geovisio 2.6.0__py3-none-any.whl → 2.7.1__py3-none-any.whl

geovisio/utils/auth.py

@@ -1,12 +1,17 @@
 import flask
 from flask import current_app, url_for, session, redirect, request
+from flask_babel import gettext as _
 from functools import wraps
 from authlib.integrations.flask_client import OAuth
 from dataclasses import dataclass
 from abc import ABC, abstractmethod
 from typing import Any
 from typing import Optional
+from enum import Enum
+from pydantic import BaseModel, ConfigDict, Field
 import sentry_sdk
+from psycopg.rows import dict_row
+from geovisio.utils import db
 
 
 ACCOUNT_KEY = "account"  # Key in flask's session with the account's information
@@ -144,12 +149,45 @@ def make_auth(app):
     return oauth
 
 
-@dataclass
-class Account(object):
+class AccountRole(Enum):
+    user = "user"
+    admin = "admin"
+
+
+class Account(BaseModel):
     id: str
     name: str
-    oauth_provider: str
-    oauth_id: str
+    oauth_provider: Optional[str] = None
+    oauth_id: Optional[str] = None
+
+    model_config = ConfigDict(extra="forbid")
+
+    def __init__(self, role: Optional[AccountRole] = None, **kwargs) -> None:
+        super().__init__(**kwargs)
+        self.role = role
+
+    # Note: this field is excluded since we do not want to persist it in the cookie. It will be fetched from the database if needed
+    # and accessed though the `role` property
+    role_: Optional[AccountRole] = Field(default=None, exclude=True)
+
+    def can_check_reports(self):
+        """Is account legitimate to read any report ?"""
+        return self.role == AccountRole.admin
+
+    def can_edit_excluded_areas(self):
+        """Is account legitimate to read and edit excluded areas ?"""
+        return self.role == AccountRole.admin
+
+    @property
+    def role(self) -> AccountRole:
+        if self.role_ is None:
+            role = db.fetchone(current_app, "SELECT role FROM accounts WHERE id = %s", (self.id,), row_factory=dict_row)
+            self.role_ = AccountRole(role["role"])
+        return self.role_
+
+    @role.setter
+    def role(self, r: AccountRole) -> None:
+        self.role_ = r
 
 
 def login_required():
@@ -160,7 +198,7 @@ def login_required():
         def decorator(*args, **kwargs):
             account = get_current_account()
             if not account:
-                return flask.abort(flask.make_response(flask.jsonify(message="Authentication is mandatory"), 401))
+                return flask.abort(flask.make_response(flask.jsonify(message=_("Authentication is mandatory")), 401))
             kwargs["account"] = account
 
             return f(*args, **kwargs)
@@ -236,7 +274,7 @@ class UnknowAccountException(Exception):
     status_code = 401
 
     def __init__(self):
-        msg = f"No account with this oauth id is know, you should login first"
+        msg = "No account with this oauth id is know, you should login first"
         super().__init__(msg)
 
 
@@ -244,7 +282,7 @@ class LoginRequiredException(Exception):
     status_code = 401
 
     def __init__(self):
-        msg = f"You should login to request this API"
+        msg = "You should login to request this API"
         super().__init__(msg)
 
 
@@ -259,9 +297,10 @@ def get_current_account():
                     Account: the current logged account, None if nobody is logged
     """
     if ACCOUNT_KEY in session:
-        session_account = Account(**session[ACCOUNT_KEY])
+        a = session[ACCOUNT_KEY]
+        session_account = Account(**a)
 
-        sentry_sdk.set_user(session_account.__dict__)
+        sentry_sdk.set_user(session_account.model_dump(exclude_none=True))
         return session_account
 
     bearer_token = _get_bearer_token()
@@ -269,7 +308,7 @@ def get_current_account():
         from geovisio.utils import tokens
 
         a = tokens.get_account_from_jwt_token(bearer_token)
-        sentry_sdk.set_user(a.__dict__)
+        sentry_sdk.set_user(a.model_dump(exclude_none=True))
         return a
 
     return None
@@ -288,5 +327,5 @@ def _get_bearer_token() -> Optional[str]:
     if not auth_header.startswith("Bearer "):
         from geovisio.utils.tokens import InvalidTokenException
 
