geovisio 2.9.0__py3-none-any.whl → 2.11.0__py3-none-any.whl

geovisio/web/queryables.py

@@ -0,0 +1,57 @@
+import flask
+
+bp = flask.Blueprint("queryables", __name__, url_prefix="/api")
+
+ITEMS_QUERYABLES = {
+    "$schema": "https://json-schema.org/draft/2019-09/schema",
+    "$id": "https://stac-api.example.com/queryables",
+    "type": "object",
+    "title": "Queryables for Panoramax STAC API",
+    "description": "Queryable names for Panoramax STAC API Item Search filter.",
+    "properties": {
+        "semantics": {
+            "description": "Tag to represent the presence of semantics. Only support the IS NOT NULL operator for the moment, to search for all items with at least one semantic tag.",
+            "type": "string",
+        },
+    },
+    "patternProperties": {
+        "^semantics\\.(.+)$": {
+            "description": "Specific semantic tag. The semantic tag `key` should be after the prefix `semantics.`",
+            "type": "string",
+        }
+    },
+    "additionalProperties": False,
+}
+
+COLLECTION_QUERYABLES = {
+    "$schema": "https://json-schema.org/draft/2019-09/schema",
+    "$id": "https://stac-api.example.com/queryables",
+    "type": "object",
+    "title": "Queryables for Panoramax STAC API",
+    "description": "Queryable names for Panoramax STAC API Item Search filter.",
+    "properties": {
+        "created": {
+            "description": "Created date of the collection. The filter can be either a date or a datetime",
+            "type": "string",
+            "anyOf": [{"format": "date-time"}, {"format": "date"}],
+        },
+        "updated": {
+            "description": "Update date of the collection. The filter can be either a date or a datetime",
+            "type": "string",
+            "anyOf": [{"format": "date-time"}, {"format": "date"}],
+        },
+    },
+    "additionalProperties": False,
+}
+
+
+@bp.route("/queryables")
+def search_queryables():
+    """List of queryables for search as defined by https://github.com/stac-api-extensions/filter?tab=readme-ov-file#queryables"""
+    return flask.jsonify(ITEMS_QUERYABLES), {"Cache-Control": "public, max-age=3600"}
+
+
+@bp.route("/collections/queryables")
+def collection_queryables():
+    """List of queryables for collection-search as defined by https://github.com/stac-api-extensions/filter?tab=readme-ov-file#queryables"""
+    return flask.jsonify(COLLECTION_QUERYABLES), {"Cache-Control": "public, max-age=3600"}

geovisio/web/stac.py

@@ -144,6 +144,12 @@ def getLanding():
                     "href": mapUrl,
                     "title": "Pictures and sequences vector tiles",
                 },
+                {
+                    "title": "Queryables",
+                    "href": url_for("queryables.search_queryables", _external=True),
+                    "rel": "http://www.opengis.net/def/rel/ogc/1.0/queryables",
+                    "type": "application/schema+json",
+                },
                 {
                     "rel": "xyz-style",
                     "type": "application/json",
@@ -348,7 +354,6 @@ def getUserCatalog(userId, userIdMatchesAccount=False):
     collection_request.pagination_filter = parse_collection_filter(request.args.get("page"))
 
     userName = None
-    meta_collection = None
     with db.cursor(current_app, row_factory=dict_row) as cursor:
         userName = cursor.execute("SELECT name FROM accounts WHERE id = %s", [userId]).fetchone()
 
@@ -359,8 +364,9 @@ def getUserCatalog(userId, userIdMatchesAccount=False):
         datasetBounds = get_dataset_bounds(
             cursor.connection,
             collection_request.sort_by,
-            additional_filters=SQL("s.account_id = %(account)s"),
+            additional_filters=SQL("s.account_id = %(account)s AND is_sequence_visible_by_user(s, %(account_to_query)s)"),
             additional_filters_params={"account": userId},
+            account_to_query_id=auth.get_current_account_id(),
         )
 
         if datasetBounds is None:

geovisio/web/tokens.py

@@ -22,7 +22,7 @@ def list_tokens(account):
 
     The list of tokens will not contain their JWT counterpart (the JWT is the real token used in authentication).
 
