geovisio 2.7.0__py3-none-any.whl → 2.8.0__py3-none-any.whl

geovisio/web/prepare.py

@@ -0,0 +1,165 @@
+from flask import current_app, request, url_for, Blueprint
+from geovisio import errors
+from geovisio.utils import auth
+from psycopg.rows import dict_row
+from psycopg.types.json import Jsonb
+from psycopg.sql import SQL
+from flask_babel import gettext as _
+from pydantic import BaseModel, ConfigDict, ValidationError
+
+from geovisio.utils.params import validation_error
+
+bp = Blueprint("prepare", __name__, url_prefix="/api")
+
+
+class PreparationParameter(BaseModel):
+    """Parameters used control the behaviour of the preparation process"""
+
+    skip_blurring: bool = False
+    """If true, the picture will not be blurred again"""
+
+    def as_sql(self):
+        return Jsonb({"skip_blurring": self.skip_blurring}) if self.skip_blurring else None
+
+    model_config = ConfigDict(use_attribute_docstrings=True)
+
+
+@bp.route("/collections/<uuid:collectionId>/items/<uuid:itemId>/prepare", methods=["POST"])
+def prepareItem(collectionId, itemId, account=None):
+    """Ask for preparation of a picture. The picture will be blurred if needed, and derivates will be generated.
+    ---
+    tags:
+        - Pictures
+    parameters:
+        - name: collectionId
+          in: path
+          description: ID of collection
+          required: true
+          schema:
+            type: string
+        - name: itemId
+          in: path
+          description: ID of item
+          required: true
+          schema:
+            type: string
+    requestBody:
+        content:
+            application/json:
+                schema:
+                    $ref: '#/components/schemas/PreparationParameter'
+    responses:
+        202:
+            description: Empty response for the moment, but later we might return a way to track the progress of the preparation
+            content:
+                application/json:
+                    schema:
+                        type: object
+    """
+    try:
+        params = PreparationParameter(**(request.json if request.is_json else {}))
+    except ValidationError as ve:
+        raise errors.InvalidAPIUsage(_("Impossible to parse parameters"), payload=validation_error(ve))
+
+    with current_app.pool.connection() as conn:
+        with conn.cursor(row_factory=dict_row) as cursor:
+            account = auth.get_current_account()
+            accountId = account.id if account else None
+
+            record = cursor.execute(
+                SQL(
+                    """SELECT 1 
+FROM pictures p
+JOIN sequences_pictures sp ON p.id = sp.pic_id
+WHERE
+    p.id = %(pic)s
+    AND sp.seq_id = %(seq)s
+    AND (p.account_id = %(acc)s OR p.status != 'hidden')"""
+                ),
+                {"pic": itemId, "seq": collectionId, "acc": accountId},
+            ).fetchone()
+
+            if not record:
+                raise errors.InvalidAPIUsage(
+                    _("Picture %(p)s wasn't found in database", p=itemId),
+                    status_code=404,
+                )
+
+            cursor.execute(
+                SQL("INSERT INTO job_queue(picture_id, task, args) VALUES (%(pic)s, 'prepare', %(args)s)"),
+                {"pic": itemId, "args": params.as_sql()},
+            )
+
+    # run background task to prepare the picture
+    current_app.background_processor.process_pictures()  # type: ignore
+
+    return {}, 202, {"Content-Type": "application/json"}
+
+
+@bp.route("/collections/<uuid:collectionId>/prepare", methods=["POST"])
+def prepareCollection(collectionId, account=None):
+    """Ask for preparation of all the pictures of a collection. The pictures will be blurred if needed, and derivates will be generated.
+    ---
+    tags:
+        - Sequences
+    parameters:
+        - name: collectionId
+          in: path
+          description: ID of collection
+          required: true
+          schema:
+            type: string
+    requestBody:
+        content:
+            application/json:
+                schema:
+                    $ref: '#/components/schemas/PreparationParameter'
+    responses:
+        202:
+            description: Empty response for the moment, but later we might return a way to track the progress of the preparation
+            content:
+                application/json:
+                    schema:
+                        type: object
+    """
+    try:
+        params = PreparationParameter(**(request.json if request.is_json else {}))
+    except ValidationError as ve:
+        raise errors.InvalidAPIUsage(_("Impossible to parse parameters"), payload=validation_error(ve))
+
+    with current_app.pool.connection() as conn:
+        with conn.cursor(row_factory=dict_row) as cursor:
+            account = auth.get_current_account()
+            accountId = account.id if account else None
+
+            record = cursor.execute(
+                SQL(
+                    """SELECT 1 
+FROM sequences
+WHERE
+    id = %(seq)s
+    AND (account_id = %(acc)s OR status != 'hidden')"""
+                ),
+                {"seq": collectionId, "acc": accountId},
+            ).fetchone()
+
+            if not record:
+                raise errors.InvalidAPIUsage(
+                    _("Collection %(c)s wasn't found in database", c=collectionId),
+                    status_code=404,
+                )
+
+            cursor.execute(
+                SQL(
+                    """INSERT INTO job_queue(picture_id, task, args) 
+SELECT pic_id, 'prepare', %(args)s
+FROM sequences_pictures
+WHERE seq_id = %(seq)s"""
+                ),
+                {"seq": collectionId, "args": params.as_sql()},
+            )
+
+    # run background task to prepare the picture
+    current_app.background_processor.process_pictures()  # type: ignore
+
+    return {}, 202, {"Content-Type": "application/json"}