-        raise InvalidTokenException("Only Bearer token are supported")
+        raise InvalidTokenException(_("Only Bearer token are supported"))
     return auth_header.split(" ")[1]

geovisio/utils/db.py

@@ -0,0 +1,65 @@
+from psycopg_pool import ConnectionPool
+from contextlib import contextmanager
+from typing import Optional
+
+
+def create_db_pool(app):
+    """
+    Create Database connection pool
+
+    Note: all returned connections are autocommit connection. If it's not the wanted behavior, wrap the query in an explicit transaction, or acquire a connection outside of the pool.
+    """
+    if hasattr(app, "pool"):
+        return
+    min_size = int(app.config["DB_MIN_CNX"])
+    max_size = int(app.config["DB_MAX_CNX"])
+    statement_timeout = app.config["DB_STATEMENT_TIMEOUT"]
+    args = {"autocommit": True}
+    if statement_timeout > 0:
+        args["options"] = f"-c statement_timeout={statement_timeout}"
+    app.pool = ConnectionPool(conninfo=app.config["DB_URL"], min_size=min_size, max_size=max_size, open=True, kwargs=args)
+    # add also a connection pool without timeout for queries that are known to be long
+    # This is useful for example for refreshing the pictures_grid materialized view
+    app.long_queries_pool = ConnectionPool(
+        conninfo=app.config["DB_URL"], min_size=0, max_size=max_size, open=True, kwargs={"autocommit": True}
+    )
+
+
+@contextmanager
+def conn(app, timeout: Optional[float] = None):
+    """Get a psycopg connection from the connection pool"""
+    with app.pool.connection(timeout=timeout) as conn:
+        yield conn
+
+
+@contextmanager
+def cursor(app, timeout: Optional[float] = None, **kwargs):
+    """Get a psycopg cursor from the connection pool"""
+    with app.pool.connection(timeout=timeout) as conn:
+        yield conn.cursor(**kwargs)
+
+
+@contextmanager
+def execute(app, sql, params=None, timeout: Optional[float] = None, **kwargs):
+    """Simple helpers to simplify simple calls to get a cursor and execute a query on it"""
+    with cursor(app, timeout=timeout, **kwargs) as c:
+        yield c.execute(sql, params=params)
+
+
+def fetchone(app, sql, params=None, timeout: Optional[float] = None, **kwargs):
+    """Simple helpers to simplify simple calls to fetchone"""
+    with execute(app, sql, params, timeout=timeout, **kwargs) as q:
+        return q.fetchone()
+
+
+def fetchall(app, sql, params=None, timeout: Optional[float] = None, **kwargs):
+    """Simple helpers to simplify simple calls to fetchall"""
+    with execute(app, sql, params, timeout=timeout, **kwargs) as q:
+        return q.fetchall()
+
+
+@contextmanager
+def long_queries_conn(app, connection_timeout: Optional[float] = None):
+    """Get a psycopg connection for queries that are known to be long from the connection pool"""
+    with app.long_queries_pool.connection(timeout=connection_timeout) as conn:
+        yield conn

