fractal-server 2.9.0a8__py3-none-any.whl → 2.9.0a9__py3-none-any.whl

fractal_server/__init__.py

@@ -1 +1 @@
-__VERSION__ = "2.9.0a8"
+__VERSION__ = "2.9.0a9"

fractal_server/app/routes/auth/current_user.py

@@ -1,6 +1,8 @@
 """
 Definition of `/auth/current-user/` endpoints
 """
+import os
+
 from fastapi import APIRouter
 from fastapi import Depends
 from fastapi_users import schemas
@@ -22,6 +24,8 @@ from fractal_server.app.schemas import UserSettingsReadStrict
 from fractal_server.app.schemas import UserSettingsUpdateStrict
 from fractal_server.app.security import get_user_manager
 from fractal_server.app.security import UserManager
+from fractal_server.config import get_settings
+from fractal_server.syringe import Inject
 
 router_current_user = APIRouter()
 
@@ -109,26 +113,65 @@ async def patch_current_user_settings(
 
 
 @router_current_user.get(
-    "/current-user/viewer-paths/", response_model=list[str]
+    "/current-user/allowed-viewer-paths/", response_model=list[str]
 )
-async def get_current_user_viewer_paths(
+async def get_current_user_allowed_viewer_paths(
     current_user: UserOAuth = Depends(current_active_user),
     db: AsyncSession = Depends(get_async_db),
 ) -> list[str]:
-    """Returns the union of `viewer_paths` for all user's groups"""
-    cmd = (
-        select(UserGroup.viewer_paths)
-        .join(LinkUserGroup)
-        .where(LinkUserGroup.group_id == UserGroup.id)
-        .where(LinkUserGroup.user_id == current_user.id)
-    )
-    res = await db.execute(cmd)
-    viewer_paths_nested = res.scalars().all()
+    """
+    Returns the allowed viewer paths for current user, according to the
+    selected FRACTAL_VIEWER_AUTHORIZATION_SCHEME
+    """
 
-    # Flatten a nested object and make its elements unique
-    all_viewer_paths_set = set(
-        path for _viewer_paths in viewer_paths_nested for path in _viewer_paths
-    )
-    all_viewer_paths = list(all_viewer_paths_set)
+    settings = Inject(get_settings)
+
+    if settings.FRACTAL_VIEWER_AUTHORIZATION_SCHEME == "none":
+        return []
 
-    return all_viewer_paths
+    authorized_paths = []
+
+    # Respond with 422 error if user has no settings
+    verify_user_has_settings(current_user)
+
+    # Load current user settings
+    current_user_settings = await db.get(
+        UserSettings, current_user.user_settings_id
+    )
+    # If project_dir is set, append it to the list of authorized paths
+    if current_user_settings.project_dir is not None:
+        authorized_paths.append(current_user_settings.project_dir)
+
+    # If auth scheme is "users-folders" and `slurm_user` is set,
+    # build and append the user folder
+    if (
+        settings.FRACTAL_VIEWER_AUTHORIZATION_SCHEME == "users-folders"
+        and current_user_settings.slurm_user is not None
+    ):
+        base_folder = settings.FRACTAL_VIEWER_BASE_FOLDER
+        user_folder = os.path.join(
+            base_folder, current_user_settings.slurm_user
+        )
+        authorized_paths.append(user_folder)
+
+    if settings.FRACTAL_VIEWER_AUTHORIZATION_SCHEME == "viewer-paths":
+        # Returns the union of `viewer_paths` for all user's groups
+        cmd = (
+            select(UserGroup.viewer_paths)
+            .join(LinkUserGroup)
+            .where(LinkUserGroup.group_id == UserGroup.id)
+            .where(LinkUserGroup.user_id == current_user.id)
+        )
+        res = await db.execute(cmd)
+        viewer_paths_nested = res.scalars().all()
+
+        # Flatten a nested object and make its elements unique
+        all_viewer_paths_set = set(
+            path
+            for _viewer_paths in viewer_paths_nested
+            for path in _viewer_paths
+        )
+
+        authorized_paths.extend(all_viewer_paths_set)
+
+    return authorized_paths

fractal_server/config.py

@@ -87,7 +87,7 @@ class Settings(BaseSettings):
     """
     Contains all the configuration variables for Fractal Server
 
-    The attributes of this class are set from the environtment.
+    The attributes of this class are set from the environment.
     """
 
     class Config:
@@ -383,7 +383,7 @@ class Settings(BaseSettings):
     @root_validator(pre=True)
     def check_tasks_python(cls, values) -> None:
         """
-        Perform multiple checks of the Python-intepreter variables.
+        Perform multiple checks of the Python-interpreter variables.
 
