir` and a
+       user-specific folder. The user folder is constructed by concatenating
+       the base folder `FRACTAL_VIEWER_BASE_FOLDER` with the user's
+       `slurm_user`.
+    - "none": An empty list will be returned, indicating no access to
+       viewer paths. Useful when vizarr viewer is not used.
+    """
+
+    FRACTAL_VIEWER_BASE_FOLDER: Optional[str] = None
+    """
+    Base path to Zarr files that will be served by fractal-vizarr-viewer;
+    This variable is required and used only when
+    FRACTAL_VIEWER_AUTHORIZATION_SCHEME is set to "users-folders".
+    """
+
     ###########################################################################
     # BUSINESS LOGIC
     ###########################################################################
@@ -589,6 +619,23 @@ class Settings(BaseSettings):
         if not self.FRACTAL_TASKS_DIR:
             raise FractalConfigurationError("FRACTAL_TASKS_DIR cannot be None")
 
+        # FRACTAL_VIEWER_BASE_FOLDER is required when
+        # FRACTAL_VIEWER_AUTHORIZATION_SCHEME is set to "users-folders"
+        # and it must be an absolute path
+        if self.FRACTAL_VIEWER_AUTHORIZATION_SCHEME == "users-folders":
+            viewer_base_folder = self.FRACTAL_VIEWER_BASE_FOLDER
+            if viewer_base_folder is None:
+                raise FractalConfigurationError(
+                    "FRACTAL_VIEWER_BASE_FOLDER is required when "
+                    "FRACTAL_VIEWER_AUTHORIZATION_SCHEME is set to "
+                    "users-folders"
+                )
+            if not Path(viewer_base_folder).is_absolute():
+                raise FractalConfigurationError(
+                    f"Non-absolute value for "
+                    f"FRACTAL_VIEWER_BASE_FOLDER={viewer_base_folder}"
+                )
+
         self.check_db()
         self.check_runner()
 

{fractal_server-2.9.0a8.dist-info → fractal_server-2.9.0a10.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: fractal-server
-Version: 2.9.0a8
+Version: 2.9.0a10
 Summary: Server component of the Fractal analytics platform
 Home-page: https://github.com/fractal-analytics-platform/fractal-server
 License: BSD-3-Clause

{fractal_server-2.9.0a8.dist-info → fractal_server-2.9.0a10.dist-info}/RECORD

@@ -1,4 +1,4 @@
-fractal_server/__init__.py,sha256=VLpRwbtJf-Ix3UM5F6cus-Ipabzl-u3aEANGaiXBtsE,24
+fractal_server/__init__.py,sha256=bOb7y0ERfwPyi1oCYCLL0TUUUEB3QNEldOxpWFB5zGo,25
 fractal_server/__main__.py,sha256=dEkCfzLLQrIlxsGC-HBfoR-RBMWnJDgNrxYTyzmE9c0,6146