-    The JWT counterpart can be retreived by providing the token's id to the endpoint [/users/me/tokens/{token_id}](#/Auth/get_api_users_me_tokens__token_id_).
+    The JWT counterpart can be retrieved by providing the token's id to the endpoint [/users/me/tokens/{token_id}](#/Auth/get_api_users_me_tokens__token_id_).
     ---
     tags:
         - Auth
@@ -254,6 +254,54 @@ def claim_non_associated_token(token_id, account):
         return "You are now logged in the CLI, you can upload your pictures", 200
 
 
+@bp.route("/users/me/tokens", methods=["POST"])
+@auth.login_required_with_redirect()
+def generate_associated_token(account: auth.Account):
+    """
+    Generate a new token associated to the current user
+
+    The response contains the JWT token and is directly usable (unlike tokens created by `/auth/tokens/generate` that are not associated to a user by default). This token does not need to be claimed.
+    ---
+    tags:
+        - Auth
+    requestBody:
+        content:
+            application/json:
+                schema:
+                    $ref: '#/components/schemas/GeovisioPostToken'
+    responses:
+        200:
+            description: The newly generated token
+            content:
+                application/json:
+                    schema:
+                        $ref: '#/components/schemas/GeoVisioEncodedToken'
+    """
+    if request.is_json:
+        description = request.json.get("description", "")
+    else:
+        description = None
+
+    token = db.fetchone(
+        current_app,
+        "INSERT INTO tokens (description, account_id) VALUES (%(description)s, %(account_id)s) RETURNING *",
+        {"account_id": account.id, "description": description},
+        row_factory=dict_row,
+    )
+    if not token:
+        raise errors.InternalError(_("Impossible to generate a new token"))
+
+    jwt_token = _generate_jwt_token(token["id"])
+    return flask.jsonify(
+        {
+            "jwt_token": jwt_token,
+            "id": token["id"],
+            "description": token["description"],
+            "generated_at": token["generated_at"].astimezone(tz.gettz("UTC")).isoformat(),
+        }
+    )
+
+
 def _generate_jwt_token(token_id: uuid.UUID) -> str:
     """
     Generate a JWT token from a token's id.

geovisio/web/upload_set.py

@@ -1,6 +1,5 @@
 from copy import deepcopy
 from dataclasses import dataclass
-
 import PIL
 from geovisio.utils import auth, model_query
 from psycopg.rows import class_row, dict_row
@@ -8,18 +7,16 @@ from psycopg.sql import SQL
 from flask import current_app, request, Blueprint, url_for
 from flask_babel import gettext as _, get_locale
 from geopic_tag_reader import sequence as geopic_sequence
-from geovisio.web.utils import accountIdOrDefault
-from psycopg.types.json import Jsonb
-from geovisio.web.params import (
-    as_latitude,
-    as_longitude,
-    parse_datetime,
-)
+from geovisio.web.utils import accountOrDefault
+from geovisio.utils.fields import parse_relative_heading
+from geovisio.web.params import as_latitude, as_longitude, parse_datetime, Visibility, check_visibility
 import logging
 from geovisio.utils import db
 from geovisio import utils
 from geopic_tag_reader.writer import writePictureMetadata, PictureMetadata
 from geovisio.utils.params import validation_error
+from geovisio.utils.semantics import SemanticTagUpdate
+from geovisio.utils import semantics
 from geovisio import errors
 from pydantic import BaseModel, ConfigDict, ValidationError, Field, field_validator, model_validator
 from uuid import UUID
@@ -37,7 +34,7 @@ from geovisio.utils.upload_set import (
 import os
 import hashlib
 import sentry_sdk
-from typing import Optional, Any, Dict
+from typing import Optional, Any, Dict, List
 
