From eb96d45a602ef532405d50a978e3d9174120ad51 Mon Sep 17 00:00:00 2001 From: Pedro Crespo-Valero <32402063+pcrespov@users.noreply.github.com> Date: Tue, 1 Oct 2024 11:00:44 +0200 Subject: [PATCH 01/16] tags repo uses new helpers --- .../simcore_postgres_database/utils_tags.py | 176 ++++++++++++------ .../tests/test_utils_tags.py | 175 ++++++++++++----- 2 files changed, 242 insertions(+), 109 deletions(-) diff --git a/packages/postgres-database/src/simcore_postgres_database/utils_tags.py b/packages/postgres-database/src/simcore_postgres_database/utils_tags.py index 0a8b3e4ac28..655cfa28684 100644 --- a/packages/postgres-database/src/simcore_postgres_database/utils_tags.py +++ b/packages/postgres-database/src/simcore_postgres_database/utils_tags.py @@ -1,12 +1,11 @@ """ Repository pattern, errors and data structures for models.tags """ -import itertools -from dataclasses import dataclass from typing import TypedDict -from aiopg.sa.connection import SAConnection +from sqlalchemy.ext.asyncio import AsyncConnection, AsyncEngine +from .base_repo import pass_or_acquire_connection, transaction_context from .utils_tags_sql import ( count_users_with_access_rights_stmt, create_tag_stmt, @@ -49,15 +48,16 @@ class TagDict(TypedDict, total=True): delete: bool -@dataclass(frozen=True) class TagsRepo: - user_id: int # Determines access-rights + def __init__(self, engine: AsyncEngine): + self.engine = engine async def access_count( self, - conn: SAConnection, - tag_id: int, + connection: AsyncConnection | None = None, *, + user_id: int, + tag_id: int, read: bool | None = None, write: bool | None = None, delete: bool | None = None, @@ -66,11 +66,12 @@ async def access_count( Returns 0 if tag does not match access Returns >0 if it does and represents the number of groups granting this access to the user """ - count_stmt = count_users_with_access_rights_stmt( - user_id=self.user_id, tag_id=tag_id, read=read, write=write, delete=delete - ) - permissions_count: int | None = await conn.scalar(count_stmt) - return permissions_count if permissions_count else 0 + async with pass_or_acquire_connection(self.engine, connection) as conn: + count_stmt = count_users_with_access_rights_stmt( + user_id=user_id, tag_id=tag_id, read=read, write=write, delete=delete + ) + permissions_count: int | None = await conn.scalar(count_stmt) + return permissions_count if permissions_count else 0 # # CRUD operations @@ -78,8 +79,9 @@ async def access_count( async def create( self, - conn: SAConnection, + connection: AsyncConnection | None = None, *, + user_id: int, name: str, color: str, description: str | None = None, # =nullable @@ -94,69 +96,127 @@ async def create( if description: values["description"] = description - async with conn.begin(): + async with transaction_context(self.engine, connection) as conn: # insert new tag insert_stmt = create_tag_stmt(**values) result = await conn.execute(insert_stmt) - tag = await result.first() + tag = result.first() assert tag # nosec # take tag ownership access_stmt = set_tag_access_rights_stmt( tag_id=tag.id, - user_id=self.user_id, + user_id=user_id, read=read, write=write, delete=delete, ) result = await conn.execute(access_stmt) - access = await result.first() - assert access - - return TagDict(itertools.chain(tag.items(), access.items())) # type: ignore - - async def list_all(self, conn: SAConnection) -> list[TagDict]: - stmt_list = list_tags_stmt(user_id=self.user_id) - return [TagDict(row.items()) async for row in conn.execute(stmt_list)] # type: ignore + access = result.first() + assert access # nosec + + return TagDict( + id=tag.id, + name=tag.name, + description=tag.description, + color=tag.color, + read=access.read, + write=access.write, + delete=access.delete, + ) - async def get(self, conn: SAConnection, tag_id: int) -> TagDict: - stmt_get = get_tag_stmt(user_id=self.user_id, tag_id=tag_id) - result = await conn.execute(stmt_get) - row = await result.first() - if not row: - msg = f"{tag_id=} not found: either no access or does not exists" - raise TagNotFoundError(msg) - return TagDict(row.items()) # type: ignore + async def list_all( + self, + connection: AsyncConnection | None = None, + *, + user_id: int, + ) -> list[TagDict]: + async with pass_or_acquire_connection(self.engine, connection) as conn: + stmt_list = list_tags_stmt(user_id=user_id) + result = await conn.stream(stmt_list) + return [ + TagDict( + id=row.id, + name=row.name, + description=row.description, + color=row.color, + read=row.read, + write=row.write, + delete=row.delete, + ) + async for row in result + ] + + async def get( + self, + connection: AsyncConnection | None = None, + *, + user_id: int, + tag_id: int, + ) -> TagDict: + stmt_get = get_tag_stmt(user_id=user_id, tag_id=tag_id) + async with pass_or_acquire_connection(self.engine, connection) as conn: + result = await conn.execute(stmt_get) + row = result.first() + if not row: + msg = f"{tag_id=} not found: either no access or does not exists" + raise TagNotFoundError(msg) + return TagDict( + id=row.id, + name=row.name, + description=row.description, + color=row.color, + read=row.read, + write=row.write, + delete=row.delete, + ) async def update( self, - conn: SAConnection, + connection: AsyncConnection | None = None, + *, + user_id: int, tag_id: int, **fields, ) -> TagDict: - updates = { - name: value - for name, value in fields.items() - if name in {"name", "color", "description"} - } - - if not updates: - # no updates == get - return await self.get(conn, tag_id=tag_id) - - update_stmt = update_tag_stmt(user_id=self.user_id, tag_id=tag_id, **updates) - result = await conn.execute(update_stmt) - row = await result.first() - if not row: - msg = f"{tag_id=} not updated: either no access or not found" - raise TagOperationNotAllowedError(msg) - - return TagDict(row.items()) # type: ignore - - async def delete(self, conn: SAConnection, tag_id: int) -> None: - stmt_delete = delete_tag_stmt(user_id=self.user_id, tag_id=tag_id) + async with transaction_context(self.engine, connection) as conn: + updates = { + name: value + for name, value in fields.items() + if name in {"name", "color", "description"} + } + + if not updates: + # no updates == get + return await self.get(conn, user_id=user_id, tag_id=tag_id) + + update_stmt = update_tag_stmt(user_id=user_id, tag_id=tag_id, **updates) + result = await conn.execute(update_stmt) + row = result.first() + if not row: + msg = f"{tag_id=} not updated: either no access or not found" + raise TagOperationNotAllowedError(msg) + + return TagDict( + id=row.id, + name=row.name, + description=row.description, + color=row.color, + read=row.read, + write=row.write, + delete=row.delete, + ) - deleted = await conn.scalar(stmt_delete) - if not deleted: - msg = f"Could not delete {tag_id=}. Not found or insuficient access." - raise TagOperationNotAllowedError(msg) + async def delete( + self, + connection: AsyncConnection | None = None, + *, + user_id: int, + tag_id: int, + ) -> None: + stmt_delete = delete_tag_stmt(user_id=user_id, tag_id=tag_id) + async with transaction_context(self.engine, connection) as conn: + deleted = await conn.scalar(stmt_delete) + if not deleted: + msg = f"Could not delete {tag_id=}. Not found or insuficient access." + raise TagOperationNotAllowedError(msg) diff --git