geovisio 2.7.1__py3-none-any.whl → 2.8.1__py3-none-any.whl

geovisio/web/upload_set.py

@@ -2,7 +2,7 @@ from copy import deepcopy
 from dataclasses import dataclass
 
 import PIL
-from geovisio.utils import auth
+from geovisio.utils import auth, model_query
 from psycopg.rows import class_row, dict_row
 from psycopg.sql import SQL
 from flask import current_app, request, Blueprint, url_for
@@ -68,21 +68,32 @@ class UploadSetCreationParameter(BaseModel):
     model_config = ConfigDict(use_attribute_docstrings=True)
 
 
-def create_upload_set(params: UploadSetCreationParameter, accountId: UUID) -> UploadSet:
-    params_as_dict = params.model_dump(exclude_none=True) | {"account_id": accountId}
+class UploadSetUpdateParameter(BaseModel):
+    """Parameters used to update an UploadSet"""
+
+    sort_method: Optional[geopic_sequence.SortMethod] = None
+    """Strategy used for sorting your pictures. Either by filename or EXIF time, in ascending or descending order."""
+    split_distance: Optional[int] = None
+    """Maximum distance between two pictures to be considered in the same sequence (in meters)."""
+    split_time: Optional[timedelta] = None
+    """Maximum time interval between two pictures to be considered in the same sequence."""
+    duplicate_distance: Optional[float] = None
+    """Maximum distance between two pictures to be considered as duplicates (in meters)."""
+    duplicate_rotation: Optional[int] = None
+    """Maximum angle of rotation for two too-close-pictures to be considered as duplicates (in degrees)."""
 
-    fields = [SQL(f) for f in params_as_dict.keys()]  # type: ignore (we can ignore psycopg types there as we control those keys since they are the attributes of UploadSetCreationParameter)
-    values = [SQL(f"%({f})s") for f in params_as_dict.keys()]  # type: ignore
-    for k, v in params_as_dict.items():
-        if isinstance(v, Dict):
-            params_as_dict[k] = Jsonb(v)  # convert dict to jsonb in database
+    model_config = ConfigDict(use_attribute_docstrings=True, extra="forbid")
+
+
+def create_upload_set(params: UploadSetCreationParameter, accountId: UUID) -> UploadSet:
+    db_params = model_query.get_db_params_and_values(params, account_id=accountId)
 
     db_upload_set = db.fetchone(
         current_app,
         SQL("INSERT INTO upload_sets({fields}) VALUES({values}) RETURNING *").format(
-            fields=SQL(", ").join(fields), values=SQL(", ").join(values)
+            fields=db_params.fields(), values=db_params.placeholders()
         ),
-        params_as_dict,
+        db_params.params_as_dict,
         row_factory=class_row(UploadSet),
     )
 
@@ -92,6 +103,25 @@ def create_upload_set(params: UploadSetCreationParameter, accountId: UUID) -> Up
     return db_upload_set
 
 
+def update_upload_set(upload_set_id: UUID, params: UploadSetUpdateParameter) -> UploadSet:
+    db_params = model_query.get_db_params_and_values(params)
+
+    with db.conn(current_app) as conn, conn.transaction():
+        import psycopg
+
+        cur = psycopg.ClientCursor(conn)
+        q = SQL("UPDATE upload_sets SET {fields} WHERE id = %(upload_set_id)s").format(fields=db_params.fields_for_set())
+        print(cur.mogrify(q, db_params.params_as_dict | {"upload_set_id": upload_set_id}))
+
+    with db.execute(
+        current_app,
+        SQL("UPDATE upload_sets SET {fields} WHERE id = %(upload_set_id)s").format(fields=db_params.fields_for_set()),
+        db_params.params_as_dict | {"upload_set_id": upload_set_id},
+    ):
+        # we get a full uploadset response
+        return get_upload_set(upload_set_id)
+
+
 @bp.route("/upload_sets", methods=["POST"])
 @auth.login_required_by_setting("API_FORCE_AUTH_ON_UPLOAD")
 def postUploadSet(account=None):
@@ -150,6 +180,64 @@ def postUploadSet(account=None):
     )
 