 
 bp = Blueprint("upload_set", __name__, url_prefix="/api")
@@ -52,20 +49,62 @@ class UploadSetCreationParameter(BaseModel):
     """Estimated number of items that will be sent to the UploadSet"""
     sort_method: Optional[geopic_sequence.SortMethod] = None
     """Strategy used for sorting your pictures. Either by filename or EXIF time, in ascending or descending order."""
+    no_split: Optional[bool] = None
+    """If True, all pictures of this upload set will be grouped in the same sequence. Is incompatible with split_distance / split_time."""
     split_distance: Optional[int] = None
-    """Maximum distance between two pictures to be considered in the same sequence (in meters)."""
+    """Maximum distance between two pictures to be considered in the same sequence (in meters). If not set, the instance default will be used. The instance defaults can be see in /api/configuration."""
     split_time: Optional[timedelta] = None
-    """Maximum time interval between two pictures to be considered in the same sequence."""
+    """Maximum time interval between two pictures to be considered in the same sequence.
+    If not set, the instance default will be used. The instance defaults can be see in /api/configuration."""
+    no_deduplication: Optional[bool] = None
+    """If True, no duplication will be done. Is incompatible with duplicate_distance / duplicate_rotation."""
     duplicate_distance: Optional[float] = None
-    """Maximum distance between two pictures to be considered as duplicates (in meters)."""
+    """Maximum distance between two pictures to be considered as duplicates (in meters).
+    If not set, the instance default will be used. The instance defaults can be see in /api/configuration."""
     duplicate_rotation: Optional[int] = None
-    """Maximum angle of rotation for two too-close-pictures to be considered as duplicates (in degrees)."""
+    """Maximum angle of rotation for two too-close-pictures to be considered as duplicates (in degrees).
+    If not set, the instance default will be used. The instance defaults can be see in /api/configuration."""
     metadata: Optional[Dict[str, Any]] = None
     """Optional metadata associated to the upload set. Can contain any key-value pair."""
     user_agent: Optional[str] = None
     """Software used by client to create this upload set, in HTTP Header User-Agent format"""
+    semantics: Optional[List[SemanticTagUpdate]] = None
+    """Semantic tags associated to the upload_set. Those tags will be added to all sequences linked to this upload set"""
+    relative_heading: Optional[int] = None
+    """The relative heading (in degrees), offset based on movement path (0° = looking forward, -90° = looking left, 90° = looking right). For single picture upload_sets, 0° is heading north). Headings are unchanged if this parameter is not set."""
+    visibility: Optional[Visibility] = None
+    """Visibility of the upload set. Can be set to:
+    * `anyone`: the upload is visible to anyone
+    * `owner-only`: the upload is visible to the owner and administrator only
+    * `logged-only`: the upload is visible to logged users only
 
-    model_config = ConfigDict(use_attribute_docstrings=True)
+    This visibility can also be set for each picture individually, or each collections, using the `visibility` field of the pictures/collections.
+    If not set at those levels, it will default to the visibility of the `account` and if not set the default visibility of the instance."""
+
+    model_config = ConfigDict(use_enum_values=True, use_attribute_docstrings=True)
+
+    def validate(self):
+        if self.no_split is True and (self.split_distance is not None or self.split_time is not None):
+            raise errors.InvalidAPIUsage("The `no_split` parameter is incompatible with specifying `split_distance` / `split_duration`")
+        if self.no_deduplication is True and (self.duplicate_distance is not None or self.duplicate_rotation is not None):
+            raise errors.InvalidAPIUsage(
+                "The `no_deduplication` parameter is incompatible with specifying `duplicate_distance` / `duplicate_rotation`"
+            )
+
+    @field_validator("relative_heading", mode="before")
+    @classmethod
+    def parse_relative_heading(cls, value):
+        return parse_relative_heading(value)
+
+    @field_validator("visibility", mode="after")
+    @classmethod
+    def validate_visibility(cls, visibility):
+        if not check_visibility(visibility):
+            raise errors.InvalidAPIUsage(
+                _("The logged-only visibility is not allowed on this instance since anybody can create an account"),
+                status_code=400,
+            )
+        return visibility
 
