diff --git a/backend/app/deps/authorization_deps.py b/backend/app/deps/authorization_deps.py index d0c0976e7..8005c6850 100644 --- a/backend/app/deps/authorization_deps.py +++ b/backend/app/deps/authorization_deps.py @@ -1,3 +1,7 @@ +from beanie import PydanticObjectId +from beanie.operators import Or +from fastapi import Depends, HTTPException + from app.keycloak_auth import get_current_username, get_read_only_user from app.models.authorization import AuthorizationDB, RoleType from app.models.datasets import DatasetDBViewList, DatasetStatus @@ -6,47 +10,45 @@ from app.models.groups import GroupDB from app.models.listeners import EventListenerDB from app.models.metadata import MetadataDB +from app.models.projects import ProjectDB from app.routers.authentication import get_admin, get_admin_mode -from beanie import PydanticObjectId -from beanie.operators import Or -from fastapi import Depends, HTTPException async def check_public_access( - resource_id: str, - resource_type: str, - role: RoleType, - current_user=Depends(get_current_username), + resource_id: str, + resource_type: str, + role: RoleType, + current_user=Depends(get_current_username), ) -> bool: has_public_access = False if role == RoleType.VIEWER: if resource_type == "dataset": if ( - dataset := await DatasetDBViewList.find_one( - DatasetDBViewList.id == PydanticObjectId(resource_id) - ) + dataset := await DatasetDBViewList.find_one( + DatasetDBViewList.id == PydanticObjectId(resource_id) + ) ) is not None: if ( - dataset.status == DatasetStatus.PUBLIC.name - or dataset.status == DatasetStatus.AUTHENTICATED.name + dataset.status == DatasetStatus.PUBLIC.name + or dataset.status == DatasetStatus.AUTHENTICATED.name ): has_public_access = True elif resource_type == "file": if (file := await FileDB.get(PydanticObjectId(resource_id))) is not None: if ( - file.status == FileStatus.PUBLIC.name - or file.status == FileStatus.AUTHENTICATED.name + file.status == FileStatus.PUBLIC.name + or file.status == FileStatus.AUTHENTICATED.name ): has_public_access = True return has_public_access async def get_role( - dataset_id: str, - current_user=Depends(get_current_username), - enable_admin: bool = False, - admin_mode: bool = Depends(get_admin_mode), - admin=Depends(get_admin), + dataset_id: str, + current_user=Depends(get_current_username), + enable_admin: bool = False, + admin_mode: bool = Depends(get_admin_mode), + admin=Depends(get_admin), ) -> RoleType: """Returns the role a specific user has on a dataset. If the user is a creator (owner), they are not listed in the user_ids list.""" @@ -69,11 +71,11 @@ async def get_role( async def get_role_by_file( - file_id: str, - current_user=Depends(get_current_username), - enable_admin: bool = False, - admin_mode: bool = Depends(get_admin_mode), - admin=Depends(get_admin), + file_id: str, + current_user=Depends(get_current_username), + enable_admin: bool = False, + admin_mode: bool = Depends(get_admin_mode), + admin=Depends(get_admin), ) -> RoleType: if admin and admin_mode: return RoleType.OWNER @@ -88,13 +90,13 @@ async def get_role_by_file( ) if authorization is None: if ( - dataset := await DatasetDBViewList.find_one( - DatasetDBViewList.id == PydanticObjectId(file.dataset_id) - ) + dataset := await DatasetDBViewList.find_one( + DatasetDBViewList.id == PydanticObjectId(file.dataset_id) + ) ) is not None: if ( - dataset.status == DatasetStatus.AUTHENTICATED.name - or dataset.status == DatasetStatus.PUBLIC.name + dataset.status == DatasetStatus.AUTHENTICATED.name + or dataset.status == DatasetStatus.PUBLIC.name ): return RoleType.VIEWER else: @@ -107,11 +109,11 @@ async def get_role_by_file( async def get_role_by_metadata( - metadata_id: str, - current_user=Depends(get_current_username), - enable_admin: bool = False, - admin_mode: bool = Depends(get_admin_mode), - admin=Depends(get_admin), + metadata_id: str, + current_user=Depends(get_current_username), + enable_admin: bool = False, + admin_mode: bool = Depends(get_admin_mode), + admin=Depends(get_admin), ) -> RoleType: if admin and admin_mode: return RoleType.OWNER @@ -131,9 +133,9 @@ async def get_role_by_metadata( return authorization.role elif resource_type == "datasets": if ( - dataset := await DatasetDBViewList.find_one( - DatasetDBViewList.id == PydanticObjectId(resource_id) - ) + dataset := await DatasetDBViewList.find_one( + DatasetDBViewList.id == PydanticObjectId(resource_id) + ) ) is not None: authorization = await AuthorizationDB.find_one( AuthorizationDB.dataset_id == dataset.id, @@ -146,11 +148,11 @@ async def get_role_by_metadata( async def get_role_by_group( - group_id: str, - current_user=Depends(get_current_username), - enable_admin: bool = False, - admin_mode: bool = Depends(get_admin_mode), - admin=Depends(get_admin), + group_id: str, + current_user=Depends(get_current_username), + enable_admin: bool = False, + admin_mode: bool = Depends(get_admin_mode), + admin=Depends(get_admin), ) -> RoleType: if admin and admin_mode: return RoleType.OWNER @@ -173,13 +175,13 @@ async def get_role_by_group( async def is_public_dataset( - dataset_id: str, + dataset_id: str, ) -> bool: """Checks if a dataset is public.""" if ( - dataset_out := await DatasetDBViewList.find_one( - DatasetDBViewList.id == PydanticObjectId(dataset_id) - ) + dataset_out := await DatasetDBViewList.find_one( + DatasetDBViewList.id == PydanticObjectId(dataset_id) + ) ) is not None: if dataset_out.status == DatasetStatus.PUBLIC: return True @@ -188,13 +190,13 @@ async def is_public_dataset( async def is_authenticated_dataset( - dataset_id: str, + dataset_id: str, ) -> bool: """Checks if a dataset is authenticated.""" if ( - dataset_out := await