geovisio/utils/excluded_areas.py

@@ -0,0 +1,83 @@
+from uuid import UUID
+from typing import Optional
+from pydantic import BaseModel, ConfigDict
+from geojson_pydantic import MultiPolygon, FeatureCollection, Feature
+from geovisio.utils import db
+from geovisio.errors import InvalidAPIUsage
+from flask import current_app
+from flask_babel import gettext as _
+from psycopg.sql import SQL, Literal
+from psycopg.rows import class_row
+
+
+class ExcludedArea(BaseModel):
+    """An excluded area is a geographical boundary where pictures should not be accepted."""
+
+    id: UUID
+    label: Optional[str] = None
+    is_public: bool = False
+    account_id: Optional[UUID] = None
+
+    model_config = ConfigDict()
+
+
+ExcludedAreaFeature = Feature[MultiPolygon, ExcludedArea]
+ExcludedAreaFeatureCollection = FeatureCollection[ExcludedAreaFeature]
+
+
+def get_excluded_area(id: UUID) -> Optional[ExcludedAreaFeature]:
+    """Get the excluded area corresponding to the ID"""
+    return db.fetchone(
+        current_app,
+        SQL(
+            """SELECT id, label, is_public, account_id, ST_AsGeoJSON(geom) AS geometry
+FROM excluded_area
+WHERE id = %(id)s"""
+        ),
+        {"id": id},
+        row_factory=class_row(ExcludedAreaFeature),
+    )
+
+
+def list_excluded_areas(is_public: Optional[bool] = None, account_id: Optional[UUID] = None) -> ExcludedAreaFeatureCollection:
+    where = [Literal(True)]
+    if is_public is not None:
+        where.append(SQL("is_public IS {}").format(Literal(is_public)))
+    if account_id:
+        where.append(SQL("account_id = {}").format(Literal(account_id)))
+
+    areas = db.fetchall(
+        current_app,
+        SQL(
+            """SELECT
+    'Feature' as type,
+    json_build_object(
+        'id', id,
+        'label', label,
+        'is_public', is_public,
+        'account_id', account_id
+    ) as properties,
+    ST_AsGeoJSON(geom)::json as geometry
+FROM excluded_areas
+WHERE {}"""
+        ).format(SQL(" AND ").join(where)),
+        row_factory=class_row(ExcludedAreaFeature),
+    )
+
+    return ExcludedAreaFeatureCollection(type="FeatureCollection", features=areas)
+
+
+def delete_excluded_area(areaId: UUID, accountId: Optional[UUID] = None):
+    where = [SQL("id = {}").format(Literal(areaId))]
+    if accountId is not None:
+        where.append(SQL("account_id = {}").format(accountId))
+
+    with db.execute(
+        current_app,
+        SQL("DELETE FROM excluded_areas WHERE {}").format(SQL(" AND ").join(where)),
+    ) as res:
+        area_deleted = res.rowcount
+
+        if not area_deleted:
+            raise InvalidAPIUsage(_("Impossible to find excluded area"), status_code=404)
+        return "", 204

geovisio/utils/extent.py

@@ -0,0 +1,30 @@
+from typing import List, Optional
+from datetime import datetime
+from pydantic import BaseModel
+
+
+class Temporal(BaseModel):
+    """Temporal extent"""
+
+    interval: List[List[datetime]]
+    """Interval"""
+
+
+class Spatial(BaseModel):
+    """Spatial extent"""
+
+    bbox: List[List[float]]
+    """Bounding box"""
+
+
+class Extent(BaseModel):
+    """Spatio-temporal extents"""
+
+    temporal: Optional[Temporal]
+    spatial: Optional[Spatial]
+
+
+class TemporalExtent(BaseModel):
+    """Temporal extents (without spatial extent)"""
+
+    temporal: Optional[Temporal]

geovisio/utils/fields.py

@@ -1,6 +1,6 @@
 from enum import Enum
 from dataclasses import dataclass, field
-from typing import Any, List, Dict, Optional, Generic, TypeVar, Protocol
+from typing import Any, List, Generic, TypeVar, Protocol
 from psycopg import sql
 
 

geovisio/utils/filesystems.py

@@ -1,6 +1,5 @@
 from dataclasses import dataclass
 import fs.base
-import logging
 from fs import open_fs
 from fs.errors import ResourceNotFound
 from fs_s3fs import S3FS

geovisio/utils/link.py

@@ -0,0 +1,14 @@
+from pydantic import BaseModel
+from typing import Optional
+from flask import url_for
+
+
+class Link(BaseModel):
+    rel: str
+    type: str
+    title: Optional[str]
+    href: str
+
+
+def make_link(rel: str, route: str, title: Optional[str] = None, type: str = "application/json", **args):
+    return Link(rel=rel, type=type, title=title, href=url_for(route, **args, _external=True))

geovisio/utils/params.py

@@ -0,0 +1,20 @@
+from pydantic import ValidationError
+
+
+def validation_error(e: ValidationError):
+    """Transform a pydantic error to user friendly error, meant to be used as `payload` of a geovisio.error"""
+
+    details = []
+    for d in e.errors():
+        detail = {
+            "fields": d["loc"],
+            "error": d["msg"],
+        }
+        if d["input"]:
+            detail["input"] = d["input"]
+            if "user_agent" in detail["input"]:
+                del detail["input"]["user_agent"]
+            if len(detail["input"]) == 0:
+                del detail["input"]
+        details.append(detail)
+    return {"details": details}