 
 class UploadSetUpdateParameter(BaseModel):
@@ -73,46 +112,173 @@ class UploadSetUpdateParameter(BaseModel):
 
     sort_method: Optional[geopic_sequence.SortMethod] = None
     """Strategy used for sorting your pictures. Either by filename or EXIF time, in ascending or descending order."""
+    no_split: Optional[bool] = None
+    """If True, all pictures of this upload set will be grouped in the same sequence. Is incompatible with split_distance / split_time."""
     split_distance: Optional[int] = None
     """Maximum distance between two pictures to be considered in the same sequence (in meters)."""
     split_time: Optional[timedelta] = None
     """Maximum time interval between two pictures to be considered in the same sequence."""
+    no_deduplication: Optional[bool] = None
+    """If True, no deduplication will be done. Is incompatible with duplicate_distance / duplicate_rotation
+
+    Note that if the upload_set has already been dispatched, the deduplication has already been done so it cannot be deactivated.
+    """
     duplicate_distance: Optional[float] = None
     """Maximum distance between two pictures to be considered as duplicates (in meters)."""
     duplicate_rotation: Optional[int] = None
     """Maximum angle of rotation for two too-close-pictures to be considered as duplicates (in degrees)."""
+    semantics: Optional[List[SemanticTagUpdate]] = None
+    """Semantic tags associated to the upload_set. Those tags will be added to all sequences linked to this upload set.
+    By default each tag will be added to the upload set's tags, but you can change this behavior by setting the `action` parameter to `delete`.
+
+    If you want to replace a tag, you need to first delete it, then add it again.
+
+    Like:
+    [
+        {"key": "some_key", "value": "some_value", "action": "delete"},
+        {"key": "some_key", "value": "some_new_value"}
+    ]
+    
+    Note: for the moment it's not possible to update the semantics of an upload set after it has been dispatched.
+    If that is something needed, feel free to open an issue.
+    """
+    relative_heading: Optional[int] = None
+    """The relative heading (in degrees), offset based on movement path (0° = looking forward, -90° = looking left, 90° = looking right). For single picture upload_sets, 0° is heading north). Headings are unchanged if this parameter is not set."""
+    visibility: Optional[Visibility] = None
+    """Visibility of the upload set. Can be set to:
+    * `anyone`: the upload is visible to anyone
+    * `owner-only`: the upload is visible to the owner and administrator only
+    * `logged-only`: the upload is visible to logged users only
 
-    model_config = ConfigDict(use_attribute_docstrings=True, extra="forbid")
+    This visibility can also be set for each picture individually, or each collections, using the `visibility` field of the pictures/collections.
+    If not set at those levels, it will default to the visibility of the `account` and if not set the default visibility of the instance."""
+
+    model_config = ConfigDict(use_enum_values=True, use_attribute_docstrings=True, extra="forbid")
+
+    def validate(self):
+        if self.no_split is True and (self.split_distance is not None or self.split_time is not None):
+            raise errors.InvalidAPIUsage("The `no_split` parameter is incompatible with specifying `split_distance` / `split_duration`")
+        if self.no_deduplication is True and (self.duplicate_distance is not None or self.duplicate_rotation is not None):
+            raise errors.InvalidAPIUsage(
+                "The `no_deduplication` parameter is incompatible with specifying `duplicate_distance` / `duplicate_rotation`"
+            )
+
+    @field_validator("visibility", mode="after")
+    @classmethod
+    def validate_visibility(cls, visibility):
+        if not check_visibility(visibility):
+            raise errors.InvalidAPIUsage(
+                _("The logged-only visibility is not allowed on this instance since anybody can create an account"),
+                status_code=400,
+            )
+        return visibility
+
+    def has_only_semantics_updates(self):
+        return self.model_fields_set == {"semantics"}
+
+    @field_validator("relative_heading", mode="before")
+    @classmethod
+    def parse_relative_heading(cls, value):
+        return parse_relative_heading(value)
 
 
 def create_upload_set(params: UploadSetCreationParameter, accountId: UUID) -> UploadSet:
+    sem = params.semantics
+    params.semantics = None
+    # we handle visibility a bit differently, to be able to default to the account's default visibility / instance's default visibility
+    visibility = params.visibility
+    params.visibility = None
     db_params = model_query.get_db_params_and_values(params, account_id=accountId)
 