 
+@bp.route("/upload_sets/<uuid:upload_set_id>", methods=["PATCH"])
+@auth.login_required_by_setting("API_FORCE_AUTH_ON_UPLOAD")
+def patchUploadSet(upload_set_id, account=None):
+    """Update an existing UploadSet.
+
+    Note that the upload set will not be dispatched again, so if you changed the dispatch parameters (like split_distance, split_time, duplicate_distance, duplicate_rotation, ...), you need to call the `POST /api/upload_sets/:id/complete` endpoint to dispatch the upload set afterward.
+    ---
+    tags:
+        - Upload
+        - UploadSet
+    parameters:
+        - name: upload_set_id
+          in: path
+          description: ID of the UploadSet
+          required: true
+          schema:
+            type: string
+    requestBody:
+        content:
+            application/json:
+                schema:
+                    $ref: '#/components/schemas/GeoVisioUploadSet'
+    security:
+        - bearerToken: []
+        - cookieAuth: []
+    responses:
+        200:
+            description: the UploadSet metadata
+            content:
+                application/json:
+                    schema:
+                        $ref: '#/components/schemas/GeoVisioUploadSet'
+    """
+
+    if request.is_json and request.json is not None:
+        try:
+            params = UploadSetUpdateParameter(**request.json)
+        except ValidationError as ve:
+            raise errors.InvalidAPIUsage(_("Impossible to update the UploadSet"), payload=validation_error(ve))
+    else:
+        raise errors.InvalidAPIUsage(_("Parameter for updating an UploadSet should be a valid JSON"), status_code=415)
+
+    upload_set = get_simple_upload_set(upload_set_id)
+    if upload_set is None:
+        raise errors.InvalidAPIUsage(_("UploadSet doesn't exist"), status_code=404)
+
+    if account and str(upload_set.account_id) != account.id:
+        raise errors.InvalidAPIUsage(_("You are not allowed to update this upload set"), status_code=403)
+
+    if not params.model_fields_set:
+        # nothing to update, return the upload set
+        upload_set = get_upload_set(upload_set_id)
+    else:
+        upload_set = update_upload_set(upload_set_id, params)
+
+    return upload_set.model_dump_json(exclude_none=True), 200, {"Content-Type": "application/json"}
+
+
 @bp.route("/upload_sets/<uuid:upload_set_id>", methods=["GET"])
 def getUploadSet(upload_set_id):
     """Get an existing UploadSet
@@ -185,8 +273,7 @@ def getUploadSet(upload_set_id):
 
 
 @bp.route("/upload_sets/<uuid:upload_set_id>/files", methods=["GET"])
-@auth.login_required_by_setting("API_FORCE_AUTH_ON_UPLOAD")
-def getUploadSetFiles(upload_set_id, account=None):
+def getUploadSetFiles(upload_set_id):
     """List the files of an UploadSet
     ---
     tags:
@@ -210,13 +297,20 @@ def getUploadSetFiles(upload_set_id, account=None):
                     schema:
                         $ref: '#/components/schemas/GeoVisioUploadSetFiles'
     """
+    account = utils.auth.get_current_account()
+
     u = get_simple_upload_set(upload_set_id)
     if u is None:
         raise errors.InvalidAPIUsage(_("UploadSet doesn't exist"), status_code=404)
-    if account is not None and account.id != str(u.account_id):
-        raise errors.InvalidAPIUsage(_("You're not authorized to list pictures in this upload set"), status_code=403)
 
     upload_set_files = get_upload_set_files(upload_set_id)
+
+    if account is None or account.id != str(u.account_id):
+        # if the user is not the owner of the upload set, we remove the picture_id since we might leak too many information
+        # not sure about this one, this could evolve in the future
+        for f in upload_set_files.files:
+            f.picture_id = None
+
     return upload_set_files.model_dump_json(exclude_none=True), 200, {"Content-Type": "application/json"}
 
 

geovisio/web/users.py

@@ -1,43 +1,91 @@
+from typing import List, Optional
+from uuid import UUID
 import flask
-from flask import request, current_app, url_for
+from flask import request, current_app, session, url_for
 from flask_babel import gettext as _
+from pydantic import BaseModel, ConfigDict, ValidationError, computed_field
 from geovisio.utils import auth, db
 from geovisio import errors
-from psycopg.rows import dict_row
+from psycopg.rows import dict_row, class_row
 from psycopg.sql import SQL
 
+from geovisio.utils.link import Link, make_link
+from geovisio.utils.model_query import get_db_params_and_values
+from geovisio.utils.params import validation_error
 from geovisio.web import stac
+from geovisio.web.auth import NEXT_URL_KEY
 from geovisio.web.utils import get_root_link
 
 bp = flask.Blueprint("user", __name__, url_prefix="/api/users")
 