         1. Each `FRACTAL_TASKS_PYTHON_X_Y` variable must be an absolute path,
             if set.
@@ -432,7 +432,7 @@ class Settings(BaseSettings):
                 f"{current_version_dot}"
             )
 
-            # Unset all existing intepreters variable
+            # Unset all existing interpreters variable
             for _version in ["3_9", "3_10", "3_11", "3_12"]:
                 key = f"FRACTAL_TASKS_PYTHON_{_version}"
                 if _version == current_version:
@@ -498,6 +498,36 @@ class Settings(BaseSettings):
     Maximum value at which to update `pip` before performing task collection.
     """
 
+    FRACTAL_VIEWER_AUTHORIZATION_SCHEME: Literal[
+        "viewer-paths", "users-folders", "none"
+    ] = "none"
+    """
+    Defines how the list of allowed viewer paths is built.
+
+    This variable affects the `GET /auth/current-user/allowed-viewer-paths/`
+    response, which is then consumed by
+    [fractal-vizarr-viewer](https://github.com/fractal-analytics-platform/fractal-vizarr-viewer).
+
+    Options:
+
+    - "viewer-paths": The list of allowed viewer paths will include the user's
+      `project_dir` along with any path defined in user groups' `viewer_paths`
+      attributes.
+    - "users-folders": The list will consist of the user's `project_dir` and a
+       user-specific folder. The user folder is constructed by concatenating
+       the base folder `FRACTAL_VIEWER_BASE_FOLDER` with the user's
+       `slurm_user`.
+    - "none": An empty list will be returned, indicating no access to
+       viewer paths. Useful when vizarr viewer is not used.
+    """
+
+    FRACTAL_VIEWER_BASE_FOLDER: Optional[str] = None
+    """
+    Base path to Zarr files that will be served by fractal-vizarr-viewer;
+    This variable is required and used only when
+    FRACTAL_VIEWER_AUTHORIZATION_SCHEME is set to "users-folders".
+    """
+
     ###########################################################################
     # BUSINESS LOGIC
     ###########################################################################
@@ -589,6 +619,23 @@ class Settings(BaseSettings):
         if not self.FRACTAL_TASKS_DIR:
             raise FractalConfigurationError("FRACTAL_TASKS_DIR cannot be None")
 
+        # FRACTAL_VIEWER_BASE_FOLDER is required when
+        # FRACTAL_VIEWER_AUTHORIZATION_SCHEME is set to "users-folders"
+        # and it must be an absolute path
+        if self.FRACTAL_VIEWER_AUTHORIZATION_SCHEME == "users-folders":
+            viewer_base_folder = self.FRACTAL_VIEWER_BASE_FOLDER
+            if viewer_base_folder is None:
+                raise FractalConfigurationError(
+                    "FRACTAL_VIEWER_BASE_FOLDER is required when "
+                    "FRACTAL_VIEWER_AUTHORIZATION_SCHEME is set to "
+                    "users-folders"
+                )
+            if not Path(viewer_base_folder).is_absolute():
+                raise FractalConfigurationError(
+                    f"Non-absolute value for "
+                    f"FRACTAL_VIEWER_BASE_FOLDER={viewer_base_folder}"
+                )
+
         self.check_db()
         self.check_runner()
 

{fractal_server-2.9.0a8.dist-info → fractal_server-2.9.0a9.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: fractal-server
-Version: 2.9.0a8
+Version: 2.9.0a9
 Summary: Server component of the Fractal analytics platform
 Home-page: https://github.com/fractal-analytics-platform/fractal-server
 License: BSD-3-Clause