-    db_upload_set = db.fetchone(
-        current_app,
-        SQL("INSERT INTO upload_sets({fields}) VALUES({values}) RETURNING *").format(
-            fields=db_params.fields(), values=db_params.placeholders()
-        ),
-        db_params.params_as_dict,
-        row_factory=class_row(UploadSet),
-    )
-
-    if db_upload_set is None:
-        raise Exception("Impossible to insert upload_set in database")
+    with db.conn(current_app) as conn, conn.transaction():
+
+        with conn.cursor(row_factory=class_row(UploadSet)) as cursor:
+            db_upload_set = cursor.execute(
+                SQL(
+                    """INSERT INTO upload_sets({fields}, visibility) 
+VALUES({values}, 
+    (COALESCE(%(visibility)s,
+        (SELECT default_visibility FROM accounts WHERE id = %(account_id)s), 
+        (SELECT default_visibility FROM configurations LIMIT 1))))
+RETURNING *"""
+                ).format(fields=db_params.fields(), values=db_params.placeholders()),
+                db_params.params_as_dict | {"visibility": visibility},
+            ).fetchone()
+
+            if db_upload_set is None:
+                raise Exception("Impossible to insert upload_set in database")
+
+        if sem:
+            with conn.cursor() as cursor:
+                semantics.update_tags(
+                    cursor=cursor,
+                    entity=semantics.Entity(semantics.EntityType.upload_set, db_upload_set.id),
+                    actions=sem,
+                    account=accountId,
+                )
 
     return db_upload_set
 
 
-def update_upload_set(upload_set_id: UUID, params: UploadSetUpdateParameter) -> UploadSet:
-    db_params = model_query.get_db_params_and_values(params)
+def update_upload_set(upload_set_id: UUID, params: UploadSetUpdateParameter, account) -> UploadSet:
+    """Update an upload set
+    Since the semantic tags are handled in a separate table, split the update in 2, the semantic update, and the upload_sets table update"""
+    with db.conn(current_app) as conn, conn.transaction():
+        if params.semantics:
+            # update the semantics if needed, and remove the semantic from the params for the other fields update
+            sem = params.semantics
+            params.semantics = None
 
-    with db.execute(
-        current_app,
-        SQL("UPDATE upload_sets SET {fields} WHERE id = %(upload_set_id)s").format(fields=db_params.fields_for_set()),
-        db_params.params_as_dict | {"upload_set_id": upload_set_id},
-    ):
-        # we get a full uploadset response
-        return get_upload_set(upload_set_id)
+            with conn.cursor() as cursor:
+                semantics.update_tags(
+                    cursor=cursor,
+                    entity=semantics.Entity(semantics.EntityType.upload_set, upload_set_id),
+                    actions=sem,
+                    account=account.id if account is not None else None,
+                )
+
+                us_dispatched = cursor.execute(
+                    SQL("SELECT dispatched FROM upload_sets WHERE id = %(upload_set_id)s"),
+                    {"upload_set_id": upload_set_id},
+                ).fetchone()
+
+                if us_dispatched[0] is True:
+                    # if the upload set is already dispatched, we propagate the semantic update to all the associated collections
+                    # Note that there is a lock on the `upload_sets` row to avoid updating the semantics while dispatching the upload set
+                    associated_cols = conn.execute("SELECT id FROM sequences WHERE upload_set_id = %s", [upload_set_id]).fetchall()
+                    for c in associated_cols:
+                        col_id = c[0]
+                        semantics.update_tags(
+                            cursor=cursor,
+                            entity=semantics.Entity(semantics.EntityType.seq, col_id),
+                            actions=sem,
+                            account=account.id if account is not None else None,
+                        )
+
+        if params.model_fields_set != {"semantics"}:
+            # if there was other fields to update
+            db_params = model_query.get_db_params_and_values(params)
+
+            conn.execute(
+                SQL("UPDATE upload_sets SET {fields} WHERE id = %(upload_set_id)s").format(fields=db_params.fields_for_set()),
+                db_params.params_as_dict | {"upload_set_id": upload_set_id},
+            )
+            if params.visibility is not None:
+                # if we change the visibility, we check if some collections have been created to change their visibility too
+                with conn.cursor() as cursor:
+                    us_dispatched = cursor.execute(
+                        SQL("SELECT dispatched FROM upload_sets WHERE id = %(upload_set_id)s"),
+                        {"upload_set_id": upload_set_id},
+                    ).fetchone()
+
+                    if us_dispatched[0] is True:
+                        cursor.execute(
+                            SQL("UPDATE sequences SET visibility = %(visibility)s WHERE upload_set_id = %(upload_set_id)s"),
+                            {"visibility": params.visibility, "upload_set_id": upload_set_id},
+                        )
+
+    # we get a full uploadset response
+    return get_upload_set(upload_set_id, account_to_query=account.id if account else None)
 