 
-def _get_user_info(id, name):
-    userMapUrl = (
-        flask.url_for("map.getUserTile", userId=id, x="11111111", y="22222222", z="33333333", format="mvt", _external=True)
-        .replace("11111111", "{x}")
-        .replace("22222222", "{y}")
-        .replace("33333333", "{z}")
-    )
-    response = {
-        "id": id,
-        "name": name,
-        "links": [
-            {"rel": "catalog", "type": "application/json", "href": flask.url_for("stac.getUserCatalog", userId=id, _external=True)},
-            {
-                "rel": "collection",
-                "type": "application/json",
-                "href": flask.url_for("stac_collections.getUserCollection", userId=id, _external=True),
-            },
-            {
-                "rel": "user-xyz",
-                "type": "application/vnd.mapbox-vector-tile",
-                "href": userMapUrl,
-                "title": "Pictures and sequences vector tiles for a given user",
-            },
-        ],
-    }
-    return flask.jsonify(response)
+class Permissions(BaseModel):
+    """Role and permissions of a user"""
+
+    role: auth.AccountRole
+    """Role of the user"""
+    can_check_reports: bool
+    """Is account legitimate to read any report ?"""
+    can_edit_excluded_areas: bool
+    """Is account legitimate to read and edit excluded areas ?"""
+    can_edit_pages: bool
+    """Is account legitimate to edit web pages ?"""
+
+    model_config = ConfigDict(use_attribute_docstrings=True, use_enum_values=True)
+
+
+class UserInfo(BaseModel):
+    name: str
+    """Name of the user"""
+    id: UUID
+    """Unique identifier of the user"""
+    collaborative_metadata: Optional[bool] = None
+    """If true, the user can edit the metadata of all sequences. If unset, default to the instance's default configuration."""
+
+    tos_accepted: Optional[bool] = None
+    """True means the user has accepted the terms of service (tos). Can only be seen by the user itself"""
+
+    permissions: Optional[Permissions] = None
+    """The user role and permissions. Can only be seen by the user itself"""
+
+    model_config = ConfigDict(use_attribute_docstrings=True)
+
+    @computed_field
+    @property
+    def links(self) -> List[Link]:
+        userMapUrl = (
+            flask.url_for("map.getUserTile", userId=self.id, x="11111111", y="22222222", z="33333333", format="mvt", _external=True)
+            .replace("11111111", "{x}")
+            .replace("22222222", "{y}")
+            .replace("33333333", "{z}")
+        )
+        return [
+            make_link(rel="catalog", route="stac.getUserCatalog", userId=self.id),
+            make_link(rel="collection", route="stac_collections.getUserCollection", userId=self.id),
+            Link(
+                rel="user-xyz",
+                type="application/vnd.mapbox-vector-tile",
+                title="Pictures and sequences vector tiles for a given user",
+                href=userMapUrl,
+            ),
+        ]
+
+
+def _get_user_info(account: auth.Account):
+    user_info = UserInfo(id=account.id, name=account.name, collaborative_metadata=account.collaborative_metadata)
+    logged_account = auth.get_current_account()
+    if logged_account is not None and account.id == logged_account.id:
+        # we show the term of service acceptance only if the user is the logged user and if ToS are mandatory
+        if flask.current_app.config["API_ENFORCE_TOS_ACCEPTANCE"]:
+            user_info.tos_accepted = account.tos_accepted
+        user_info.permissions = Permissions(
+            role=account.role,
+            can_check_reports=account.can_check_reports(),
+            can_edit_excluded_areas=account.can_edit_excluded_areas(),
+            can_edit_pages=account.can_edit_pages(),
+        )
+
+    return user_info.model_dump(exclude_unset=True), 200, {"Content-Type": "application/json"}
 
 
 @bp.route("/me")
@@ -55,7 +103,7 @@ def getMyUserInfo(account):
                     schema:
                         $ref: '#/components/schemas/GeoVisioUser'
     """
-    return _get_user_info(account.id, account.name)
+    return _get_user_info(account)
 
 
 @bp.route("/<uuid:userId>")
@@ -79,21 +127,29 @@ def getUserInfo(userId):
                     schema:
                         $ref: '#/components/schemas/GeoVisioUser'
     """
-    account = db.fetchone(current_app, SQL("SELECT name, id FROM accounts WHERE id = %s"), [userId], row_factory=dict_row)
+    account = db.fetchone(
+        current_app,
+        SQL("SELECT name, id::text, collaborative_metadata, role, tos_accepted FROM accounts WHERE id = %s"),
+        [userId],
+        row_factory=class_row(auth.Account),
+    )
     if not account:
         raise errors.InvalidAPIUsage(_("Impossible to find user"), status_code=404)
 
-    return _get_user_info(account["id"], account["name"])
+    return _get_user_info(account)
 
 
 @bp.route("/me/catalog")
 @auth.login_required_with_redirect()
 def getMyCatalog(account):
-    """Get current logged user catalog
+    """Get current logged user catalog.
+
+    Note that this route is deprecated in favor of `/api/users/me/collection`. This new route provides more information and offers more filtering and sorting options.
     ---
     tags:
         - Users
         - Sequences
+    deprecated: true
     responses:
         200:
             description: the Catalog listing all sequences associated to given user. Note that it's similar to the user's colletion, but with less metadata since a STAC collection is an enhanced STAC catalog.
@@ -102,18 +158,37 @@ def getMyCatalog(account):
                     schema:
                         $ref: '#/components/schemas/GeoVisioCatalog'
     """
-    return flask.redirect(flask.url_for("stac.getUserCatalog", userId=account.id, _external=True))
+    return flask.redirect(
+        flask.url_for(
+            "stac.getUserCatalog",
+            userId=account.id,
+            limit=request.args.get("limit"),
+            page=request.args.get("page"),
+            _external=True,
+        )
+    )
 