a/packages/postgres-database/tests/test_utils_tags.py b/packages/postgres-database/tests/test_utils_tags.py index 2b99c1939fe..21ac92749a3 100644 --- a/packages/postgres-database/tests/test_utils_tags.py +++ b/packages/postgres-database/tests/test_utils_tags.py @@ -30,6 +30,7 @@ set_tag_access_rights_stmt, update_tag_stmt, ) +from sqlalchemy.ext.asyncio import AsyncEngine @pytest.fixture @@ -75,7 +76,11 @@ async def other_user( async def test_tags_access_with_primary_groups( - connection: SAConnection, user: RowProxy, group: RowProxy, other_user: RowProxy + asyncpg_engine: AsyncEngine, + connection: SAConnection, + user: RowProxy, + group: RowProxy, + other_user: RowProxy, ): conn = connection @@ -102,22 +107,29 @@ async def test_tags_access_with_primary_groups( ), ] - tags_repo = TagsRepo(user_id=user.id) + tags_repo = TagsRepo(asyncpg_engine) # repo has access assert ( - await tags_repo.access_count(conn, tag_id, read=True, write=True, delete=True) + await tags_repo.access_count( + user_id=user.id, tag_id=tag_id, read=True, write=True, delete=True + ) + == 1 + ) + assert ( + await tags_repo.access_count( + user_id=user.id, tag_id=tag_id, read=True, write=True + ) == 1 ) - assert await tags_repo.access_count(conn, tag_id, read=True, write=True) == 1 - assert await tags_repo.access_count(conn, tag_id, read=True) == 1 - assert await tags_repo.access_count(conn, tag_id, write=True) == 1 + assert await tags_repo.access_count(user_id=user.id, tag_id=tag_id, read=True) == 1 + assert await tags_repo.access_count(user_id=user.id, tag_id=tag_id, write=True) == 1 # changing access conditions assert ( await tags_repo.access_count( - conn, - tag_id, + user_id=user.id, + tag_id=tag_id, read=True, write=True, delete=False, # <--- @@ -128,15 +140,20 @@ async def test_tags_access_with_primary_groups( # user will have NO access to other user's tags even matching access rights assert ( await tags_repo.access_count( - conn, other_tag_id, read=True, write=True, delete=True + user_id=user.id, tag_id=other_tag_id, read=True, write=True, delete=True ) == 0 ) async def test_tags_access_with_multiple_groups( - connection: SAConnection, user: RowProxy, group: RowProxy, other_user: RowProxy + asyncpg_engine: AsyncEngine, + connection: SAConnection, + user: RowProxy, + group: RowProxy, + other_user: RowProxy, ): + conn = connection (tag_id, other_tag_id, group_tag_id, everyone_tag_id) = [ @@ -182,30 +199,58 @@ async def test_tags_access_with_multiple_groups( ), ] - tags_repo = TagsRepo(user_id=user.id) - other_repo = TagsRepo(user_id=other_user.id) + tags_repo = TagsRepo(asyncpg_engine) + other_repo = TagsRepo(asyncpg_engine) # tag_id assert ( - await tags_repo.access_count(conn, tag_id, read=True, write=True, delete=True) + await tags_repo.access_count( + user_id=user.id, tag_id=tag_id, read=True, write=True, delete=True + ) == 1 ) assert ( - await other_repo.access_count(conn, tag_id, read=True, write=True, delete=True) + await other_repo.access_count( + user_id=other_user.id, tag_id=tag_id, read=True, write=True, delete=True + ) == 0 ) # other_tag_id - assert await tags_repo.access_count(conn, other_tag_id, read=True) == 0 - assert await other_repo.access_count(conn, other_tag_id, read=True) == 1 + assert ( + await tags_repo.access_count(user_id=user.id, tag_id=other_tag_id, read=True) + == 0 + ) + assert ( + await other_repo.access_count( + user_id=other_user.id, tag_id=other_tag_id, read=True + ) + == 1 + ) # group_tag_id - assert await tags_repo.access_count(conn, group_tag_id, read=True) == 1 - assert await other_repo.access_count(conn, group_tag_id, read=True) == 0 + assert ( + await tags_repo.access_count(user_id=user.id, tag_id=group_tag_id, read=True) + == 1 + ) + assert ( + await other_repo.access_count( + user_id=other_user.id, tag_id=group_tag_id, read=True + ) + == 0 + ) # everyone_tag_id - assert await tags_repo.access_count(conn, everyone_tag_id, read=True) == 1 - assert await other_repo.access_count(conn, everyone_tag_id, read=True) == 1 + assert ( + await tags_repo.access_count(user_id=user.id, tag_id=everyone_tag_id, read=True) + == 1 + ) + assert ( + await other_repo.access_count( + user_id=other_user.id, tag_id=everyone_tag_id, read=True + ) + == 1 + ) # now group adds read for all tags for t in (tag_id, other_tag_id, everyone_tag_id): @@ -218,19 +263,29 @@ async def test_tags_access_with_multiple_groups( delete=False, ) - assert await tags_repo.access_count(conn, tag_id, read=True) == 2 - assert await tags_repo.access_count(conn, other_tag_id, read=True) == 1 - assert await tags_repo.access_count(conn, everyone_tag_id, read=True) == 2 + assert await tags_repo.access_count(user_id=user.id, tag_id=tag_id, read=True) == 2 + assert ( + await tags_repo.access_count(user_id=user.id, tag_id=other_tag_id, read=True) + == 1 + ) + assert ( + await tags_repo.access_count(user_id=user.id, tag_id=everyone_tag_id, read=True) + == 2 + ) async def test_tags_repo_list_and_get( - connection: SAConnection, user: RowProxy, group: RowProxy, other_user: RowProxy + asyncpg_engine: AsyncEngine, + connection: SAConnection, + user: RowProxy, + group: RowProxy, + other_user: RowProxy, ): conn = connection - tags_repo = TagsRepo(user_id=user.id) + tags_repo = TagsRepo(asyncpg_engine) # (1) no tags - listed_tags = await tags_repo.list_all(conn) + listed_tags = await tags_repo.list_all(user_id=user.id) assert not listed_tags # (2) one tag @@ -247,7 +302,7 @@ async def test_tags_repo_list_and_get( ) ] - listed_tags = await tags_repo.list_all(conn) + listed_tags = await tags_repo.list_all(user_id=user.id) assert listed_tags assert [t["id"] for t in listed_tags] == expected_tags_ids @@ -265,7 +320,7 @@ async def test_tags_repo_list_and_get( ) ) - listed_tags = await tags_repo.list_all(conn) + listed_tags = await tags_repo.list_all(user_id=user.id) assert {t["id"] for t in listed_tags} == set(expected_tags_ids) # (4) add another tag from a differnt user @@ -282,7 +337,7 @@ async def test_tags_repo_list_and_get( # same as before prev_listed_tags = listed_tags - listed_tags = await tags_repo.list_all(conn) + listed_tags = await tags_repo.list_all(user_id=user.id) assert listed_tags == prev_listed_tags # (5) add a global tag @@ -297,7 +352,7 @@ async def test_tags_repo_list_and_get( delete=False, ) - listed_tags = await tags_repo.list_all(conn) + listed_tags = await tags_repo.list_all(user_id=user.id) assert listed_tags == [ { "id": 1, @@ -328,8 +383,8 @@ async def test_tags_repo_list_and_get( }, ] - other_repo = TagsRepo(user_id=other_user.id) - assert await other_repo.list_all(conn) == [ + other_repo = TagsRepo(asyncpg_engine) + assert await other_repo.list_all(user_id=other_user.id) == [ { "id": 3, "name": "T3", @@ -351,7 +406,7 @@ async def test_tags_repo_list_and_get( ] # exclusive to user - assert await tags_repo.get(conn, tag_id=2) == { + assert await tags_repo.get(user_id=user.id, tag_id=2) == { "id": 2, "name": "T2", "description": "tag via std group", @@ -363,9 +418,9 @@ async def test_tags_repo_list_and_get( # exclusive ot other user with pytest.raises(TagNotFoundError): - assert await tags_repo.get(conn, tag_id=3) + assert await tags_repo.get(user_id=user.id, tag_id=3) - assert await other_repo.get(conn, tag_id=3) == { + assert await other_repo.get(user_id=other_user.id, tag_id=3) == { "id": 3, "name": "T3", "description": "tag