 
 @bp.route("/upload_sets", methods=["POST"])
@@ -132,7 +298,7 @@ def postUploadSet(account=None):
           required: false
           schema:
             type: string
-          description: An explicit User-Agent value is prefered if you create a production-ready tool, formatted like "GeoVisioCLI/1.0"
+          description: An explicit User-Agent value is preferred if you create a production-ready tool, formatted like "GeoVisioCLI/1.0"
     requestBody:
         content:
             application/json:
@@ -158,7 +324,8 @@ def postUploadSet(account=None):
     else:
         raise errors.InvalidAPIUsage(_("Parameter for creating an UploadSet should be a valid JSON"), status_code=415)
 
-    account_id = UUID(accountIdOrDefault(account))
+    params.validate()
+    account_id = UUID(accountOrDefault(account).id)
 
     upload_set = create_upload_set(params, account_id)
 
@@ -178,7 +345,9 @@ def postUploadSet(account=None):
 def patchUploadSet(upload_set_id, account=None):
     """Update an existing UploadSet.
 
-    Note that the upload set will not be dispatched again, so if you changed the dispatch parameters (like split_distance, split_time, duplicate_distance, duplicate_rotation, ...), you need to call the `POST /api/upload_sets/:id/complete` endpoint to dispatch the upload set afterward.
+    For most fields, only the owner of the UploadSet can update it. The only exception is the `semantics` field, which can be updated by any user.
+
+    Note that the upload set will not be dispatched again, so if you changed the dispatch parameters (like split_distance, split_time, duplicate_distance, duplicate_rotation, relative_heading, ...), you need to call the `POST /api/upload_sets/:id/complete` endpoint to dispatch the upload set afterward.
     ---
     tags:
         - Upload
@@ -215,18 +384,20 @@ def patchUploadSet(upload_set_id, account=None):
     else:
         raise errors.InvalidAPIUsage(_("Parameter for updating an UploadSet should be a valid JSON"), status_code=415)
 
+    params.validate()
     upload_set = get_simple_upload_set(upload_set_id)
     if upload_set is None:
         raise errors.InvalidAPIUsage(_("UploadSet doesn't exist"), status_code=404)
 
-    if account and str(upload_set.account_id) != account.id:
-        raise errors.InvalidAPIUsage(_("You are not allowed to update this upload set"), status_code=403)
-
     if not params.model_fields_set:
         # nothing to update, return the upload set
-        upload_set = get_upload_set(upload_set_id)
+        upload_set = get_upload_set(upload_set_id, account_to_query=account.id if account else None)
     else:
-        upload_set = update_upload_set(upload_set_id, params)
+        if account and str(upload_set.account_id) != account.id:
+            if not params.has_only_semantics_updates() and not account.can_edit_upload_set(str(upload_set.account_id)):
+                raise errors.InvalidAPIUsage(_("You are not allowed to update this upload set"), status_code=403)
+
+        upload_set = update_upload_set(upload_set_id, params, account)
 
     return upload_set.model_dump_json(exclude_none=True), 200, {"Content-Type": "application/json"}
 