geovisio/web/stac.py

@@ -82,11 +82,11 @@ def getLanding():
             if spatial_xmin is not None or temporal_min is not None
             else None
         )
-
+        apiSum = current_app.config["API_SUMMARY"]
         catalog = dbSequencesToStacCatalog(
             id="geovisio",
-            title=current_app.config["API_SUMMARY"].name.get("en"),
-            description=current_app.config["API_SUMMARY"].description.get("en"),
+            title=apiSum.name.get("en"),
+            description=apiSum.description.get("en"),
             sequences=[],
             request=request,
             extent=extent,
@@ -112,7 +112,17 @@ def getLanding():
         if "stac_extensions" not in catalog:
             catalog["stac_extensions"] = []
 
-        catalog["stac_extensions"] += ["https://stac-extensions.github.io/web-map-links/v1.0.0/schema.json"]
+        catalog["stac_extensions"] += [
+            "https://stac-extensions.github.io/web-map-links/v1.0.0/schema.json",
+            "https://stac-extensions.github.io/contacts/v0.1.1/schema.json",
+        ]
+
+        catalog["contacts"] = [
+            {
+                "name": apiSum.name.get("en"),
+                "emails": [{"value": apiSum.email}],
+            },
+        ]
 
         catalog["links"] += cleanNoneInList(
             [
@@ -299,10 +309,13 @@ def dbSequencesToStacCollection(id, title, description, sequences, request, exte
 @auth.isUserIdMatchingCurrentAccount()
 def getUserCatalog(userId, userIdMatchesAccount=False):
     """Retrieves an user list of sequences (catalog)
+
+    Note that this route is deprecated in favor of `/api/users/<uuid:userId>/collection`. This new route provides more information and offers more filtering and sorting options.
     ---
     tags:
         - Sequences
         - Users
+    deprecated: true
     parameters:
         - name: userId
           in: path

geovisio/web/tokens.py

@@ -7,7 +7,7 @@ from authlib.jose import jwt
 from authlib.jose.errors import DecodeError
 import logging
 import uuid
-from geovisio.utils import auth, db
+from geovisio.utils import auth, db, website
 from geovisio import errors, utils
 
 
@@ -222,9 +222,7 @@ def claim_non_associated_token(token_id, account):
     """
     with db.cursor(current_app, row_factory=dict_row) as cursor:
         token = cursor.execute(
-            """
-            SELECT account_id FROM tokens WHERE id = %(token)s
-            """,
+            "SELECT account_id FROM tokens WHERE id = %(token)s",
             {"token": token_id},
         ).fetchone()
         if not token:
@@ -241,6 +239,18 @@ def claim_non_associated_token(token_id, account):
             "UPDATE tokens SET account_id = %(account)s WHERE id = %(token)s",
             {"account": account.id, "token": token_id},
         )
+
+        next_url = None
+        if account.tos_accepted is False and current_app.config["API_ENFORCE_TOS_ACCEPTANCE"]:
+            # if the tos have not been accepted, we redirect to the website page to accept it (with a redirect afterward to the token associated page)
+            next_url = current_app.config["API_WEBSITE_URL"].tos_validation_page({"next_url": "/token-accepted"})
+        else:
+            next_url = current_app.config["API_WEBSITE_URL"].cli_token_accepted_page()
+
+        if next_url:
+            # if there is an associated website, we redirect with a nice page explaining the token association
+            return flask.redirect(next_url)
+        # else we return a simple text to explain it
         return "You are now logged in the CLI, you can upload your pictures", 200
 
 

geovisio/web/upload_set.py

@@ -1,3 +1,4 @@
+from copy import deepcopy
 from dataclasses import dataclass
 
 import PIL
@@ -184,8 +185,7 @@ def getUploadSet(upload_set_id):
 