 
 @bp.route("/me/collection")
 @auth.login_required_with_redirect()
 def getMyCollection(account):
     """Get current logged user collection
+
+    Note that the result can also be a CSV file, if the "Accept" header is set to "text/csv", or if the "format" query parameter is set to "csv".
+
     ---
     tags:
         - Users
         - Sequences
     parameters:
+        - name: format
+          in: query
+          description: Expected output format (STAC JSON or a csv file)
+          required: false
+          schema:
+            type: string
+            enum: [csv, json]
+            default: json
         - $ref: '#/components/parameters/STAC_collections_limit'
         - $ref: '#/components/parameters/STAC_collections_filter'
         - $ref: '#/components/parameters/STAC_bbox'
@@ -125,19 +200,14 @@ def getMyCollection(account):
                 application/json:
                     schema:
                         $ref: '#/components/schemas/GeoVisioCollectionOfCollection'
+
+                text/csv:
+                    schema:
+                        $ref: '#/components/schemas/GeoVisioCSVCollections'
     """
+    from geovisio.web.collections import getUserCollection
 
-    return flask.redirect(
-        flask.url_for(
-            "stac_collections.getUserCollection",
-            userId=account.id,
-            filter=request.args.get("filter"),
-            limit=request.args.get("limit"),
-            sortby=request.args.get("sortby"),
-            bbox=request.args.get("bbox"),
-            _external=True,
-        )
-    )
+    return getUserCollection(userId=account.id, userIdMatchesAccount=True)
 
 
 @bp.route("/search")
@@ -272,3 +342,92 @@ LIMIT {limit};"""
             if r["has_seq"]
         ],
     }
+
+
+class UserConfiguration(BaseModel):
+    collaborative_metadata: Optional[bool] = None
+    """If true, all sequences's metadata will be, by default, editable by all users.
+    
+    If not set, it will default to the instance default collaborative editing policy."""
+
+    def has_override(self) -> bool:
+        return bool(self.model_fields_set)
+
+
+@bp.route("/me", methods=["PATCH"])
+@auth.login_required()
+def patchUserConfiguration(account):
+    """Edit the current user configuration
+
+    ---
+    tags:
+        - Users
+    requestBody:
+        content:
+            application/json:
+                schema:
+                    $ref: '#/components/schemas/GeoVisioUserConfiguration'
+    security:
+        - bearerToken: []
+        - cookieAuth: []
+    responses:
+        200:
+            description: the user configuration
+            content:
+                application/json:
+                    schema:
+                        $ref: '#/components/schemas/GeoVisioUser'
+    """
+    metadata = None
+    try:
+        if request.is_json and request.json:
+            metadata = UserConfiguration(**request.json)
+    except ValidationError as ve:
+        raise errors.InvalidAPIUsage(_("Impossible to parse parameters"), payload=validation_error(ve))
+
+    if not metadata:
+        return _get_user_info(account)
+    params = get_db_params_and_values(metadata)
+    if metadata.has_override():
+
+        fields = params.fields_for_set_list()
+
+        account = db.fetchone(
+            current_app,
+            SQL("UPDATE accounts SET {fields} WHERE id = %(account_id)s RETURNING *").format(fields=SQL(", ").join(fields)),
+            params.params_as_dict | {"account_id": account.id},
+            row_factory=class_row(auth.Account),
+        )
+
+    return _get_user_info(account)
+
+
+@bp.route("/me/accept_tos", methods=["POST"])
+@auth.login_required()
+def accept_tos(account: auth.Account):
+    """
+    Accept the terms of service for the current user
+    ---
+    tags:
+        - Auth
+    responses:
+        200:
+            description: the user configuration
+            content:
+                application/json:
+                    schema:
+                        $ref: '#/components/schemas/GeoVisioUser'
+    """
+    # Note: accepting twice does not change the accepted_at date
+    account = db.fetchone(
+        current_app,
+        SQL("UPDATE accounts SET tos_accepted_at = COALESCE(tos_accepted_at, NOW()) WHERE id = %(account_id)s RETURNING *"),
+        {"account_id": account.id},
+        row_factory=class_row(auth.Account),
+    )
+
+    # we persist in the cookie the fact that the tos have been accepted
+    session[auth.ACCOUNT_KEY] = account.model_dump(exclude_none=True)
+    session.permanent = True
+
+    return _get_user_info(account)