DatasetDBViewList.find_one( - DatasetDBViewList.id == PydanticObjectId(dataset_id) - ) + dataset_out := await DatasetDBViewList.find_one( + DatasetDBViewList.id == PydanticObjectId(dataset_id) + ) ) is not None: if dataset_out.status == DatasetStatus.AUTHENTICATED: return True @@ -210,13 +212,13 @@ def __init__(self, role: str): self.role = role async def __call__( - self, - dataset_id: str, - current_user: str = Depends(get_current_username), - enable_admin: bool = False, - admin_mode: bool = Depends(get_admin_mode), - admin: bool = Depends(get_admin), - readonly: bool = Depends(get_read_only_user), + self, + dataset_id: str, + current_user: str = Depends(get_current_username), + enable_admin: bool = False, + admin_mode: bool = Depends(get_admin_mode), + admin: bool = Depends(get_admin), + readonly: bool = Depends(get_read_only_user), ): # TODO: Make sure we enforce only one role per user per dataset, or find_one could yield wrong answer here. @@ -242,14 +244,14 @@ async def __call__( ) else: if ( - current_dataset := await DatasetDBViewList.find_one( - DatasetDBViewList.id == PydanticObjectId(dataset_id) - ) + current_dataset := await DatasetDBViewList.find_one( + DatasetDBViewList.id == PydanticObjectId(dataset_id) + ) ) is not None: if ( - current_dataset.status == DatasetStatus.AUTHENTICATED.name - or current_dataset.status == DatasetStatus.PUBLIC.name - and self.role == "viewer" + current_dataset.status == DatasetStatus.AUTHENTICATED.name + or current_dataset.status == DatasetStatus.PUBLIC.name + and self.role == "viewer" ): return True else: @@ -272,12 +274,12 @@ def __init__(self, role: str): self.role = role async def __call__( - self, - file_id: str, - current_user: str = Depends(get_current_username), - enable_admin: bool = False, - admin_mode: bool = Depends(get_admin_mode), - admin: bool = Depends(get_admin), + self, + file_id: str, + current_user: str = Depends(get_current_username), + enable_admin: bool = False, + admin_mode: bool = Depends(get_admin_mode), + admin: bool = Depends(get_admin), ): # If the current user is admin and has turned on admin_mode, user has access irrespective of any role assigned if admin and admin_mode: @@ -301,8 +303,8 @@ async def __call__( ) else: if ( - file.status == FileStatus.PUBLIC.name - or file.status == FileStatus.AUTHENTICATED.name + file.status == FileStatus.PUBLIC.name + or file.status == FileStatus.AUTHENTICATED.name ) and self.role == RoleType.VIEWER: return True else: @@ -319,12 +321,12 @@ def __init__(self, role: str): self.role = role async def __call__( - self, - metadata_id: str, - current_user: str = Depends(get_current_username), - enable_admin: bool = False, - admin_mode: bool = Depends(get_admin_mode), - admin: bool = Depends(get_admin), + self, + metadata_id: str, + current_user: str = Depends(get_current_username), + enable_admin: bool = False, + admin_mode: bool = Depends(get_admin_mode), + admin: bool = Depends(get_admin), ): # If the current user is admin and has turned on admin_mode, user has access irrespective of any role assigned if admin and admin_mode: @@ -336,7 +338,7 @@ async def __call__( resource_id = md_out.resource.resource_id if resource_type == "files": if ( - file := await FileDB.get(PydanticObjectId(resource_id)) + file := await FileDB.get(PydanticObjectId(resource_id)) ) is not None: authorization = await AuthorizationDB.find_one( AuthorizationDB.dataset_id == file.dataset_id, @@ -358,9 +360,9 @@ async def __call__( ) elif resource_type == "datasets": if ( - dataset := await DatasetDBViewList.find_one( - DatasetDBViewList.id == PydanticObjectId(resource_id) - ) + dataset := await DatasetDBViewList.find_one( + DatasetDBViewList.id == PydanticObjectId(resource_id) + ) ) is not None: authorization = await AuthorizationDB.find_one( AuthorizationDB.dataset_id == dataset.id, @@ -389,12 +391,12 @@ def __init__(self, role: str): self.role = role async def __call__( - self, - group_id: str, - current_user: str = Depends(get_current_username), - enable_admin: bool = False, - admin_mode: bool = Depends(get_admin_mode), - admin: bool = Depends(get_admin), + self, + group_id: str, + current_user: str = Depends(get_current_username), + enable_admin: bool = False, + admin_mode: bool = Depends(get_admin_mode), + admin: bool = Depends(get_admin), ): # If the current user is admin and has turned on admin_mode, user has access irrespective of any role assigned if admin and admin_mode: @@ -418,6 +420,43 @@ async def __call__( raise HTTPException(status_code=404, detail=f"Group {group_id} not found") +class ProjectAuthorization: + + def __init__(self, role: str): + self.role = role + + async def __call__( + self, + project_id: str, + current_user: str = Depends(get_current_username), + enable_admin: bool = False, + admin_mode: bool = Depends(get_admin_mode), + admin: bool = Depends(get_admin), + ): + # If the current user is admin and has turned on admin_mode, user has access irrespective of any role assigned + if admin and admin_mode: + return True + + # Else check role assigned to the user + if (project := await ProjectDB.get(project_id)) is not None: + if project.creator == current_user: + # Creator can do everything + return True + for gid in project.group_ids: + if (group := await GroupDB.get(gid)) is not None: + for u in group.users: + if u.user.email == current_user: + if group.project_id == project.id and u.editor and self.role == RoleType.EDITOR: + return True + elif self.role == RoleType.VIEWER: + return True + raise HTTPException( + status_code=403, + detail=f"User `{current_user} does not have `{self.role}` permission on project {project_id}", + ) + raise