 
 @bp.route("/upload_sets/<uuid:upload_set_id>/files", methods=["GET"])
-@auth.login_required_by_setting("API_FORCE_AUTH_ON_UPLOAD")
-def getUploadSetFiles(upload_set_id, account=None):
+def getUploadSetFiles(upload_set_id):
     """List the files of an UploadSet
     ---
     tags:
@@ -209,13 +209,20 @@ def getUploadSetFiles(upload_set_id, account=None):
                     schema:
                         $ref: '#/components/schemas/GeoVisioUploadSetFiles'
     """
+    account = utils.auth.get_current_account()
+
     u = get_simple_upload_set(upload_set_id)
     if u is None:
         raise errors.InvalidAPIUsage(_("UploadSet doesn't exist"), status_code=404)
-    if account is not None and account.id != str(u.account_id):
-        raise errors.InvalidAPIUsage(_("You're not authorized to list pictures in this upload set"), status_code=403)
 
     upload_set_files = get_upload_set_files(upload_set_id)
+
+    if account is None or account.id != str(u.account_id):
+        # if the user is not the owner of the upload set, we remove the picture_id since we might leak too many information
+        # not sure about this one, this could evolve in the future
+        for f in upload_set_files.files:
+            f.picture_id = None
+
     return upload_set_files.model_dump_json(exclude_none=True), 200, {"Content-Type": "application/json"}
 
 
@@ -529,9 +536,7 @@ def addFilesToUploadSet(upload_set_id: UUID, account=None):
     with db.conn(current_app) as conn:
         try:
             with conn.transaction(), conn.cursor(row_factory=dict_row) as cursor:
-                upload_set = cursor.execute(
-                    "SELECT id, account_id, completed FROM upload_sets WHERE id = %s AND not deleted", [upload_set_id]
-                ).fetchone()
+                upload_set = cursor.execute("SELECT id, account_id, completed FROM upload_sets WHERE id = %s", [upload_set_id]).fetchone()
                 if not upload_set:
                     raise errors.InvalidAPIUsage(_("UploadSet %(u)s does not exist", u=upload_set_id), status_code=404)
 
@@ -586,7 +591,7 @@ def addFilesToUploadSet(upload_set_id: UUID, account=None):
                         raise TrackedFileException(
                             _("The same picture has already been sent in a past upload"),
                             payload={"upload_sets": same_pics},
-                            rejection_status=FileRejectionStatus.invalid_metadata,
+                            rejection_status=FileRejectionStatus.file_duplicate,
                             status_code=409,
                             file=file,
                         )
@@ -613,7 +618,7 @@ def addFilesToUploadSet(upload_set_id: UUID, account=None):
                     except utils.pictures.MetadataReadingError as e:
                         raise TrackedFileException(
                             _("Impossible to parse picture metadata"),
-                            payload={"details": {"error": e.details}},
+                            payload={"details": {"error": e.details, "missing_fields": e.missing_mandatory_tags}},
                             rejection_status=FileRejectionStatus.invalid_metadata,
                             file=file,
                         )
@@ -652,14 +657,18 @@ def addFilesToUploadSet(upload_set_id: UUID, account=None):
             # something went wrong, we reject the file, but keep track of it
             with conn.transaction(), conn.cursor(row_factory=dict_row) as cursor:
                 msg = e.message
+                d = None
                 if e.payload and e.payload.get("details", {}).get("error") is not None:
-                    msg = e.payload["details"]["error"]
+                    d = deepcopy(e.payload["details"])
+                    msg = d.pop("error")
+
                 utils.upload_set.insertFileInDatabase(
                     cursor=cursor,
                     upload_set_id=upload_set_id,
                     **e.file,
                     rejection_status=e.rejection_status,
                     rejection_message=msg,
+                    rejection_details=d,
                 )
                 handle_completion(cursor, upload_set)
             raise e

geovisio/web/users.py

@@ -1,43 +1,64 @@
+from typing import List, Optional
+from uuid import UUID
 import flask
-from flask import request, current_app, url_for
+from flask import redirect, request, current_app, session, url_for
 from flask_babel import gettext as _
+from pydantic import BaseModel, Field, ValidationError, computed_field
 from geovisio.utils import auth, db
 from geovisio import errors
-from psycopg.rows import dict_row
+from psycopg.rows import dict_row, class_row
 from psycopg.sql import SQL
 
+from geovisio.utils.link import Link, make_link
+from geovisio.utils.model_query import get_db_params_and_values
+from geovisio.utils.params import validation_error
 from geovisio.web import stac
+from geovisio.web.auth import NEXT_URL_KEY
 from geovisio.web.utils import get_root_link
 
 bp = flask.Blueprint("user", __name__, url_prefix="/api/users")
 