for 2", @@ -376,14 +431,20 @@ async def test_tags_repo_list_and_get( } # a common tag - assert await tags_repo.get(conn, tag_id=4) == await other_repo.get(conn, tag_id=4) + assert await tags_repo.get(user_id=user.id, tag_id=4) == await other_repo.get( + user_id=user.id, tag_id=4 + ) async def test_tags_repo_update( - connection: SAConnection, user: RowProxy, group: RowProxy, other_user: RowProxy + asyncpg_engine: AsyncEngine, + connection: SAConnection, + user: RowProxy, + group: RowProxy, + other_user: RowProxy, ): conn = connection - tags_repo = TagsRepo(user_id=user.id) + tags_repo = TagsRepo(asyncpg_engine) # Tags with different access rights readonly_tid, readwrite_tid, other_tid = [ @@ -420,10 +481,12 @@ async def test_tags_repo_update( ] with pytest.raises(TagOperationNotAllowedError): - await tags_repo.update(conn, tag_id=readonly_tid, description="modified") + await tags_repo.update( + user_id=user.id, tag_id=readonly_tid, description="modified" + ) assert await tags_repo.update( - conn, tag_id=readwrite_tid, description="modified" + user_id=user.id, tag_id=readwrite_tid, description="modified" ) == { "id": readwrite_tid, "name": "T2", @@ -435,14 +498,20 @@ async def test_tags_repo_update( } with pytest.raises(TagOperationNotAllowedError): - await tags_repo.update(conn, tag_id=other_tid, description="modified") + await tags_repo.update( + user_id=user.id, tag_id=other_tid, description="modified" + ) async def test_tags_repo_delete( - connection: SAConnection, user: RowProxy, group: RowProxy, other_user: RowProxy + asyncpg_engine: AsyncEngine, + connection: SAConnection, + user: RowProxy, + group: RowProxy, + other_user: RowProxy, ): conn = connection - tags_repo = TagsRepo(user_id=user.id) + tags_repo = TagsRepo(asyncpg_engine) # Tags with different access rights readonly_tid, delete_tid, other_tid = [ @@ -480,28 +549,32 @@ async def test_tags_repo_delete( # cannot delete with pytest.raises(TagOperationNotAllowedError): - await tags_repo.delete(conn, tag_id=readonly_tid) + await tags_repo.delete(user_id=user.id, tag_id=readonly_tid) # can delete - await tags_repo.get(conn, tag_id=delete_tid) - await tags_repo.delete(conn, tag_id=delete_tid) + await tags_repo.get(user_id=user.id, tag_id=delete_tid) + await tags_repo.delete(user_id=user.id, tag_id=delete_tid) with pytest.raises(TagNotFoundError): - await tags_repo.get(conn, tag_id=delete_tid) + await tags_repo.get(user_id=user.id, tag_id=delete_tid) # cannot delete with pytest.raises(TagOperationNotAllowedError): - await tags_repo.delete(conn, tag_id=other_tid) + await tags_repo.delete(user_id=user.id, tag_id=other_tid) async def test_tags_repo_create( - connection: SAConnection, user: RowProxy, group: RowProxy, other_user: RowProxy + asyncpg_engine: AsyncEngine, + connection: SAConnection, + user: RowProxy, + group: RowProxy, + other_user: RowProxy, ): conn = connection - tags_repo = TagsRepo(user_id=user.id) + tags_repo = TagsRepo(asyncpg_engine) tag_1 = await tags_repo.create( - conn, + user_id=user.id, name="T1", description="my first tag", color="pink", From 9df3396e1b2dfae52a0a10bb94c0807441a4544b Mon Sep 17 00:00:00 2001 From: Pedro Crespo-Valero <32402063+pcrespov@users.noreply.github.com> Date: Tue, 1 Oct 2024 11:03:05 +0200 Subject: [PATCH 02/16] new api --- .../simcore_service_webserver/tags/_api.py | 58 +++++++++++++++++++ .../tags/_handlers.py | 55 ++++++------------ 2 files changed, 77 insertions(+), 36 deletions(-) create mode 100644 services/web/server/src/simcore_service_webserver/tags/_api.py diff --git a/services/web/server/src/simcore_service_webserver/tags/_api.py b/services/web/server/src/simcore_service_webserver/tags/_api.py new file mode 100644 index 00000000000..6f3a74853e7 --- /dev/null +++ b/services/web/server/src/simcore_service_webserver/tags/_api.py @@ -0,0 +1,58 @@ +""" _api: implements `tags` plugin **service layer** +""" + +from aiohttp import web +from models_library.basic_types import IdInt +from models_library.users import UserID +from servicelib.aiohttp.db_asyncpg_engine import get_async_engine +from simcore_postgres_database.utils_tags import TagsRepo +from sqlalchemy.ext.asyncio import AsyncEngine + +from .schemas import TagCreate, TagGet, TagUpdate + + +async def create_tag( + app: web.Application, user_id: UserID, new_tag: TagCreate +) -> TagGet: + engine: AsyncEngine = get_async_engine(app) + + repo = TagsRepo(engine) + tag = await repo.create( + user_id=user_id, + read=True, + write=True, + delete=True, + **new_tag.dict(exclude_unset=True), + ) + return TagGet.from_db(tag) + + +async def list_tags( + app: web.Application, + user_id: UserID, +) -> list[TagGet]: + engine: AsyncEngine = get_async_engine(app) + repo = TagsRepo(engine) + tags = await repo.list_all(user_id=user_id) + return [TagGet.from_db(t) for t in tags] + + +async def update_tag( + app: web.Application, user_id: UserID, tag_id: IdInt, tag_updates: TagUpdate +) -> TagGet: + engine: AsyncEngine = get_async_engine(app) + + repo = TagsRepo(engine) + tag = await repo.update( + user_id=user_id, + tag_id=tag_id, + **tag_updates.dict(exclude_unset=True), + ) + return TagGet.from_db(tag) + + +async def delete_tag(app: web.Application, user_id: UserID, tag_id: IdInt): + engine: AsyncEngine = get_async_engine(app) + + repo = TagsRepo(engine) + await repo.delete(user_id=user_id, tag_id=tag_id) diff --git a/services/web/server/src/simcore_service_webserver/tags/_handlers.py b/services/web/server/src/simcore_service_webserver/tags/_handlers.py index 07925f4749e..ac0c08698eb 100644 --- a/services/web/server/src/simcore_service_webserver/tags/_handlers.py +++ b/services/web/server/src/simcore_service_webserver/tags/_handlers.py @@ -1,7 +1,6 @@ import functools from aiohttp import web -from aiopg.sa.engine import Engine from pydantic import parse_obj_as from servicelib.aiohttp.requests_validation import ( parse_request_body_as, @@ -12,17 +11,15 @@ from simcore_postgres_database.utils_tags import ( TagNotFoundError, TagOperationNotAllowedError, - TagsRepo, ) from .._meta import API_VTAG as VTAG -from ..db.plugin import get_database_engine from ..login.decorators import login_required from ..security.decorators import permission_required from ..utils_aiohttp import envelope_json_response +from . import _api from .schemas import ( TagCreate, - TagGet, TagGroupCreate, TagGroupGet, TagGroupPathParams, @@ -55,21 +52,14 @@ async def wrapper(request: web.Request) -> web.StreamResponse: @permission_required("tag.crud.*") @_handle_tags_exceptions async def create_tag(request: web.Request): - engine: Engine = get_database_engine(request.app) + assert request.app # nosec req_ctx = TagRequestContext.parse_obj(request) new_tag = await parse_request_body_as(TagCreate, request) - repo = TagsRepo(user_id=req_ctx.user_id) - async with engine.acquire() as conn: - tag = await repo.create( - conn, - read=True, - write=True, - delete=True, - **new_tag.dict(exclude_unset=True), - ) - model = TagGet.from_db(tag) - return envelope_json_response(model) + created = await _api.create_tag( + request.app, user_id=req_ctx.user_id, new_tag=new_tag + ) + return envelope_json_response(created) @routes.get(f"/{VTAG}/tags", name="list_tags") @@ -77,15 +67,10 @@ async def create_tag(request: web.Request): @permission_required("tag.crud.