HTTPException(status_code=404, detail=f"Project {project_id} not found") + + class ListenerAuthorization: """We use class dependency so that we can provide the `permission` parameter to the dependency. For more info see https://fastapi.tiangolo.com/advanced/advanced-dependencies/. @@ -427,12 +466,12 @@ class ListenerAuthorization: # self.optional_arg = optional_arg async def __call__( - self, - listener_id: str, - current_user: str = Depends(get_current_username), - enable_admin: bool = False, - admin_mode: bool = Depends(get_admin_mode), - admin: bool = Depends(get_admin), + self, + listener_id: str, + current_user: str = Depends(get_current_username), + enable_admin: bool = False, + admin_mode: bool = Depends(get_admin_mode), + admin: bool = Depends(get_admin), ): # If the current user is admin and has turned on admin_mode, user has access irrespective of any role assigned if admin and admin_mode: @@ -440,10 +479,10 @@ async def __call__( # Else check if listener is active or current user is the creator of the extractor if ( - listener := await EventListenerDB.get(PydanticObjectId(listener_id)) + listener := await EventListenerDB.get(PydanticObjectId(listener_id)) ) is not None: if listener.active is True or ( - listener.creator and listener.creator.email == current_user + listener.creator and listener.creator.email == current_user ): return True else: @@ -463,12 +502,12 @@ class FeedAuthorization: # self.optional_arg = optional_arg async def __call__( - self, - feed_id: str, - current_user: str = Depends(get_current_username), - enable_admin: bool = False, - admin_mode: bool = Depends(get_admin_mode), - admin: bool = Depends(get_admin), + self, + feed_id: str, + current_user: str = Depends(get_current_username), + enable_admin: bool = False, + admin_mode: bool = Depends(get_admin_mode), + admin: bool = Depends(get_admin), ): # If the current user is admin and has turned on admin_mode, user has access irrespective of any role assigned if admin and admin_mode: @@ -494,13 +533,13 @@ def __init__(self, status: str): self.status = status async def __call__( - self, - dataset_id: str, + self, + dataset_id: str, ): if ( - dataset := await DatasetDBViewList.find_one( - DatasetDBViewList.id == PydanticObjectId(dataset_id) - ) + dataset := await DatasetDBViewList.find_one( + DatasetDBViewList.id == PydanticObjectId(dataset_id) + ) ) is not None: if dataset.status == self.status: return True @@ -518,15 +557,15 @@ def __init__(self, status: str): self.status = status async def __call__( - self, - file_id: str, + self, + file_id: str, ): if (file_out := await FileDB.get(PydanticObjectId(file_id))) is not None: dataset_id = file_out.dataset_id if ( - dataset := await DatasetDBViewList.find_one( - DatasetDBViewList.id == PydanticObjectId(dataset_id) - ) + dataset := await DatasetDBViewList.find_one( + DatasetDBViewList.id == PydanticObjectId(dataset_id) + ) ) is not None: if dataset.status == self.status: return True @@ -539,12 +578,12 @@ async def __call__( def access( - user_role: RoleType, - role_required: RoleType, - enable_admin: bool = False, - admin_mode: bool = Depends(get_admin_mode), - admin: bool = Depends(get_admin), - read_only_user: bool = Depends(get_read_only_user), + user_role: RoleType, + role_required: RoleType, + enable_admin: bool = False, + admin_mode: bool = Depends(get_admin_mode), + admin: bool = Depends(get_admin), + read_only_user: bool = Depends(get_read_only_user), ) -> bool: # check for read only user first if read_only_user and role_required == RoleType.VIEWER: @@ -553,24 +592,24 @@ def access( if user_role == RoleType.OWNER or (admin and admin_mode): return True elif ( - user_role == RoleType.EDITOR - and role_required - in [ - RoleType.EDITOR, - RoleType.UPLOADER, - RoleType.VIEWER, - ] - and not read_only_user + user_role == RoleType.EDITOR + and role_required + in [ + RoleType.EDITOR, + RoleType.UPLOADER, + RoleType.VIEWER, + ] + and not read_only_user ): return True elif ( - user_role == RoleType.UPLOADER - and role_required - in [ - RoleType.UPLOADER, - RoleType.VIEWER, - ] - and not read_only_user + user_role == RoleType.UPLOADER + and role_required + in [ + RoleType.UPLOADER, + RoleType.VIEWER, + ] + and not read_only_user ): return True elif user_role == RoleType.VIEWER and role_required == RoleType.VIEWER: diff --git a/backend/app/main.py b/backend/app/main.py index 84f54d38b..37ca62fb6 100644 --- a/backend/app/main.py +++ b/backend/app/main.py @@ -1,6 +1,12 @@ import logging import uvicorn +from beanie import init_beanie +from fastapi import APIRouter, Depends, FastAPI +from fastapi.middleware.cors import CORSMiddleware +from motor.motor_asyncio import AsyncIOMotorClient +from pydantic import BaseConfig + from app.config import settings from app.keycloak_auth import get_current_username from app.models.authorization import AuthorizationDB @@ -26,6 +32,7 @@ MetadataDefinitionDB, MetadataFreezeDB, ) +from app.models.projects import ProjectDB from app.models.thumbnails import ThumbnailDB, ThumbnailDBViewList, ThumbnailFreezeDB from app.models.tokens import TokenDB from app.models.users import ListenerAPIKeyDB, UserAPIKeyDB, UserDB @@ -48,6 +55,7 @@ files, folders, groups, + projects, jobs, keycloak, licenses, @@ -67,16 +75,10 @@ users, visualization, ) - # setup loggers # logging.config.fileConfig('logging.conf', disable_existing_loggers=False) from app.search.config import indexSettings from app.search.connect import connect_elasticsearch, create_index -from beanie import init_beanie -from fastapi import APIRouter, Depends, FastAPI -from fastapi.middleware.cors import CORSMiddleware -from motor.motor_asyncio import AsyncIOMotorClient -from pydantic import