 fractal_server/alembic.ini,sha256=MWwi7GzjzawI9cCAK1LW7NxIBQDUqD12-ptJoq5JpP0,3153
 fractal_server/app/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -29,7 +29,7 @@ fractal_server/app/routes/admin/v1.py,sha256=ggJZMeKhRijfVe2h2VzfIcpR15FqkKImANh
 fractal_server/app/routes/admin/v2/__init__.py,sha256=KYrw0COmmMuIMp7c6YcYRXah4tEYplCWeROnPK1VTeg,681
 fractal_server/app/routes/admin/v2/job.py,sha256=cbkFIRIIXaWmNsUFI7RAu8HpQ0mWn_bgoxtvWZxr-IA,7624
 fractal_server/app/routes/admin/v2/project.py,sha256=luy-yiGX1JYTdPm1hpIdDUUqPm8xHuipLy9k2X6zu74,1223
-fractal_server/app/routes/admin/v2/task.py,sha256=Y0eujBgGhVapNXfW9azDxw4EBzLmEmCdh70y1RNQcb0,3895
+fractal_server/app/routes/admin/v2/task.py,sha256=gShC2EAOYa0qTB69EXTDXz5Y375QoarOLv9T9vfntAE,4368
 fractal_server/app/routes/admin/v2/task_group.py,sha256=DncrOAB4q-v3BAmxg35m4EohleriW_FLGE5gpW_Or08,8120
 fractal_server/app/routes/admin/v2/task_group_lifecycle.py,sha256=0e0ZJ_k75TVHaT2o8Xk33DPDSgh-eBhZf-y4y7t-Adg,9429
 fractal_server/app/routes/api/__init__.py,sha256=2IDheFi0OFdsUg7nbUiyahqybvpgXqeHUXIL2QtWrQQ,641
@@ -62,8 +62,8 @@ fractal_server/app/routes/api/v2/workflow_import.py,sha256=WJST1AZypvOTGUrjhomYV
 fractal_server/app/routes/api/v2/workflowtask.py,sha256=ciHTwXXFiFnMF7ZpJ3Xs0q6YfuZrFvIjqndlzAEdZpo,6969
 fractal_server/app/routes/auth/__init__.py,sha256=fao6CS0WiAjHDTvBzgBVV_bSXFpEAeDBF6Z6q7rRkPc,1658
 fractal_server/app/routes/auth/_aux_auth.py,sha256=ifkNocTYatBSMYGwiR14qohmvR9SfMldceiEj6uJBrU,4783
-fractal_server/app/routes/auth/current_user.py,sha256=v767HGi8k076ZHoErlU4Vv0_c8HQqYmi8ncjzZZDaDE,4455
-fractal_server/app/routes/auth/group.py,sha256=dSS7r8J2cejZ6sKnOWAPSDKynxD9VyBNtqDbFpySzIU,7489
+fractal_server/app/routes/auth/current_user.py,sha256=I3aVY5etWAJ_SH6t65Mj5TjvB2X8sAGuu1KG7FxLyPU,5883
+fractal_server/app/routes/auth/group.py,sha256=cS9I6pCIWGbOWc3gUBYmQq6yjFYzm6rVQDukWF_9L90,7721
 fractal_server/app/routes/auth/login.py,sha256=tSu6OBLOieoBtMZB4JkBAdEgH2Y8KqPGSbwy7NIypIo,566
 fractal_server/app/routes/auth/oauth.py,sha256=AnFHbjqL2AgBX3eksI931xD6RTtmbciHBEuGf9YJLjU,1895
 fractal_server/app/routes/auth/register.py,sha256=DlHq79iOvGd_gt2v9uwtsqIKeO6i_GKaW59VIkllPqY,587
@@ -136,7 +136,7 @@ fractal_server/app/runner/versions.py,sha256=dSaPRWqmFPHjg20kTCHmi_dmGNcCETflDtD
 fractal_server/app/schemas/__init__.py,sha256=stURAU_t3AOBaH0HSUbV-GKhlPKngnnIMoqWc3orFyI,135
 fractal_server/app/schemas/_validators.py,sha256=T5EswIJAJRvawfzqWtPcN2INAfiBXyE4m0iwQm4ht-0,3149
 fractal_server/app/schemas/user.py,sha256=aUD8YAcfYTEO06TEUoTx4heVrXFiX7E2Mb8D2--4FsA,2130