*") @_handle_tags_exceptions async def list_tags(request: web.Request): - engine: Engine = get_database_engine(request.app) - req_ctx = TagRequestContext.parse_obj(request) - repo = TagsRepo(user_id=req_ctx.user_id) - async with engine.acquire() as conn: - tags = await repo.list_all(conn) - return envelope_json_response( - [TagGet.from_db(t).dict(by_alias=True) for t in tags] - ) + req_ctx = TagRequestContext.parse_obj(request) + got = await _api.list_tags(request.app, user_id=req_ctx.user_id) + return envelope_json_response(got) @routes.patch(f"/{VTAG}/tags/{{tag_id}}", name="update_tag") @@ -93,18 +78,17 @@ async def list_tags(request: web.Request): @permission_required("tag.crud.*") @_handle_tags_exceptions async def update_tag(request: web.Request): - engine: Engine = get_database_engine(request.app) req_ctx = TagRequestContext.parse_obj(request) path_params = parse_request_path_parameters_as(TagPathParams, request) tag_updates = await parse_request_body_as(TagUpdate, request) - repo = TagsRepo(user_id=req_ctx.user_id) - async with engine.acquire() as conn: - tag = await repo.update( - conn, path_params.tag_id, **tag_updates.dict(exclude_unset=True) - ) - model = TagGet.from_db(tag) - return envelope_json_response(model) + updated = await _api.update_tag( + request.app, + user_id=req_ctx.user_id, + tag_id=path_params.tag_id, + tag_updates=tag_updates, + ) + return envelope_json_response(updated) @routes.delete(f"/{VTAG}/tags/{{tag_id}}", name="delete_tag") @@ -112,13 +96,12 @@ async def update_tag(request: web.Request): @permission_required("tag.crud.*") @_handle_tags_exceptions async def delete_tag(request: web.Request): - engine: Engine = get_database_engine(request.app) req_ctx = TagRequestContext.parse_obj(request) path_params = parse_request_path_parameters_as(TagPathParams, request) - repo = TagsRepo(user_id=req_ctx.user_id) - async with engine.acquire() as conn: - await repo.delete(conn, tag_id=path_params.tag_id) + await _api.delete_tag( + request.app, user_id=req_ctx.user_id, tag_id=path_params.tag_id + ) raise web.HTTPNoContent(content_type=MIMETYPE_APPLICATION_JSON) From e47d9ce70105b48a434e6d9b71cd62b5264a7044 Mon Sep 17 00:00:00 2001 From: Pedro Crespo-Valero <32402063+pcrespov@users.noreply.github.com> Date: Tue, 1 Oct 2024 11:04:10 +0200 Subject: [PATCH 03/16] updates tests --- .../tests/unit/with_dbs/03/tags/test_tags.py | 33 +++++++++---------- 1 file changed, 15 insertions(+), 18 deletions(-) diff --git a/services/web/server/tests/unit/with_dbs/03/tags/test_tags.py b/services/web/server/tests/unit/with_dbs/03/tags/test_tags.py index 5e480b2777f..cf441325a6f 100644 --- a/services/web/server/tests/unit/with_dbs/03/tags/test_tags.py +++ b/services/web/server/tests/unit/with_dbs/03/tags/test_tags.py @@ -5,7 +5,6 @@ from collections.abc import AsyncIterator, Callable, Iterator -from http import HTTPStatus from typing import Any import pytest @@ -27,7 +26,7 @@ from servicelib.aiohttp import status from simcore_postgres_database.models.tags import tags from simcore_service_webserver.db.models import UserRole -from simcore_service_webserver.db.plugin import get_database_engine +from simcore_service_webserver.db.plugin import get_aiopg_engine from simcore_service_webserver.projects.models import ProjectDict @@ -46,12 +45,16 @@ def fake_tags(faker: Faker) -> list[dict[str, Any]]: ] -@pytest.mark.parametrize("user_role,expected", [(UserRole.USER, status.HTTP_200_OK)]) +@pytest.fixture +def user_role() -> UserRole: + # All tests in test_tags assume USER's role + # i.e. Used in `logged_user` and `user_project` + return UserRole.USER + + async def test_tags_to_studies( client: TestClient, - logged_user: UserInfoDict, user_project: ProjectDict, - expected: HTTPStatus, fake_tags: dict[str, Any], catalog_subsystem_mock: Callable[[list[ProjectDict]], None], ): @@ -64,7 +67,7 @@ async def test_tags_to_studies( for tag in fake_tags: url = client.app.router["create_tag"].url_for() resp = await client.post(f"{url}", json=tag) - added_tag, _ = await assert_status(resp, expected) + added_tag, _ = await assert_status(resp, status.HTTP_200_OK) added_tags.append(added_tag) # Add tag to study @@ -72,7 +75,7 @@ async def test_tags_to_studies( project_uuid=user_project.get("uuid"), tag_id=str(added_tag.get("id")) ) resp = await client.post(f"{url}") - data, _ = await assert_status(resp, expected) + data, _ = await assert_status(resp, status.HTTP_200_OK) # Tag is included in response assert added_tag["id"] in data["tags"] @@ -86,8 +89,7 @@ async def test_tags_to_studies( ), exclude_unset=True, ) - user_project["folderId"] = None - data = await assert_get_same_project(client, user_project, expected) + data = await assert_get_same_project(client, user_project, status.HTTP_200_OK) # Delete tag0 url = client.app.router["delete_tag"].url_for(tag_id=str(added_tags[0].get("id"))) @@ -96,7 +98,7 @@ async def test_tags_to_studies( # Get project and check that tag is no longer there user_project["tags"].remove(added_tags[0]["id"]) - data = await assert_get_same_project(client, user_project, expected) + data = await assert_get_same_project(client, user_project, status.HTTP_200_OK) assert added_tags[0].get("id") not in data.get("tags") # Remove tag1 from project @@ -104,11 +106,11 @@ async def test_tags_to_studies( project_uuid=user_project.get("uuid"), tag_id=str(added_tags[1].get("id")) ) resp = await client.post(f"{url}") - await assert_status(resp, expected) + await assert_status(resp, status.HTTP_200_OK) # Get project and check that tag is no longer there user_project["tags"].remove(added_tags[1]["id"]) - data = await assert_get_same_project(client, user_project, expected) + data = await assert_get_same_project(client, user_project, status.HTTP_200_OK) assert added_tags[1].get("id") not in data.get("tags") # Delete tag1 @@ -120,7 +122,7 @@ async def test_tags_to_studies( @pytest.fixture async def everybody_tag_id(client: TestClient) -> AsyncIterator[int]: assert client.app - engine = get_database_engine(client.app) + engine = get_aiopg_engine(client.app) assert engine async with engine.acquire() as conn: @@ -140,11 +142,6 @@ async def everybody_tag_id(client: TestClient) -> AsyncIterator[int]: await delete_tag(conn, tag_id=tag_id) -@pytest.fixture -def user_role() -> UserRole: - return UserRole.USER - - async def test_read_tags( client: TestClient, logged_user: UserInfoDict, From 9c6712fdeeb891ff2b05a15954ba2da14d026848 Mon Sep 17 00:00:00 2001 From: Pedro Crespo-Valero <32402063+pcrespov@users.noreply.github.com> Date: Tue, 1 Oct 2024 11:07:25 +0200 Subject: [PATCH 04/16] engine --- .../simcore_service_webserver/db/plugin.py | 7 ++++- .../server/tests/unit/with_dbs/01/test_db.py | 29 +------------------ 2 files changed, 7 insertions(+), 29 deletions(-) diff --git a/services/web/server/src/simcore_service_webserver/db/plugin.py b/services/web/server/src/simcore_service_webserver/db/plugin.py index b3dcdacf280..a01efdbc40c 100644 --- a/services/web/server/src/simcore_service_webserver/db/plugin.py +++ b/services/web/server/src/simcore_service_webserver/db/plugin.py @@ -8,7 +8,7 @@ from servicelib.aiohttp.application_keys import APP_AIOPG_ENGINE_KEY from servicelib.aiohttp.application_setup import ModuleCategory, app_module_setup -from . import _aiopg +from . import _aiopg, _asyncpg _logger = logging.getLogger(__name__) @@ -20,6 +20,10 @@ is_service_enabled = _aiopg.is_service_enabled +# asyncpg helpers +get_asyncpg_engine = _asyncpg.get_async_engine + + @app_module_setup( "simcore_service_webserver.db", ModuleCategory.ADDON, @@ -34,3 +38,4 @@ def setup_db(app: web.Application): # init engines app.cleanup_ctx.append(_aiopg.postgres_cleanup_ctx) + app.cleanup_ctx.append(_asyncpg.postgres_cleanup_ctx) diff --git a/services/web/server/tests/unit/with_dbs/01/test_db.py b/services/web/server/tests/unit/with_dbs/01/test_db.py index 4b4dce7b134..a9204b460bf 100644 --- a/services/web/server/tests/unit/with_dbs/01/test_db.py +++ b/services/web/server/tests/unit/with_dbs/01/test_db.py @@ -7,12 +7,9 @@ import aiopg.sa import asyncpg -import pytest import sqlalchemy as sa import yaml -from aiohttp import web from aiohttp.test_utils import TestServer -from pytest_mock import MockFixture, MockType from simcore_service_webserver.application_settings import ( ApplicationSettings, get_application_settings, @@ -21,36 +18,12 @@ from simcore_service_webserver.db.plugin import ( is_service_enabled, is_service_responsive, - setup_db, ) from simcore_service_webserver.login.storage import AsyncpgStorage, get_plugin_storage from sqlalchemy.ext.asyncio import AsyncEngine -@pytest.fixture -def mock_asyncpg_in_setup_db(mocker: MockFixture) -> MockType: - - original_setup = setup_db - - mock_setup_db = mocker.patch( - "simcore_service_webserver.application.setup_db", autospec=True - ) - - def _wrapper_setup_db(app: web.Application): - original_setup(app) - - # NEW engine ! - app.cleanup_ctx.append(_asyncpg.postgres_cleanup_ctx) - - mock_setup_db.side_effect = _wrapper_setup_db - return mock_setup_db - - -async def test_all_pg_engines_in_app( - mock_asyncpg_in_setup_db: MockType, web_server: TestServer -): - assert mock_asyncpg_in_setup_db.called - +async def test_all_pg_engines_in_app(web_server: TestServer): app = web_server.app assert app From be6f6156344c289f84f877b923e032cbd4a8c4f2 Mon Sep 17 00:00:00 2001 From: Pedro Crespo-Valero <32402063+pcrespov@users.noreply.github.com> Date: Wed, 2 Oct 2024 15:06:13 +0200 Subject: [PATCH 05/16] doc --- .../models/services_tags.py | 5 +++-- .../models/tags_access_rights.py | 14 ++++++++------ .../simcore_service_webserver/tags/_handlers.py | 9 +++++++++ 3 files changed, 20 insertions(+), 8 deletions(-) diff --git a/packages/postgres-database/src/simcore_postgres_database/models/services_tags.py b/packages/postgres-database/src/simcore_postgres_database/models/services_tags.py index 6a3ea828eea..c774cdcd317 100644 --- a/packages/postgres-database/src/simcore_postgres_database/models/services_tags.py +++ b/packages/postgres-database/src/simcore_postgres_database/models/services_tags.py @@ -14,13 +14,13 @@ "service_key", sa.String, nullable=False, - doc="Service Key Identifier", + doc="Key name identifier for the service, without specifiying its versions", ), sa.Column( "service_version", sa.String, nullable=False, - doc="Service version", + doc="Version of the service. Combined with 'service_key', it forms a unique identifier for this service.", ), # Tag sa.Column( @@ -28,6 +28,7 @@ sa.BigInteger, sa.ForeignKey(tags.c.id, onupdate="CASCADE", ondelete="CASCADE"), nullable=False, + doc="Identifier of the tag assigned to this specific service (service_key, service_version).", ), # Constraints sa.ForeignKeyConstraint( diff --git a/packages/postgres-database/src/simcore_postgres_database/models/tags_access_rights.py b/packages/postgres-database/src/simcore_postgres_database/models/tags_access_rights.py index 9efb4123f0d..9078a9254f1 100644 --- a/packages/postgres-database/src/simcore_postgres_database/models/tags_access_rights.py +++ b/packages/postgres-database/src/simcore_postgres_database/models/tags_access_rights.py @@ -22,7 +22,7 @@ name="fk_tag_to_group_tag_id", ), nullable=False, - doc="Tag unique ID", + doc="References the unique identifier of the tag that these access rights apply to.", ), sa.Column( "group_id", @@ -34,7 +34,7 @@ name="fk_tag_to_group_group_id", ), nullable=False, - doc="Group unique ID", + doc="References the unique identifier of the group that has access rights to the tag.", ), # ACCESS RIGHTS --- sa.Column( @@ -42,22 +42,24 @@ sa.Boolean(), nullable=False, server_default=sa.sql.expression.true(), - doc="If true, group can *read* a tag." - "This column can be used to set the tag invisible", + doc="Indicates whether the group has permission to view the tag. " + "A value of 'True' allows the group to access the tag's details.", ), sa.Column( "write", sa.Boolean(), nullable=False, server_default=sa.sql.expression.false(), - doc="If true, group can *create* and *update* a tag", + doc="Indicates whether the group has permission to modify the tag. " + "A value of 'True' grants write access to the group.", ), sa.Column( "delete", sa.Boolean(), nullable=False, server_default=sa.sql.expression.false(), - doc="If true, group can *delete* the tag", + doc="Indicates whether the group has permission to delete the tag. " + "A value of 'True' allows the group to remove the tag.", ), # TIME STAMPS ---- column_created_datetime(timezone=False), diff --git a/services/web/server/src/simcore_service_webserver/tags/_handlers.py b/services/web/server/src/simcore_service_webserver/tags/_handlers.py index ac0c08698eb..5ea57cb59c7 100644 --- a/services/web/server/src/simcore_service_webserver/tags/_handlers.py +++ b/services/web/server/src/simcore_service_webserver/tags/_handlers.py @@ -46,6 +46,10 @@ async def wrapper(request: web.Request) -> web.StreamResponse: routes = web.RouteTableDef() +# +# tags CRUD standard operations +# + @routes.post(f"/{VTAG}/tags", name="create_tag") @login_required @@ -119,6 +123,11 @@ async def list_tag_groups(request: web.Request): raise NotImplementedError +# +# tags ACCESS RIGHTS is exposed as a sub-resource groups +# + + @routes.post(f"/{VTAG}/tags/{{tag_id}}/groups/{{group_id}}", name="create_tag_group") @login_required @permission_required("tag.crud.*") From b8c3aad3f573f16e2a7d5045860b4d2ac57596c7 Mon Sep 17 00:00:00 2001 From: Pedro Crespo-Valero <32402063+pcrespov@users.noreply.github.com> Date: Wed, 2 Oct 2024 15:08:21 +0200 Subject: [PATCH 06/16] fixes import --- .../src/simcore_postgres_database/utils_tags.