BaseConfig logger = logging.getLogger(__name__) @@ -84,8 +86,8 @@ title=settings.APP_NAME, openapi_url=f"{settings.API_V2_STR}/openapi.json", description="A cloud native data management framework to support any research domain. Clowder was " - "developed to help researchers and scientists in data intensive domains manage raw data, complex " - "metadata, and automatic data pipelines. ", + "developed to help researchers and scientists in data intensive domains manage raw data, complex " + "metadata, and automatic data pipelines. ", version="2.0.0-beta.2", contact={"name": "Clowder", "url": "https://clowderframework.org/"}, license_info={ @@ -228,6 +230,11 @@ tags=["groups"], dependencies=[Depends(get_current_username)], ) +api_router.include_router( + projects.router, + prefix="/projects", + tags=["projects"], +) api_router.include_router( visualization.router, prefix="/visualizations", @@ -303,6 +310,7 @@ async def startup_beanie(): UserAPIKeyDB, ListenerAPIKeyDB, GroupDB, + ProjectDB, TokenDB, ErrorDB, VisualizationConfigDB, diff --git a/backend/app/models/groups.py b/backend/app/models/groups.py index ed71f38a3..1730a73ed 100644 --- a/backend/app/models/groups.py +++ b/backend/app/models/groups.py @@ -1,9 +1,11 @@ +from enum import Enum from typing import List, Optional +from beanie import Document, PydanticObjectId +from pydantic import BaseModel + from app.models.authorization import Provenance from app.models.users import UserOut -from beanie import Document -from pydantic import BaseModel class Member(BaseModel): @@ -11,10 +13,21 @@ class Member(BaseModel): editor: bool = False +class GroupType(str, Enum): + """Certain group types will be hidden from common lists. For example, 'project' type groups are associated with + specific projects and used to track their membership; those groups are managed using the project interface, not + the groups interface.""" + + STANDARD = "standard" + PROJECT = "project" + + class GroupBase(BaseModel): name: str description: Optional[str] users: List[Member] = [] + type: GroupType = GroupType.STANDARD + project_id: Optional[PydanticObjectId] = None class GroupIn(GroupBase): diff --git a/backend/app/models/projects.py b/backend/app/models/projects.py new file mode 100644 index 000000000..8457b3967 --- /dev/null +++ b/backend/app/models/projects.py @@ -0,0 +1,46 @@ +from datetime import datetime +from typing import List, Optional + +from beanie import Document, PydanticObjectId +from pydantic import BaseModel, Field + +from app.models.groups import GroupOut +from app.models.users import UserOut + + +class ProjectMember(BaseModel): + group: GroupOut + editor: bool = False + + +class ProjectBase(BaseModel): + """Projects handle their membership and permissions with a group that is created with the project. + Members who are added to the project are added to this group. Other groups can also be added to the + project, but this one is a special one tied to the project - it cannot be deleted unless the project + is deleted (which deletes the associated group). + + """ + name: str + description: Optional[str] = None + # Individual users are added to one of the project's hidden groups (viewers or editors) + viewers_group_id: Optional[PydanticObjectId] = None + editors_group_id: Optional[PydanticObjectId] = None + groups: List[ProjectMember] = [] + dataset_ids: List[PydanticObjectId] = [] + + +class ProjectDB(Document, ProjectBase): + creator: UserOut + created: datetime = Field(default_factory=datetime.utcnow) + + class Settings: + name = "projects" + + +class ProjectIn(ProjectBase): + pass + + +class ProjectOut(ProjectDB): + class Config: + fields = {"id": "id"} diff --git a/backend/app/routers/projects.py b/backend/app/routers/projects.py new file mode 100644 index 000000000..5403bd7ab --- /dev/null +++ b/backend/app/routers/projects.py @@ -0,0 +1,256 @@ +import os +from typing import Optional + +from beanie import PydanticObjectId +from beanie.operators import Or +from fastapi import APIRouter, Depends, HTTPException +from fastapi.security import HTTPBearer + +from app.deps.authorization_deps import Authorization, ProjectAuthorization +from app.keycloak_auth import get_current_user, get_user +from app.models.datasets import DatasetDB +from app.models.groups import GroupDB, Member, GroupType +from app.models.pages import Paged, _construct_page_metadata, _get_page_query +from app.models.projects import ProjectDB, ProjectIn, ProjectOut +from app.models.users import UserDB, UserOut + +router = APIRouter() +security = HTTPBearer() + +clowder_bucket = os.getenv("MINIO_BUCKET_NAME", "clowder") + + +@router.post("", response_model=ProjectOut) +async def save_project( + project_in: ProjectIn, + user=Depends(get_current_user), +): + project = ProjectDB(**project_in.dict(), creator=user) + await project.insert() + + # Automatically create viewer and editor groups to go with this project + viewer_group = GroupDB(**{ + "name": project.name + " (Viewers)", + "description": f"Automatically created for viewers of {project.name} project.", + "users": [], + "project_id": project.id, + "type": GroupType.PROJECT + }, creator=user.email) + await viewer_group.insert() + + editor_group = GroupDB(**{ + "name": project.name + " (Editors)", + "description": f"Automatically created for editors of {project.name} project.", + "users": [ + {"user": user, "editor": True} + ], + "project_id": str(project.id), + "type": GroupType.PROJECT + }, creator=user.email) + await editor_group.insert() + + project.viewers_group_id = viewer_group.id + project.editors_group_id = editor_group.id + await project.save() + + return