 
-def _get_user_info(id, name):
-    userMapUrl = (
-        flask.url_for("map.getUserTile", userId=id, x="11111111", y="22222222", z="33333333", format="mvt", _external=True)
-        .replace("11111111", "{x}")
-        .replace("22222222", "{y}")
-        .replace("33333333", "{z}")
-    )
-    response = {
-        "id": id,
-        "name": name,
-        "links": [
-            {"rel": "catalog", "type": "application/json", "href": flask.url_for("stac.getUserCatalog", userId=id, _external=True)},
-            {
-                "rel": "collection",
-                "type": "application/json",
-                "href": flask.url_for("stac_collections.getUserCollection", userId=id, _external=True),
-            },
-            {
-                "rel": "user-xyz",
-                "type": "application/vnd.mapbox-vector-tile",
-                "href": userMapUrl,
-                "title": "Pictures and sequences vector tiles for a given user",
-            },
-        ],
-    }
-    return flask.jsonify(response)
+class UserInfo(BaseModel):
+    name: str
+    """Name of the user"""
+    id: UUID
+    """Unique identifier of the user"""
+    collaborative_metadata: Optional[bool] = None
+    """If true, the user can edit the metadata of all sequences. If unset, default to the instance's default configuration."""
+
+    tos_accepted: Optional[bool] = None
+    """True means the user has accepted the terms of service (tos). Can only be seen by the user itself"""
+
+    @computed_field
+    @property
+    def links(self) -> List[Link]:
+        userMapUrl = (
+            flask.url_for("map.getUserTile", userId=self.id, x="11111111", y="22222222", z="33333333", format="mvt", _external=True)
+            .replace("11111111", "{x}")
+            .replace("22222222", "{y}")
+            .replace("33333333", "{z}")
+        )
+        return [
+            make_link(rel="catalog", route="stac.getUserCatalog", userId=self.id),
+            make_link(rel="collection", route="stac_collections.getUserCollection", userId=self.id),
+            Link(
+                rel="user-xyz",
+                type="application/vnd.mapbox-vector-tile",
+                title="Pictures and sequences vector tiles for a given user",
+                href=userMapUrl,
+            ),
+        ]
+
+
+def _get_user_info(account: auth.Account):
+    user_info = UserInfo(id=account.id, name=account.name, collaborative_metadata=account.collaborative_metadata)
+    logged_account = auth.get_current_account()
+    if logged_account is not None and account.id == logged_account.id:
+        # we show the term of service acceptance only if the user is the logged user
+        user_info.tos_accepted = account.tos_accepted
+
+    return user_info.model_dump(exclude_unset=True), 200, {"Content-Type": "application/json"}
 
 
 @bp.route("/me")
@@ -55,7 +76,7 @@ def getMyUserInfo(account):
                     schema:
                         $ref: '#/components/schemas/GeoVisioUser'
     """
-    return _get_user_info(account.id, account.name)
+    return _get_user_info(account)
 
 
 @bp.route("/<uuid:userId>")
@@ -79,21 +100,29 @@ def getUserInfo(userId):
                     schema:
                         $ref: '#/components/schemas/GeoVisioUser'
     """
-    account = db.fetchone(current_app, SQL("SELECT name, id FROM accounts WHERE id = %s"), [userId], row_factory=dict_row)
+    account = db.fetchone(
+        current_app,
+        SQL("SELECT name, id::text, collaborative_metadata, role, tos_accepted FROM accounts WHERE id = %s"),
+        [userId],
+        row_factory=class_row(auth.Account),
+    )
     if not account:
         raise errors.InvalidAPIUsage(_("Impossible to find user"), status_code=404)
 
-    return _get_user_info(account["id"], account["name"])
+    return _get_user_info(account)
 
 
 @bp.route("/me/catalog")
 @auth.login_required_with_redirect()
 def getMyCatalog(account):
-    """Get current logged user catalog
+    """Get current logged user catalog.
+
+    Note that this route is deprecated in favor of `/api/users/me/collection`. This new route provides more information and offers more filtering and sorting options.
     ---
     tags:
         - Users
         - Sequences
+    deprecated: true
     responses:
         200:
             description: the Catalog listing all sequences associated to given user. Note that it's similar to the user's colletion, but with less metadata since a STAC collection is an enhanced STAC catalog.
@@ -102,18 +131,37 @@ def getMyCatalog(account):
                     schema:
                         $ref: '#/components/schemas/GeoVisioCatalog'
     """
-    return flask.redirect(flask.url_for("stac.getUserCatalog", userId=account.id, _external=True))
+    return flask.redirect(
+        flask.url_for(
+            "stac.getUserCatalog",
+            userId=account.id,
+            limit=request.args.get("limit"),
+            page=request.args.get("page"),
+            _external=True,
+        )
+    )
 