-fractal_server/app/schemas/user_group.py,sha256=YwJvYgj-PI66LWy38CEd_FIZPsBV1_2N5zJPGFcFvBw,2143
+fractal_server/app/schemas/user_group.py,sha256=t30Kd07PY43G_AqFDb8vjdInTeLeU9WvFZDx8fVLPSI,1750
 fractal_server/app/schemas/user_settings.py,sha256=TalISeEfCrtN8LgqbLx1Q8ZPoeiZnbksg5NYAVzkIqY,3527
 fractal_server/app/schemas/v1/__init__.py,sha256=CrBGgBhoemCvmZ70ZUchM-jfVAICnoa7AjZBAtL2UB0,1852
 fractal_server/app/schemas/v1/applyworkflow.py,sha256=dYArxQAOBdUIEXX_Ejz8b9fBhEYu1nMm6b_Z6_P6TgA,4052
@@ -162,7 +162,7 @@ fractal_server/app/schemas/v2/workflow.py,sha256=-KWvXnbHBFA3pj5n7mfSyLKJQSqkJmo
 fractal_server/app/schemas/v2/workflowtask.py,sha256=vDdMktYbHeYBgB5OuWSv6wRPRXWqvetkeqQ7IC5YtfA,5751
 fractal_server/app/security/__init__.py,sha256=8Xd4GxumZgvxEH1Vli3ULehwdesEPiaAbtffJvAEgNo,12509
 fractal_server/app/user_settings.py,sha256=aZgQ3i0JkHfgwLGW1ee6Gzr1ae3IioFfJKKSsSS8Svk,1312
-fractal_server/config.py,sha256=1MmVIbnztrFA0w2gYIjgJXg0bqVDsSeSEsMFimb4y74,21153
+fractal_server/config.py,sha256=Bk6EFKnU07sjgThf2NVEqrFAx9F4s0BfCvDKtWHzJTc,23217
 fractal_server/data_migrations/README.md,sha256=_3AEFvDg9YkybDqCLlFPdDmGJvr6Tw7HRI14aZ3LOIw,398
 fractal_server/data_migrations/tools.py,sha256=LeMeASwYGtEqd-3wOLle6WARdTGAimoyMmRbbJl-hAM,572
 fractal_server/gunicorn_fractal.py,sha256=u6U01TLGlXgq1v8QmEpLih3QnsInZD7CqphgJ_GrGzc,1230
@@ -238,8 +238,8 @@ fractal_server/tasks/v2/utils_templates.py,sha256=C5WLuY3uGG2s53OEL-__H35-fmSlgu
 fractal_server/urls.py,sha256=5o_qq7PzKKbwq12NHSQZDmDitn5RAOeQ4xufu-2v9Zk,448
 fractal_server/utils.py,sha256=utvmBx8K9I8hRWFquxna2pBaOqe0JifDL_NVPmihEJI,3525
 fractal_server/zip_tools.py,sha256=GjDgo_sf6V_DDg6wWeBlZu5zypIxycn_l257p_YVKGc,4876
-fractal_server-2.9.0a8.dist-info/LICENSE,sha256=QKAharUuhxL58kSoLizKJeZE3mTCBnX6ucmz8W0lxlk,1576
-fractal_server-2.9.0a8.dist-info/METADATA,sha256=lJzxJeo2n6DgBq4W6SjhuD0Vq4YL82QbSxBj62aFjcQ,4585
-fractal_server-2.9.0a8.dist-info/WHEEL,sha256=sP946D7jFCHeNz5Iq4fL4Lu-PrWrFsgfLXbbkciIZwg,88
-fractal_server-2.9.0a8.dist-info/entry_points.txt,sha256=8tV2kynvFkjnhbtDnxAqImL6HMVKsopgGfew0DOp5UY,58
-fractal_server-2.9.0a8.dist-info/RECORD,,
+fractal_server-2.9.0a10.dist-info/LICENSE,sha256=QKAharUuhxL58kSoLizKJeZE3mTCBnX6ucmz8W0lxlk,1576
+fractal_server-2.9.0a10.dist-info/METADATA,sha256=m2WwGM-wSD_5ffYqaGCVERw4RZ7yhM7VtxSdlGt3xGQ,4586
+fractal_server-2.9.0a10.dist-info/WHEEL,sha256=sP946D7jFCHeNz5Iq4fL4Lu-PrWrFsgfLXbbkciIZwg,88
+fractal_server-2.9.0a10.dist-info/entry_points.txt,sha256=8tV2kynvFkjnhbtDnxAqImL6HMVKsopgGfew0DOp5UY,58
+fractal_server-2.9.0a10.dist-info/RECORD,,