project.dict() + + +@router.post("/{project_id}/add_dataset/{dataset_id}", response_model=ProjectOut) +async def add_dataset( + project_id: str, + dataset_id: str, + allow_proj: bool = Depends(ProjectAuthorization("editor")), + allow_ds: bool = Depends(Authorization("viewer")), +): + if (project := await ProjectDB.get(PydanticObjectId(project_id))) is not None: + if (dataset := await DatasetDB.get(PydanticObjectId(dataset_id))) is not None: + if dataset_id not in project.dataset_ids: + project.dataset_ids.append(PydanticObjectId(dataset_id)) + await project.replace() + return project.dict() + raise HTTPException(status_code=404, detail=f"Dataset {dataset_id} not found") + raise HTTPException(status_code=404, detail=f"Project {project_id} not found") + + +@router.post("/{project_id}/remove_dataset/{dataset_id}", response_model=ProjectOut) +async def remove_dataset( + project_id: str, + dataset_id: str, +): + if ( + project := await ProjectDB.find_one( + Or( + ProjectDB.id == PydanticObjectId(project_id), + ) + ) + ) is not None: + if ( + dataset := await DatasetDB.find_one( + Or( + DatasetDB.id == PydanticObjectId(dataset_id), + ) + ) + ) is not None: + if dataset_id in project.dataset_ids: + project.dataset_ids.remove(PydanticObjectId(dataset_id)) + await project.replace() + return project.dict() + else: + return project.dict() + raise HTTPException(status_code=404, detail=f"Dataset {dataset_id} not found") + raise HTTPException(status_code=404, detail=f"Project {project_id} not found") + + +@router.get("", response_model=Paged) +async def get_projects( + user_id=Depends(get_user), + skip: int = 0, + limit: int = 10, + mine: bool = False, + enable_admin: bool = False, +): + # TODO check if the current user is a member OR creator + projects_and_count = await ProjectDB.aggregate( + [_get_page_query(skip, limit, sort_field="email", ascending=True)], + ).to_list() + + page_metadata = _construct_page_metadata(projects_and_count, skip, limit) + # TODO have to change _id this way otherwise it won't work + # TODO need to research if there is other pydantic trick to make it work + + page = Paged( + metadata=page_metadata, + data=[ + ProjectOut(id=item.pop("_id"), **item) + for item in projects_and_count[0]["data"] + ], + ) + + return page.dict() + + +@router.get("/{project_id}", response_model=ProjectOut) +async def get_project( + project_id: str, +): + if ( + project := await ProjectDB.find_one( + Or( + ProjectDB.id == PydanticObjectId(project_id), + ) + ) + ) is not None: + return project.dict() + raise HTTPException(status_code=404, detail=f"Project {project_id} not found") + + +@router.delete("/{project_id}", response_model=ProjectOut) +async def delete_project( + project_id: str, +): + if (project := await ProjectDB.get(PydanticObjectId(project_id))) is not None: + await project.delete() + return project.dict() # TODO: Do we need to return what we just deleted? + else: + raise HTTPException(status_code=404, detail=f"Project {project_id} not found") + + +@router.post("/{project_id}/add_member/{username}", response_model=ProjectOut) +async def add_member( + project_id: str, + username: str, + role: Optional[str] = "viewer", + allow: bool = Depends(ProjectAuthorization("editor")), +): + """Add a new user to the project individually - this is routed to one of the project's hidden groups.""" + if (user := await UserDB.find_one(UserDB.email == username)) is not None: + # Add to viewers group if role is none, otherwise add to appropriate group + new_member = Member(user=UserOut(**user.dict()), editor=(role == "editor")) + if (project := await ProjectDB.get(PydanticObjectId(project_id))) is not None: + viewers_group = await GroupDB.get(PydanticObjectId(project.viewers_group_id)) + editors_group = await GroupDB.get(PydanticObjectId(project.editors_group_id)) + + if role == "viewer": + found_in_viewers = False + for u in viewers_group.users: + if u.user.email == username: + found_in_viewers = True + break + if not found_in_viewers: + viewers_group.users.append(new_member) + await viewers_group.save() + + found_in_editors = False + clean_users = [] + for u in editors_group.users: + if u.user.email == username: + found_in_editors = True + else: + clean_users.append(u) + if found_in_editors: + editors_group.users = clean_users + await editors_group.save() + + elif role == "editor": + found_in_editors = False + for u in editors_group.users: + if u.user.email == username: + found_in_editors = True + break + if not found_in_editors: + editors_group.users.append(new_member) + await editors_group.save() + + found_in_viewers = False + clean_users = [] + for u in viewers_group.users: + if u.user.email == username: + found_in_viewers = True + else: + clean_users.append(u) + if found_in_viewers: + viewers_group.users = clean_users + await viewers_group.save() + + return project.dict() + raise HTTPException(status_code=404, detail=f"Project {project_id} not found") + raise HTTPException(status_code=404, detail=f"User {username} not found") + + +@router.post("/{project_id}/remove_member/{username}", response_model=ProjectOut) +async def remove_member( + project_id: str, + username: str, + allow: bool = Depends(ProjectAuthorization("editor")), +): + """Remove a user from a group.""" + + if (project := await ProjectDB.get(PydanticObjectId(project_id))) is not None: + viewers_group = await GroupDB.get(PydanticObjectId(project.viewers_group_id)) + editors_group = await GroupDB.get(PydanticObjectId(project.editors_group_id)) + + found_in_editors = False + clean_users = [] + for u in editors_group.users: + if u.user.email == username: + found_in_editors = True + else: + clean_users.append(u) + if found_in_editors: + editors_group.users = clean_users + await editors_group.save() + + found_in_viewers = False + clean_users = [] + for u in viewers_group.users: + if u.user.email == username: + found_in_viewers = True + else: + clean_users.append(u) + if found_in_viewers: + viewers_group.users = clean_users + await viewers_group.save() + + return project.dict() + raise HTTPException(status_code=404, detail=f"Project {project_id} not found") diff --git a/backend/app/tests/test_projects.py b/backend/app/tests/test_projects.py new file mode 100644 index 000000000..bf76ec7d7 --- /dev/null +++ b/backend/app/tests/test_projects.py @@ -0,0 +1,66 @@ +from fastapi.testclient import TestClient + +from app.config import settings +from app.tests.utils import ( + create_dataset, + create_project, + create_user, + user_alt, +) + +member_alt = {"user": user_alt, "editor": False} + + +def test_create_project(client: TestClient, headers: dict): + create_project(client, headers) + + +def test_get_project(client: TestClient, headers: dict): + project_id = create_project(client, headers).get("id") + response = client.get( + f"{settings.API_V2_STR}/projects/{project_id}", headers=headers + ) + assert response.status_code == 200 + assert response.json().get("id") is not None + + +def test_delete_project(client: TestClient, headers: dict): + project_id = create_project(client, headers).get("id") + response = client.delete( + f"{settings.API_V2_STR}/projects/{project_id}", headers=headers + ) + assert response.status_code == 200 + + +def test_add_member(client: TestClient, headers: dict): + new_project = create_project(client, headers) + project_id = new_project.get("id") + + create_user(client, headers) + new_project["users"].append(member_alt) + + response = client.post( + f"{settings.API_V2_STR}/projects/{project_id}/add_member/{member_alt['user']['email']}", + headers=headers, + ) + + assert response.status_code == 200 + assert response.json().get("id") is not None + for user in response.json().get("users"): + assert user.get("user").get("email") == member_alt["user"]["email"] + + +def test_add_dataset(client: TestClient, headers: dict): + new_project = create_project(client, headers) + project_id = new_project.get("id") + + dataset_id = create_dataset(client, headers).get("id") + + response = client.post( + f"{settings.API_V2_STR}/projects/{project_id}/add_dataset/{dataset_id}", + headers=headers, + ) + + assert response.status_code == 200 + assert response.json().get("id") is not None + assert dataset_id in response.json().get("dataset_ids") diff --git a/backend/app/tests/utils.py b/backend/app/tests/utils.py index 395d2a676..ab32ecc2c 100644 --- a/backend/app/tests/utils.py +++ b/backend/app/tests/utils.py @@ -1,12 +1,13 @@ import os import struct -from app.config import settings -from app.keycloak_auth import delete_user from elasticsearch import Elasticsearch from fastapi.testclient import TestClient from pymongo import MongoClient +from app.config import settings +from app.keycloak_auth import delete_user + """These are standard JSON entries to be used for creating test resources.""" user_example = { "email": "test@test.org", @@ -32,6 +33,12 @@ "description": "a dataset is a container of files and metadata", } +project_example = { + "name": "test_project", + "description": "This project is a test", + "creator": user_example, +} + license_example = { "name": "test license", "description": "test description", @@ -99,7 +106,7 @@ def create_user(client: TestClient, headers: dict, email: str = user_alt["email" u["email"] = email response = client.post(f"{settings.API_V2_STR}/users", json=u) assert ( - response.status_code == 200 or response.status_code == 409 + response.status_code == 200 or response.status_code == 409 ) # 409 = user already exists return response.json() @@ -176,12 +183,24 @@ def create_dataset_with_custom_license(client: TestClient, headers: dict): return response.json() +def create_project(client: TestClient, headers: dict): + """Creates a test dataset and returns the JSON.""" + response = client.post( + f"{settings.API_V2_STR}/projects", + headers=headers, + json=project_example, + ) + assert response.status_code == 200 + assert response.json().get("id") is not None + return response.json() + + def upload_file( - client: TestClient, - headers: dict, - dataset_id: str, - filename=filename_example_1, - content=file_content_example_1, + client: TestClient, + headers: dict, + dataset_id: str, + filename=filename_example_1, + content=file_content_example_1, ): """Uploads a dummy file (optionally with custom name/content) to a dataset and returns the JSON.""" with open(filename, "w") as tempf: @@ -199,11 +218,11 @@ def upload_file( def upload_files( - client: TestClient, - headers: dict, - dataset_id: str, - filenames=[filename_example_1, filename_example_2], - file_contents=[file_content_example_1, file_content_example_2], + client: TestClient, + headers: dict, + dataset_id: str, + filenames=[filename_example_1, filename_example_2], + file_contents=[file_content_example_1, file_content_example_2], ): """Uploads a dummy file (optionally with custom name/content) to a dataset and returns the JSON.""" upload_files = [] @@ -229,11 +248,11 @@ def upload_files( def create_folder( - client: TestClient, - headers: dict, - dataset_id: str, - name="test folder", - parent_folder=None, + client: TestClient, + headers: dict, + dataset_id: str, + name="test folder", + parent_folder=None, ): """Creates a folder (optionally under an existing folder) in a dataset and returns the JSON.""" folder_data = {"name": name} diff --git a/frontend/src/actions/project.js b/frontend/src/actions/project.js new file mode 100644 index 