 
 @bp.route("/me/collection")
 @auth.login_required_with_redirect()
 def getMyCollection(account):
     """Get current logged user collection
+
+    Note that the result can also be a CSV file, if the "Accept" header is set to "text/csv", or if the "format" query parameter is set to "csv".
+
     ---
     tags:
         - Users
         - Sequences
     parameters:
+        - name: format
+          in: query
+          description: Expected output format (STAC JSON or a csv file)
+          required: false
+          schema:
+            type: string
+            enum: [csv, json]
+            default: json
         - $ref: '#/components/parameters/STAC_collections_limit'
         - $ref: '#/components/parameters/STAC_collections_filter'
         - $ref: '#/components/parameters/STAC_bbox'
@@ -125,19 +173,14 @@ def getMyCollection(account):
                 application/json:
                     schema:
                         $ref: '#/components/schemas/GeoVisioCollectionOfCollection'
+
+                text/csv:
+                    schema:
+                        $ref: '#/components/schemas/GeoVisioCSVCollections'
     """
+    from geovisio.web.collections import getUserCollection
 
-    return flask.redirect(
-        flask.url_for(
-            "stac_collections.getUserCollection",
-            userId=account.id,
-            filter=request.args.get("filter"),
-            limit=request.args.get("limit"),
-            sortby=request.args.get("sortby"),
-            bbox=request.args.get("bbox"),
-            _external=True,
-        )
-    )
+    return getUserCollection(userId=account.id, userIdMatchesAccount=True)
 
 
 @bp.route("/search")
@@ -272,3 +315,92 @@ LIMIT {limit};"""
             if r["has_seq"]
         ],
     }
+
+
+class UserConfiguration(BaseModel):
+    collaborative_metadata: Optional[bool] = None
+    """If true, all sequences's metadata will be, by default, editable by all users.
+    
+    If not set, it will default to the instance default collaborative editing policy."""
+
+    def has_override(self) -> bool:
+        return bool(self.model_fields_set)
+
+
+@bp.route("/me", methods=["PATCH"])
+@auth.login_required()
+def patchUserConfiguration(account):
+    """Edit the current user configuration
+
+    ---
+    tags:
+        - Users
+    requestBody:
+        content:
+            application/json:
+                schema:
+                    $ref: '#/components/schemas/GeoVisioUserConfiguration'
+    security:
+        - bearerToken: []
+        - cookieAuth: []
+    responses:
+        200:
+            description: the user configuration
+            content:
+                application/json:
+                    schema:
+                        $ref: '#/components/schemas/GeoVisioUser'
+    """
+    metadata = None
+    try:
+        if request.is_json and request.json:
+            metadata = UserConfiguration(**request.json)
+    except ValidationError as ve:
+        raise errors.InvalidAPIUsage(_("Impossible to parse parameters"), payload=validation_error(ve))
+
+    if not metadata:
+        return _get_user_info(account)
+    params = get_db_params_and_values(metadata)
+    if metadata.has_override():
+
+        fields = params.fields_for_set_list()
+
+        account = db.fetchone(
+            current_app,
+            SQL("UPDATE accounts SET {fields} WHERE id = %(account_id)s RETURNING *").format(fields=SQL(", ").join(fields)),
+            params.params_as_dict | {"account_id": account.id},
+            row_factory=class_row(auth.Account),
+        )
+
+    return _get_user_info(account)
+
+
+@bp.route("/me/accept_tos", methods=["POST"])
+@auth.login_required()
+def accept_tos(account: auth.Account):
+    """
+    Accept the terms of service for the current user
+    ---
+    tags:
+        - Auth
+    responses:
+        200:
+            description: the user configuration
+            content:
+                application/json:
+                    schema:
+                        $ref: '#/components/schemas/GeoVisioUser'
+    """
+    # Note: accepting twice does not change the accepted_at date
+    account = db.fetchone(
+        current_app,
+        SQL("UPDATE accounts SET tos_accepted_at = COALESCE(tos_accepted_at, NOW()) WHERE id = %(account_id)s RETURNING *"),
+        {"account_id": account.id},
+        row_factory=class_row(auth.Account),
+    )
+
+    # we persist in the cookie the fact that the tos have been accepted
+    session[auth.ACCOUNT_KEY] = account.model_dump(exclude_none=True)
+    session.permanent = True
+
+    return _get_user_info(account)