{fractal_server-2.9.0a8.dist-info → fractal_server-2.9.0a9.dist-info}/RECORD

@@ -1,4 +1,4 @@
-fractal_server/__init__.py,sha256=VLpRwbtJf-Ix3UM5F6cus-Ipabzl-u3aEANGaiXBtsE,24
+fractal_server/__init__.py,sha256=AgkJcJmAplHlQOvkvgp6iM_-dHeN1ajiKqWDu3YtZwc,24
 fractal_server/__main__.py,sha256=dEkCfzLLQrIlxsGC-HBfoR-RBMWnJDgNrxYTyzmE9c0,6146
 fractal_server/alembic.ini,sha256=MWwi7GzjzawI9cCAK1LW7NxIBQDUqD12-ptJoq5JpP0,3153
 fractal_server/app/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -62,7 +62,7 @@ fractal_server/app/routes/api/v2/workflow_import.py,sha256=WJST1AZypvOTGUrjhomYV
 fractal_server/app/routes/api/v2/workflowtask.py,sha256=ciHTwXXFiFnMF7ZpJ3Xs0q6YfuZrFvIjqndlzAEdZpo,6969
 fractal_server/app/routes/auth/__init__.py,sha256=fao6CS0WiAjHDTvBzgBVV_bSXFpEAeDBF6Z6q7rRkPc,1658
 fractal_server/app/routes/auth/_aux_auth.py,sha256=ifkNocTYatBSMYGwiR14qohmvR9SfMldceiEj6uJBrU,4783
-fractal_server/app/routes/auth/current_user.py,sha256=v767HGi8k076ZHoErlU4Vv0_c8HQqYmi8ncjzZZDaDE,4455
+fractal_server/app/routes/auth/current_user.py,sha256=I3aVY5etWAJ_SH6t65Mj5TjvB2X8sAGuu1KG7FxLyPU,5883
 fractal_server/app/routes/auth/group.py,sha256=dSS7r8J2cejZ6sKnOWAPSDKynxD9VyBNtqDbFpySzIU,7489
 fractal_server/app/routes/auth/login.py,sha256=tSu6OBLOieoBtMZB4JkBAdEgH2Y8KqPGSbwy7NIypIo,566
 fractal_server/app/routes/auth/oauth.py,sha256=AnFHbjqL2AgBX3eksI931xD6RTtmbciHBEuGf9YJLjU,1895
@@ -162,7 +162,7 @@ fractal_server/app/schemas/v2/workflow.py,sha256=-KWvXnbHBFA3pj5n7mfSyLKJQSqkJmo
 fractal_server/app/schemas/v2/workflowtask.py,sha256=vDdMktYbHeYBgB5OuWSv6wRPRXWqvetkeqQ7IC5YtfA,5751
 fractal_server/app/security/__init__.py,sha256=8Xd4GxumZgvxEH1Vli3ULehwdesEPiaAbtffJvAEgNo,12509
 fractal_server/app/user_settings.py,sha256=aZgQ3i0JkHfgwLGW1ee6Gzr1ae3IioFfJKKSsSS8Svk,1312
-fractal_server/config.py,sha256=1MmVIbnztrFA0w2gYIjgJXg0bqVDsSeSEsMFimb4y74,21153
+fractal_server/config.py,sha256=Bk6EFKnU07sjgThf2NVEqrFAx9F4s0BfCvDKtWHzJTc,23217
 fractal_server/data_migrations/README.md,sha256=_3AEFvDg9YkybDqCLlFPdDmGJvr6Tw7HRI14aZ3LOIw,398
 fractal_server/data_migrations/tools.py,sha256=LeMeASwYGtEqd-3wOLle6WARdTGAimoyMmRbbJl-hAM,572
 fractal_server/gunicorn_fractal.py,sha256=u6U01TLGlXgq1v8QmEpLih3QnsInZD7CqphgJ_GrGzc,1230
@@ -238,8 +238,8 @@ fractal_server/tasks/v2/utils_templates.py,sha256=C5WLuY3uGG2s53OEL-__H35-fmSlgu
 fractal_server/urls.py,sha256=5o_qq7PzKKbwq12NHSQZDmDitn5RAOeQ4xufu-2v9Zk,448
 fractal_server/utils.py,sha256=utvmBx8K9I8hRWFquxna2pBaOqe0JifDL_NVPmihEJI,3525
 fractal_server/zip_tools.py,sha256=GjDgo_sf6V_DDg6wWeBlZu5zypIxycn_l257p_YVKGc,4876
-fractal_server-2.9.0a8.dist-info/LICENSE,sha256=QKAharUuhxL58kSoLizKJeZE3mTCBnX6ucmz8W0lxlk,1576
-fractal_server-2.9.0a8.dist-info/METADATA,sha256=lJzxJeo2n6DgBq4W6SjhuD0Vq4YL82QbSxBj62aFjcQ,4585
-fractal_server-2.9.0a8.dist-info/WHEEL,sha256=sP946D7jFCHeNz5Iq4fL4Lu-PrWrFsgfLXbbkciIZwg,88
-fractal_server-2.9.0a8.dist-info/entry_points.txt,sha256=8tV2kynvFkjnhbtDnxAqImL6HMVKsopgGfew0DOp5UY,58
-fractal_server-2.9.0a8.dist-info/RECORD,,
+fractal_server-2.9.0a9.dist-info/LICENSE,sha256=QKAharUuhxL58kSoLizKJeZE3mTCBnX6ucmz8W0lxlk,1576
+fractal_server-2.9.0a9.dist-info/METADATA,sha256=kVjqPsTd7RPiIlTSbj8CzDM6dZEKzvo23ofH6ylpl2E,4585
+fractal_server-2.9.0a9.dist-info/WHEEL,sha256=sP946D7jFCHeNz5Iq4fL4Lu-PrWrFsgfLXbbkciIZwg,88
+fractal_server-2.9.0a9.dist-info/entry_points.txt,sha256=8tV2kynvFkjnhbtDnxAqImL6HMVKsopgGfew0DOp5UY,58
+fractal_server-2.9.0a9.dist-info/RECORD,,