000000000..ca0c507cf --- /dev/null +++ b/frontend/src/actions/project.js @@ -0,0 +1,79 @@ +import {V2} from "../openapi"; +import {handleErrors} from "./common"; + +export const RECEIVE_PROJECTS = "RECEIVE_PROJECTS"; + +export function fetchProjects(skip = 0, limit = 12) { + return (dispatch) => { + return V2.ProjectsService.getProjectsApiV2ProjectsGet(skip, limit) + .then((json) => { + dispatch({ + type: RECEIVE_PROJECTS, + projects: json, + receivedAt: Date.now(), + }); + }) + .catch((reason) => { + dispatch( + handleErrors( + reason, + fetchProjects(skip, limit) + ) + ); + }); + }; +} + +export const RECEIVE_PROJECT = "RECEIVE_PROJECT"; + +export function fetchProject(id) { + return (dispatch) => { + return V2.ProjectsService.getProjectApiV2ProjectsProjectIdGet(id) + .then((json) => { + dispatch({ + type: RECEIVE_PROJECT, + project: json, + receivedAt: Date.now(), + }); + }) + .catch((reason) => { + dispatch(handleErrors(reason, fetchProject(id))); + }); + }; +} + +export const CREATE_PROJECT = "CREATE_PROJECT"; + +export function projectCreated(formData) { + return (dispatch) => { + return V2.ProjectsService.saveProjectApiV2ProjectsPost( + formData + ) + .then((project) => { + dispatch({ + type: CREATE_PROJECT, + project: project, + receivedAt: Date.now(), + }); + }) + .catch((reason) => { + dispatch( + handleErrors( + reason, + projectCreated(formData) + ) + ); + }); + }; +} + +export const RESET_CREATE_PROJECT = "RESET_CREATE_PROJECT"; + +export function resetProjectCreated() { + return (dispatch) => { + dispatch({ + type: RESET_CREATE_PROJECT, + receivedAt: Date.now(), + }); + }; +} diff --git a/frontend/src/app.config.ts b/frontend/src/app.config.ts index 7c325852c..3d690e55a 100644 --- a/frontend/src/app.config.ts +++ b/frontend/src/app.config.ts @@ -1,5 +1,5 @@ -import { V2 } from "./openapi"; -import { EventListenerJobStatus } from "./types/data"; +import {V2} from "./openapi"; +import {EventListenerJobStatus} from "./types/data"; interface Config { appVersion: string; @@ -26,6 +26,7 @@ interface Config { defaultFolderFilePerPage: number; defaultDatasetPerPage: number; defaultGroupPerPage: number; + defaultProjectPerPage: number; defaultUserPerPage: number; defaultApikeyPerPage: number; defaultExtractors: number; @@ -89,10 +90,11 @@ config["eventListenerJobStatus"]["resubmitted"] = "RESUBMITTED"; config["streamingBytes"] = 1024 * 10; // 10 MB? config["rawDataVisualizationThreshold"] = 1024 * 1024 * 10; // 10 MB - +config["defaultProjectPerPage"] = 12; config["defaultDatasetPerPage"] = 12; config["defaultFolderFilePerPage"] = 5; config["defaultGroupPerPage"] = 5; + config["defaultUserPerPage"] = 5; config["defaultApikeyPerPage"] = 5; config["defaultExtractors"] = 5; diff --git a/frontend/src/components/Explore.tsx b/frontend/src/components/Explore.tsx index fea232ac9..e67144c90 100644 --- a/frontend/src/components/Explore.tsx +++ b/frontend/src/components/Explore.tsx @@ -1,16 +1,16 @@ -import React, { ChangeEvent, useEffect, useState } from "react"; -import { Box, Button, Grid, Pagination, Tab, Tabs } from "@mui/material"; +import React, {ChangeEvent, useEffect, useState} from "react"; +import {Box, Button, Grid, Pagination, Tab, Tabs} from "@mui/material"; -import { RootState } from "../types/data"; -import { useDispatch, useSelector } from "react-redux"; -import { fetchDatasets } from "../actions/dataset"; +import {RootState} from "../types/data"; +import {useDispatch, useSelector} from "react-redux"; +import {fetchDatasets} from "../actions/dataset"; -import { a11yProps, TabPanel } from "./tabs/TabComponent"; +import {a11yProps, TabPanel} from "./tabs/TabComponent"; import DatasetCard from "./datasets/DatasetCard"; import Layout from "./Layout"; -import { Link as RouterLink } from "react-router-dom"; -import { ErrorModal } from "./errors/ErrorModal"; -import { DatasetOut } from "../openapi/v2"; +import {Link as RouterLink} from "react-router-dom"; +import {ErrorModal} from "./errors/ErrorModal"; +import {DatasetOut} from "../openapi/v2"; import config from "../app.config"; const tab = { @@ -83,10 +83,10 @@ export const Explore = (): JSX.Element => { return ( {/*Error Message dialogue*/} - + - + { thumbnailId={dataset.thumbnail_id} frozen={dataset.frozen} frozenVersionNum={dataset.frozen_version_num} + download={true} /> ); @@ -129,7 +130,7 @@ export const Explore = (): JSX.Element => { component={RouterLink} to="/create-dataset" variant="contained" - sx={{ m: 2 }} + sx={{m: 2}} > Create Dataset @@ -140,7 +141,7 @@ export const Explore = (): JSX.Element => { )} {datasets.length !== 0 ? ( - + { created={dataset.created} description={dataset.description} thumbnailId={dataset.thumbnail_id} + download={true} /> ); @@ -184,7 +186,7 @@ export const Explore = (): JSX.Element => { component={RouterLink} to="/create-dataset" variant="contained" - sx={{ m: 2 }} + sx={{m: 2}} > Create Dataset @@ -195,7 +197,7 @@ export const Explore = (): JSX.Element => { )} {datasets.length !