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/postgres-database/src/simcore_postgres_database/utils_tags.py b/packages/postgres-database/src/simcore_postgres_database/utils_tags.py index 655cfa28684..39e37e25b22 100644 --- a/packages/postgres-database/src/simcore_postgres_database/utils_tags.py +++ b/packages/postgres-database/src/simcore_postgres_database/utils_tags.py @@ -5,7 +5,7 @@ from sqlalchemy.ext.asyncio import AsyncConnection, AsyncEngine -from .base_repo import pass_or_acquire_connection, transaction_context +from .utils_repos import pass_or_acquire_connection, transaction_context from .utils_tags_sql import ( count_users_with_access_rights_stmt, create_tag_stmt, From 5b377be888ade1fb027c8f878216d8fa4b7c3953 Mon Sep 17 00:00:00 2001 From: Pedro Crespo-Valero <32402063+pcrespov@users.noreply.github.com> Date: Wed, 2 Oct 2024 15:47:54 +0200 Subject: [PATCH 07/16] fixes repeated matches --- .../simcore_postgres_database/utils_tags.py | 40 ++++++++++++++- .../utils_tags_sql.py | 32 ++++++++---- .../tests/test_utils_tags.py | 49 +++++++++++++++++++ 3 files changed, 110 insertions(+), 11 deletions(-) diff --git a/packages/postgres-database/src/simcore_postgres_database/utils_tags.py b/packages/postgres-database/src/simcore_postgres_database/utils_tags.py index 39e37e25b22..d2c415f6a35 100644 --- a/packages/postgres-database/src/simcore_postgres_database/utils_tags.py +++ b/packages/postgres-database/src/simcore_postgres_database/utils_tags.py @@ -7,7 +7,7 @@ from .utils_repos import pass_or_acquire_connection, transaction_context from .utils_tags_sql import ( - count_users_with_access_rights_stmt, + count_users_with_given_access_rights_stmt, create_tag_stmt, delete_tag_stmt, get_tag_stmt, @@ -67,7 +67,7 @@ async def access_count( Returns >0 if it does and represents the number of groups granting this access to the user """ async with pass_or_acquire_connection(self.engine, connection) as conn: - count_stmt = count_users_with_access_rights_stmt( + count_stmt = count_users_with_given_access_rights_stmt( user_id=user_id, tag_id=tag_id, read=read, write=write, delete=delete ) permissions_count: int | None = await conn.scalar(count_stmt) @@ -89,6 +89,7 @@ async def create( write: bool = True, delete: bool = True, ) -> TagDict: + """Creates tag and defaults to full access rights to `user_id`""" values = { "name": name, "color": color, @@ -220,3 +221,38 @@ async def delete( if not deleted: msg = f"Could not delete {tag_id=}. Not found or insuficient access." raise TagOperationNotAllowedError(msg) + + # + # ACCESS RIGHTS + # + + async def create_access_rights( + self, + connection: AsyncConnection | None = None, + *, + user_id: int, + tag_id: int, + group_id: int, + read: bool, + write: bool, + delete: bool, + ): + ... + + async def update_access_rights( + self, + connection: AsyncConnection | None = None, + *, + user_id: int, + tag_id: int, + group_id: int, + read: bool, + write: bool, + delete: bool, + ): + ... + + async def delete_access_rights( + self, connection: AsyncConnection | None = None, *, user_id: int, tag_id: int + ): + ... diff --git a/packages/postgres-database/src/simcore_postgres_database/utils_tags_sql.py b/packages/postgres-database/src/simcore_postgres_database/utils_tags_sql.py index 05a1e93ca33..cabb5b52742 100644 --- a/packages/postgres-database/src/simcore_postgres_database/utils_tags_sql.py +++ b/packages/postgres-database/src/simcore_postgres_database/utils_tags_sql.py @@ -23,9 +23,6 @@ ] -_COLUMNS = _TAG_COLUMNS + _ACCESS_RIGHTS_COLUMNS - - def _join_user_groups_tag(*, access_condition, tag_id: int, user_id: int): return user_to_groups.join( tags_access_rights, @@ -57,10 +54,10 @@ def get_tag_stmt( user_id: int, tag_id: int, ): - return sa.select(*_COLUMNS).select_from( + return sa.select(*_TAG_COLUMNS, *_ACCESS_RIGHTS_COLUMNS).select_from( _join_user_to_given_tag( access_condition=tags_access_rights.c.read.is_(True), - tag_id=tag_id, + tag_id=tag_id, # makes it unique result or None user_id=user_id, ) ) @@ -68,13 +65,20 @@ def get_tag_stmt( def list_tags_stmt(*, user_id: int): return ( - sa.select(*_COLUMNS) + sa.select( + *_TAG_COLUMNS, + # MOST permisive aggregation of access-rights + sa.func.bool_or(tags_access_rights.c.read).label("read"), + sa.func.bool_or(tags_access_rights.c.write).label("write"), + sa.func.bool_or(tags_access_rights.c.delete).label("delete") + ) .select_from( _join_user_to_tags( access_condition=tags_access_rights.c.read.is_(True), user_id=user_id, ) ) + .group_by(tags.c.id) # makes it tag.id uniqueness .order_by(tags.c.id) ) @@ -83,7 +87,7 @@ def create_tag_stmt(**values): return tags.insert().values(**values).returning(*_TAG_COLUMNS) -def count_users_with_access_rights_stmt( +def count_users_with_given_access_rights_stmt( *, user_id: int, tag_id: int, @@ -92,7 +96,7 @@ def count_users_with_access_rights_stmt( delete: bool | None ): """ - How many users are given these access permissions + How many users are given EXACTLY these access permissions """ access = [] if read is not None: @@ -146,7 +150,7 @@ def update_tag_stmt(*, user_id: int, tag_id: int, **updates): & (user_to_groups.c.uid == user_id) ) .values(**updates) - .returning(*_COLUMNS) + .returning(*_TAG_COLUMNS, *_ACCESS_RIGHTS_COLUMNS) ) @@ -166,6 +170,11 @@ def delete_tag_stmt(*, user_id: int, tag_id: int): ) +# +# PROJECT TAGS +# + + def get_tags_for_project_stmt(*, project_index: int): return sa.select(projects_tags.c.tag_id).where( projects_tags.c.project_id == project_index @@ -183,6 +192,11 @@ def add_tag_to_project_stmt(*, project_index: int, tag_id: int): ) +# +# SERVICE TAGS +# + + def get_tags_for_services_stmt(*, key: str, version: str): return sa.select(services_tags.c.tag_id).where( (services_tags.c.service_key == key) diff --git a/packages/postgres-database/tests/test_utils_tags.py b/packages/postgres-database/tests/test_utils_tags.py index 21ac92749a3..a7b7009fdea 100644 --- a/packages/postgres-database/tests/test_utils_tags.py +++ b/packages/postgres-database/tests/test_utils_tags.py @@ -27,6 +27,7 @@ get_tag_stmt, get_tags_for_project_stmt, get_tags_for_services_stmt, + list_tags_stmt, set_tag_access_rights_stmt, update_tag_stmt, ) @@ -436,6 +437,49 @@ async def test_tags_repo_list_and_get( ) +async def test_tags_repo_uniquely_list_shared_tags( + asyncpg_engine: AsyncEngine, + connection: SAConnection, + user: RowProxy, + group: RowProxy, +): + conn = connection + tags_repo = TagsRepo(asyncpg_engine) + + # (setup): create a tag and share with group + expected_tag_id = await create_tag( + conn, + name="T1", + description=f"tag for {user.id}", + color="blue", + group_id=user.primary_gid, + read=True, + write=False, # <-- cannot write + delete=True, + ) + await create_tag_access( + conn, + tag_id=expected_tag_id, + group_id=group.gid, + read=True, + write=True, # < -- group can write + delete=False, + ) + + # (check) can read + got = await tags_repo.get(user_id=user.id, tag_id=expected_tag_id) + assert got + assert got["write"] is False + + user_tags = await tags_repo.list_all(user_id=user.id) + assert len(user_tags) == 1 + # checks that the agregattion is the MOST permisive + assert user_tags[0]["id"] == expected_tag_id + assert user_tags[0]["read"] is True + assert user_tags[0]["write"] is True + assert user_tags[0]["delete"] is True + + async def test_tags_repo_update( asyncpg_engine: AsyncEngine, connection: SAConnection, @@ -619,6 +663,11 @@ def _check(func_smt, **kwargs): service_key = "simcore/services/comp/isolve" service_version = "2.0.85" + _check( + list_tags_stmt, + user_id=user_id, + ) + _check( get_tag_stmt, user_id=user_id, From a672d4fc260d8566cc3d2a9d7e44d234b488095c Mon Sep 17 00:00:00 2001 From: Pedro Crespo-Valero <32402063+pcrespov@users.noreply.github.com> Date: Wed, 2 Oct 2024 16:19:06 +0200 Subject: [PATCH 08/16] fixes get tag --- .../simcore_postgres_database/utils_tags.py | 16 +++++++---- .../utils_tags_sql.py | 26 +++++++++++------ .../tests/test_utils_tags.py | 28 ++++++++++++------- .../tags/_handlers.py | 12 ++++---- 4 files changed, 52 insertions(+), 30 deletions(-) diff --git a/packages/postgres-database/src/simcore_postgres_database/utils_tags.py b/packages/postgres-database/src/simcore_postgres_database/utils_tags.py index d2c415f6a35..5ba87ff5e82 100644 --- a/packages/postgres-database/src/simcore_postgres_database/utils_tags.py +++ b/packages/postgres-database/src/simcore_postgres_database/utils_tags.py @@ -7,7 +7,7 @@ from .utils_repos import pass_or_acquire_connection, transaction_context from .utils_tags_sql import ( - count_users_with_given_access_rights_stmt, + count_groups_with_given_access_rights_stmt, create_tag_stmt, delete_tag_stmt, get_tag_stmt, @@ -67,7 +67,7 @@ async def access_count( Returns >0 if it does and represents the number of groups granting this access to the user """ async with pass_or_acquire_connection(self.engine, connection) as conn: - count_stmt = count_users_with_given_access_rights_stmt( + count_stmt = count_groups_with_given_access_rights_stmt( user_id=user_id, tag_id=tag_id, read=read, write=write, delete=delete ) permissions_count: int | None = await conn.scalar(count_stmt) @@ -237,7 +237,7 @@ async def create_access_rights( write: bool, delete: bool, ): - ... + raise NotImplementedError async def update_access_rights( self, @@ -250,9 +250,13 @@ async def update_access_rights( write: bool, delete: bool, ): - ... + raise NotImplementedError async def delete_access_rights( - self, connection: AsyncConnection | None = None, *, user_id: int, tag_id: int + self, + connection: AsyncConnection | None = None, + *, + user_id: int, + tag_id: int, ): - ... + raise NotImplementedError diff --git a/packages/postgres-database/src/simcore_postgres_database/utils_tags_sql.py b/packages/postgres-database/src/simcore_postgres_database/utils_tags_sql.py index cabb5b52742..91da1ea6656 100644 --- a/packages/postgres-database/src/simcore_postgres_database/utils_tags_sql.py +++ b/packages/postgres-database/src/simcore_postgres_database/utils_tags_sql.py @@ -54,12 +54,22 @@ def get_tag_stmt( user_id: int, tag_id: int, ): - return sa.select(*_TAG_COLUMNS, *_ACCESS_RIGHTS_COLUMNS).select_from( - _join_user_to_given_tag( - access_condition=tags_access_rights.c.read.is_(True), - tag_id=tag_id, # makes it unique result or None - user_id=user_id, + return ( + sa.select( + *_TAG_COLUMNS, + # aggregation ensures MOST PERMISSIVE policy of access-rights + sa.func.bool_or(tags_access_rights.c.read).label("read"), + sa.func.bool_or(tags_access_rights.c.write).label("write"), + sa.func.bool_or(tags_access_rights.c.delete).label("delete") + ) + .select_from( + _join_user_to_given_tag( + access_condition=tags_access_rights.c.read.is_(True), + tag_id=tag_id, + user_id=user_id, + ) ) + .group_by(tags.c.id) ) @@ -67,7 +77,7 @@ def list_tags_stmt(*, user_id: int): return ( sa.select( *_TAG_COLUMNS, - # MOST permisive aggregation of access-rights + # aggregation ensures MOST PERMISSIVE policy of access-rights sa.func.bool_or(tags_access_rights.c.read).label("read"), sa.func.bool_or(tags_access_rights.c.write).label("write"), sa.func.bool_or(tags_access_rights.c.delete).label("delete") @@ -87,7 +97,7 @@ def create_tag_stmt(**values): return tags.insert().values(**values).returning(*_TAG_COLUMNS) -def count_users_with_given_access_rights_stmt( +def count_groups_with_given_access_rights_stmt( *, user_id: int, tag_id: int, @@ -96,7 +106,7 @@ def count_users_with_given_access_rights_stmt( delete: bool | None ): """ - How many users are given EXACTLY these access permissions + How many groups (from this user_id) are given EXACTLY these access permissions """ access = [] if read is not None: diff --git a/packages/postgres-database/tests/test_utils_tags.py b/packages/postgres-database/tests/test_utils_tags.py index a7b7009fdea..26f9a301f76 100644 --- a/packages/postgres-database/tests/test_utils_tags.py +++ b/packages/postgres-database/tests/test_utils_tags.py @@ -437,7 +437,7 @@ async def test_tags_repo_list_and_get( ) -async def test_tags_repo_uniquely_list_shared_tags( +async def test_tags_repo_uniquely_list_or_get_shared_tags( asyncpg_engine: AsyncEngine, connection: SAConnection, user: RowProxy, @@ -446,7 +446,7 @@ async def test_tags_repo_uniquely_list_shared_tags( conn = connection tags_repo = TagsRepo(asyncpg_engine) - # (setup): create a tag and share with group + # (1) create a tag which cannot be written expected_tag_id = await create_tag( conn, name="T1", @@ -457,6 +457,15 @@ async def test_tags_repo_uniquely_list_shared_tags( write=False, # <-- cannot write delete=True, ) + + got = await tags_repo.get(user_id=user.id, tag_id=expected_tag_id) + assert got + assert got["id"] == expected_tag_id + assert got["read"] is True + assert got["write"] is False # <-- + assert got["delete"] is True + + # (2) share with standard group await create_tag_access( conn, tag_id=expected_tag_id, @@ -466,18 +475,17 @@ async def test_tags_repo_uniquely_list_shared_tags( delete=False, ) - # (check) can read + # checks that the agregattion is the MOST permisive + # checks that user_id has now full access via its primary and its stadard group got = await tags_repo.get(user_id=user.id, tag_id=expected_tag_id) assert got - assert got["write"] is False + assert got["id"] == expected_tag_id + assert got["read"] is True + assert got["write"] is True # <-- + assert got["delete"] is True user_tags = await tags_repo.list_all(user_id=user.id) - assert len(user_tags) == 1 - # checks that the agregattion is the MOST permisive - assert user_tags[0]["id"] == expected_tag_id - assert user_tags[0]["read"] is True - assert user_tags[0]["write"] is True - assert user_tags[0]["delete"] is True + assert user_tags == [got] async def test_tags_repo_update( diff --git a/services/web/server/src/simcore_service_webserver/tags/_handlers.py b/services/web/server/src/simcore_service_webserver/tags/_handlers.py index 5ea57cb59c7..5492d5e468e 100644 --- a/services/web/server/src/simcore_service_webserver/tags/_handlers.py +++ b/services/web/server/src/simcore_service_webserver/tags/_handlers.py @@ -39,7 +39,7 @@ async def wrapper(request: web.Request) -> web.StreamResponse: raise web.HTTPNotFound(reason=f"{exc}") from exc except TagOperationNotAllowedError as exc: - raise web.HTTPUnauthorized(reason=f"{exc}") from exc + raise web.HTTPForbidden(reason=f"{exc}") from exc return wrapper @@ -110,6 +110,11 @@ async def delete_tag(request: web.Request): raise web.HTTPNoContent(content_type=MIMETYPE_APPLICATION_JSON) +# +# tags ACCESS RIGHTS is exposed as a sub-resource groups +# + + @routes.get(f"/{VTAG}/tags/{{tag_id}}/groups", name="list_tag_groups") @login_required @permission_required("tag.crud.*") @@ -123,11 +128,6 @@ async def list_tag_groups(request: web.Request): raise NotImplementedError -# -# tags ACCESS RIGHTS is exposed as a sub-resource groups -# - - @routes.post(f"/{VTAG}/tags/{{tag_id}}/groups/{{group_id}}", name="create_tag_group") @login_required @permission_required("tag.crud.