@@ -258,7 +429,7 @@ def getUploadSet(upload_set_id):
                     schema:
                         $ref: '#/components/schemas/GeoVisioUploadSet'
     """
-    upload_set = get_upload_set(upload_set_id)
+    upload_set = get_upload_set(upload_set_id, account_to_query=auth.get_current_account_id())
     if upload_set is None:
         raise errors.InvalidAPIUsage(_("UploadSet doesn't exist"), status_code=404)
 
@@ -352,7 +523,9 @@ def listUserUpload(account):
     except ValidationError as ve:
         raise errors.InvalidAPIUsage(_("Impossible to parse parameters"), payload=validation_error(ve))
 
-    upload_sets = list_upload_sets(account_id=params.account_id, limit=params.limit, filter=params.filter)
+    upload_sets = list_upload_sets(
+        account_id=params.account_id, limit=params.limit, filter=params.filter, account_to_query=account.id if account else None
+    )
 
     return upload_sets.model_dump_json(exclude_none=True), 200, {"Content-Type": "application/json"}
 
@@ -515,7 +688,7 @@ def mark_upload_set_completed_if_needed(cursor, upload_set_id: UUID) -> bool:
         """WITH nb_items AS (
             SELECT count(*) AS nb, upload_set_id
             FROM files f
-            WHERE upload_set_id = %(id)s 
+            WHERE upload_set_id = %(id)s
             GROUP BY upload_set_id
         )
         UPDATE upload_sets
@@ -633,7 +806,7 @@ def addFilesToUploadSet(upload_set_id: UUID, account=None):
                     file_type=params.file_type,
                 )
                 # Compute various metadata
-                accountId = accountIdOrDefault(account)
+                accountId = accountOrDefault(account).id
                 raw_pic = params.file.read()
                 filesize = len(raw_pic)
                 file["size"] = filesize
@@ -802,7 +975,7 @@ def completeUploadSet(upload_set_id: UUID, account=None):
                 raise errors.InvalidAPIUsage(_("UploadSet %(u)s does not exist", u=upload_set_id), status_code=404)
 
             # Account associated to uploadset doesn't match current user
-            if account is not None and account.id != str(upload_set["account_id"]):
+            if account is not None and not account.can_edit_upload_set(str(upload_set["account_id"])):
                 raise errors.InvalidAPIUsage(_("You're not authorized to complete this upload set"), status_code=403)
 
             cursor.execute("UPDATE upload_sets SET completed = True WHERE id = %(id)s", {"id": upload_set_id})
@@ -811,7 +984,7 @@ def completeUploadSet(upload_set_id: UUID, account=None):
     current_app.background_processor.process_pictures()  # type: ignore
 
     # query again the upload set, to get the updated status
-    upload_set = get_upload_set(upload_set_id)
+    upload_set = get_upload_set(upload_set_id, account_to_query=account.id if account else None)
     if upload_set is None:
         raise errors.InvalidAPIUsage(_("UploadSet doesn't exist"), status_code=404)
 
@@ -844,10 +1017,12 @@ def deleteUploadSet(upload_set_id: UUID, account=None):
             description: The UploadSet has been correctly deleted
     """
 
-    upload_set = get_upload_set(upload_set_id)
+    upload_set = get_upload_set(upload_set_id, account_to_query=account.id if account else None)
 
+    if not upload_set:
+        raise errors.InvalidAPIUsage(_("UploadSet %(u)s does not exist", u=upload_set_id), status_code=404)
     # Account associated to uploadset doesn't match current user
-    if account is not None and account.id != str(upload_set.account_id):
+    if account is not None and not account.can_edit_upload_set(str(upload_set.account_id)):
         raise errors.InvalidAPIUsage(_("You're not authorized to delete this upload set"), status_code=403)
 
     utils.upload_set.delete(upload_set)