== 0 ? ( - + { <> )} - - - + + + diff --git a/frontend/src/components/Layout.tsx b/frontend/src/components/Layout.tsx index a96716a61..7d9e6a1fb 100644 --- a/frontend/src/components/Layout.tsx +++ b/frontend/src/components/Layout.tsx @@ -1,9 +1,9 @@ import * as React from "react"; -import { useEffect } from "react"; -import { styled, useTheme } from "@mui/material/styles"; +import {useEffect} from "react"; +import {styled, useTheme} from "@mui/material/styles"; import Box from "@mui/material/Box"; import Drawer from "@mui/material/Drawer"; -import MuiAppBar, { AppBarProps as MuiAppBarProps } from "@mui/material/AppBar"; +import MuiAppBar, {AppBarProps as MuiAppBarProps} from "@mui/material/AppBar"; import Toolbar from "@mui/material/Toolbar"; import List from "@mui/material/List"; import IconButton from "@mui/material/IconButton"; @@ -15,39 +15,39 @@ import ListItem from "@mui/material/ListItem"; import ListItemButton from "@mui/material/ListItemButton"; import ListItemIcon from "@mui/material/ListItemIcon"; import ListItemText from "@mui/material/ListItemText"; -import { Badge, Link, Menu, MenuItem, MenuList } from "@mui/material"; -import { Link as RouterLink, useLocation } from "react-router-dom"; -import { useDispatch, useSelector } from "react-redux"; -import { RootState } from "../types/data"; -import { AddBox, Explore } from "@material-ui/icons"; +import {Badge, Link, Menu, MenuItem, MenuList} from "@mui/material"; +import {Link as RouterLink, useLocation} from "react-router-dom"; +import {useDispatch, useSelector} from "react-redux"; +import {RootState} from "../types/data"; +import {AddBox, Explore} from "@material-ui/icons"; import HistoryIcon from "@mui/icons-material/History"; import GroupIcon from "@mui/icons-material/Group"; import MenuBookIcon from "@mui/icons-material/MenuBook"; import Gravatar from "react-gravatar"; import PersonIcon from "@mui/icons-material/Person"; import InfoOutlinedIcon from "@mui/icons-material/InfoOutlined"; -import { getCurrEmail } from "../utils/common"; +import {getCurrEmail} from "../utils/common"; import VpnKeyIcon from "@mui/icons-material/VpnKey"; import LogoutIcon from "@mui/icons-material/Logout"; -import { EmbeddedSearch } from "./search/EmbeddedSearch"; +import {EmbeddedSearch} from "./search/EmbeddedSearch"; import { fetchUserProfile, getAdminModeStatus as getAdminModeStatusAction, toggleAdminMode as toggleAdminModeAction, } from "../actions/user"; -import { AdminPanelSettings, SavedSearch } from "@mui/icons-material"; +import {AdminPanelSettings, Collections, SavedSearch} from "@mui/icons-material"; import ManageAccountsIcon from "@mui/icons-material/ManageAccounts"; import AdminPanelSettingsIcon from "@mui/icons-material/AdminPanelSettings"; -import { Footer } from "./navigation/Footer"; +import {Footer} from "./navigation/Footer"; import BuildIcon from "@mui/icons-material/Build"; import config from "../app.config"; const drawerWidth = 240; -const Main = styled("main", { shouldForwardProp: (prop) => prop !== "open" })<{ +const Main = styled("main", {shouldForwardProp: (prop) => prop !== "open"})<{ open?: boolean; -}>(({ theme, open }) => ({ +}>(({theme, open}) => ({ flexGrow: 1, padding: theme.spacing(3), transition: theme.transitions.create("margin", { @@ -64,7 +64,7 @@ const Main = styled("main", { shouldForwardProp: (prop) => prop !== "open" })<{ }), })); -const SearchDiv = styled("div")(({ theme }) => ({ +const SearchDiv = styled("div")(({theme}) => ({ position: "relative", marginLeft: theme.spacing(3), marginBottom: "-5px", // to compoensate the tags div @@ -77,7 +77,7 @@ interface AppBarProps extends MuiAppBarProps { const AppBar = styled(MuiAppBar, { shouldForwardProp: (prop) => prop !== "open", -})(({ theme, open }) => ({ +})(({theme, open}) => ({ transition: theme.transitions.create(["margin", "width"], { easing: theme.transitions.easing.sharp, duration: theme.transitions.duration.leavingScreen, @@ -92,7 +92,7 @@ const AppBar = styled(MuiAppBar, { }), })); -const DrawerHeader = styled("div")(({ theme }) => ({ +const DrawerHeader = styled("div")(({theme}) => ({ display: "flex", alignItems: "center", padding: theme.spacing(0, 1), @@ -110,7 +110,7 @@ const link = { export default function PersistentDrawerLeft(props) { const dispatch = useDispatch(); - const { children } = props; + const {children} = props; const theme = useTheme(); const [open, setOpen] = React.useState(false); const [embeddedSearchHidden, setEmbeddedSearchHidden] = React.useState(false); @@ -173,26 +173,26 @@ export default function PersistentDrawerLeft(props) { aria-label="open drawer" onClick={handleDrawerOpen} edge="start" - sx={{ mr: 2, ...(open && { display: "none" }) }} + sx={{mr: 2, ...(open && {display: "none"})}} > - + {/*for searching*/} - - + + {loggedOut ? ( <> @@ -214,11 +214,11 @@ export default function PersistentDrawerLeft(props) { {getCurrEmail() !== undefined ? ( ) : ( <> @@ -239,18 +239,18 @@ export default function PersistentDrawerLeft(props) { ) : ( ) : ( <> ) } > - + )} @@ -262,16 +262,16 @@ export default function PersistentDrawerLeft(props) { - + User Profile @@ -281,14 +281,14 @@ export default function PersistentDrawerLeft(props) { {adminMode ? ( <> - + Drop Admin Mode ) : ( <> - + Enable Admin Mode @@ -301,13 +301,13 @@ export default function PersistentDrawerLeft(props) { - + API Key - + Log Out @@ -330,9 +330,9 @@ export default function PersistentDrawerLeft(props) { {theme.direction === "ltr" ? ( - + ) : ( - + )} @@ -340,9 +340,19 @@ export default function PersistentDrawerLeft(props) { - + - + + + + + + + + + + + @@ -350,9 +360,9 @@ export default function PersistentDrawerLeft(props) { - + - + @@ -361,9 +371,9 @@ export default function PersistentDrawerLeft(props) { - + - + @@ -374,9 +384,9 @@ export default function PersistentDrawerLeft(props) { - + - + @@ -388,9 +398,9 @@ export default function PersistentDrawerLeft(props) { - + - + @@ -399,9 +409,9 @@ export default function PersistentDrawerLeft(props) { - + - + @@ -409,9 +419,9 @@ export default function PersistentDrawerLeft(props) { - + - + @@ -419,9 +429,9 @@ export default function PersistentDrawerLeft(props) { - + - + @@ -435,9 +445,9 @@ export default function PersistentDrawerLeft(props) { rel="noopener noreferrer" > - + - + @@ -445,15 +455,15 @@ export default function PersistentDrawerLeft(props) { - + - +
- + {children}
-