*") From 943719c7a898424e67ba98edceb746ee9ee392e4 Mon Sep 17 00:00:00 2001 From: Pedro Crespo-Valero <32402063+pcrespov@users.noreply.github.com> Date: Wed, 2 Oct 2024 17:10:34 +0200 Subject: [PATCH 09/16] setup specs in tests --- .../simcore_service_webserver/tags/errors.py | 3 + .../simcore_service_webserver/tags/schemas.py | 2 + .../tests/unit/with_dbs/03/tags/test_tags.py | 73 ++++++++++++++++++- 3 files changed, 74 insertions(+), 4 deletions(-) create mode 100644 services/web/server/src/simcore_service_webserver/tags/errors.py diff --git a/services/web/server/src/simcore_service_webserver/tags/errors.py b/services/web/server/src/simcore_service_webserver/tags/errors.py new file mode 100644 index 00000000000..1f0c631748f --- /dev/null +++ b/services/web/server/src/simcore_service_webserver/tags/errors.py @@ -0,0 +1,3 @@ +# Not found +# Not enough access rights +# diff --git a/services/web/server/src/simcore_service_webserver/tags/schemas.py b/services/web/server/src/simcore_service_webserver/tags/schemas.py index 1c62cd25d89..722b3ef5099 100644 --- a/services/web/server/src/simcore_service_webserver/tags/schemas.py +++ b/services/web/server/src/simcore_service_webserver/tags/schemas.py @@ -25,12 +25,14 @@ class TagUpdate(InputSchema): name: str | None = None description: str | None = None color: ColorStr | None = None + order: int | None = None class TagCreate(InputSchema): name: str description: str | None = None color: ColorStr + order: int | None = None class TagAccessRights(OutputSchema): diff --git a/services/web/server/tests/unit/with_dbs/03/tags/test_tags.py b/services/web/server/tests/unit/with_dbs/03/tags/test_tags.py index cf441325a6f..42777f3e97a 100644 --- a/services/web/server/tests/unit/with_dbs/03/tags/test_tags.py +++ b/services/web/server/tests/unit/with_dbs/03/tags/test_tags.py @@ -26,7 +26,7 @@ from servicelib.aiohttp import status from simcore_postgres_database.models.tags import tags from simcore_service_webserver.db.models import UserRole -from simcore_service_webserver.db.plugin import get_aiopg_engine +from simcore_service_webserver.db.plugin import get_database_engine from simcore_service_webserver.projects.models import ProjectDict @@ -122,7 +122,7 @@ async def test_tags_to_studies( @pytest.fixture async def everybody_tag_id(client: TestClient) -> AsyncIterator[int]: assert client.app - engine = get_aiopg_engine(client.app) + engine = get_database_engine(client.app) assert engine async with engine.acquire() as conn: @@ -178,8 +178,10 @@ async def test_create_and_update_tags( assert user_role == UserRole.USER + # (1) create tag + url = client.app.router["create_tag"].url_for() resp = await client.post( - f"{client.app.router['create_tag'].url_for()}", + f"{url}", json={"name": "T", "color": "#f00"}, ) created, _ = await assert_status(resp, status.HTTP_200_OK) @@ -192,6 +194,7 @@ async def test_create_and_update_tags( "accessRights": {"read": True, "write": True, "delete": True}, } + # (2) update created tag url = client.app.router["update_tag"].url_for(tag_id=f"{created['id']}") resp = await client.patch( f"{url}", @@ -202,10 +205,72 @@ async def test_create_and_update_tags( created.update(description="This is my tag") assert updated == created + # (3) Cannot update tag because it has not enough access rights url = client.app.router["update_tag"].url_for(tag_id=f"{everybody_tag_id}") resp = await client.patch( f"{url}", json={"description": "I have NO WRITE ACCESS TO THIS TAG"}, ) - _, error = await assert_status(resp, status.HTTP_401_UNAUTHORIZED) + _, error = await assert_status(resp, status.HTTP_403_FORBIDDEN) assert error + + +async def test_create_tags_with_order_index( + client: TestClient, + logged_user: UserInfoDict, + user_role: UserRole, + _clean_tags_table: None, +): + assert client.app + + assert user_role == UserRole.USER + + # (1) create tags but set the order in reverse order of creation + url = client.app.router["create_tag"].url_for() + num_tags = 3 + expected_tags: list[Any] = [None] * num_tags + for creation_index, priority_index in enumerate(range(num_tags, 0, -1)): + resp = await client.post( + f"{url}", + json={ + "name": f"T{creation_index}-{priority_index}", + "description": f"{creation_index=}, {priority_index=}", + "color": "#f00", + "priority": priority_index, + }, + ) + created, _ = await assert_status(resp, status.HTTP_200_OK) + expected_tags[priority_index] = created + + url = client.app.router["list_tags"].url_for() + resp = await client.get(f"{url}") + got, _ = await assert_status(resp, status.HTTP_200_OK) + assert got == expected_tags + + # (2) lets update all priorities in reverse order + for new_order_index, tag in enumerate(reversed(expected_tags)): + url = client.app.router["update_tag"].url_for(tag_id=f"{tag['id']}") + resp = await client.patch( + f"{url}", + json={"priority": new_order_index}, + ) + updated, _ = await assert_status(resp, status.HTTP_200_OK) + # NOTE: priority is not included in TagGet for now + assert updated == tag + + url = client.app.router["list_tags"].url_for() + resp = await client.get(f"{url}") + got, _ = await assert_status(resp, status.HTTP_200_OK) + assert got == expected_tags[::-1] + + # (3) new tag without priority should get last (because is last created) + resp = await client.post( + f"{url}", + json={"name": "New", "description": "w/o priority"}, + ) + last_created, _ = await assert_status(resp, status.HTTP_200_OK) + + url = client.app.router["list_tags"].url_for() + resp = await client.get(f"{url}") + got, _ = await assert_status(resp, status.HTTP_200_OK) + assert got == [expected_tags[::-1], last_created] From d88dc5640b57d3f143a964f329d0d24feb3c1447 Mon Sep 17 00:00:00 2001 From: Pedro Crespo-Valero <32402063+pcrespov@users.noreply.github.com> Date: Wed, 2 Oct 2024 17:22:46 +0200 Subject: [PATCH 10/16] adds priority column --- .../simcore_postgres_database/models/tags.py | 31 ++++++++++++------- .../simcore_postgres_database/utils_tags.py | 7 +++-- .../utils_tags_sql.py | 1 + 3 files changed, 25 insertions(+), 14 deletions(-) diff --git a/packages/postgres-database/src/simcore_postgres_database/models/tags.py b/packages/postgres-database/src/simcore_postgres_database/models/tags.py index ce05e68f198..da7c788e02d 100644 --- a/packages/postgres-database/src/simcore_postgres_database/models/tags.py +++ b/packages/postgres-database/src/simcore_postgres_database/models/tags.py @@ -2,11 +2,11 @@ from .base import metadata -# -# tags: a way to mark any entity (e.g. a project, ...) -# this can be used to perform operations as filter, select, compare, etc -# tags = sa.Table( + # + # A way to mark any entity (e.g. a project, ...) + # this can be used to perform operations as filter, select, compare, etc + # "tags", metadata, sa.Column( @@ -14,23 +14,30 @@ sa.BigInteger(), nullable=False, primary_key=True, + doc="Unique identifier for each tag.", ), - sa.Column( - "name", - sa.String(), - nullable=False, - doc="display name", - ), + sa.Column("name", sa.String(), nullable=False, doc="The display name of the tag."), sa.Column( "description", sa.String(), nullable=True, - doc="description displayed", + doc="A brief description displayed for the tag.", ), sa.Column( "color", sa.String(), nullable=False, - doc="Hex color (see https://www.color-hex.com/)", + doc="Hexadecimal color code representing the tag (e.g., #FF5733).", + ), + sa.Column( + "priority", + sa.Integer(), + nullable=True, + doc=( + "Explicit ordering priority when displaying tags. " + "Tags with a lower value are displayed first. " + "If NULL, tags are considered to have the lowest priority and " + "are displayed after non-NULL values, ordered by their ID (reflecting creation order)." + ), ), ) diff --git a/packages/postgres-database/src/simcore_postgres_database/utils_tags.py b/packages/postgres-database/src/simcore_postgres_database/utils_tags.py index 5ba87ff5e82..7421f25de0f 100644 --- a/packages/postgres-database/src/simcore_postgres_database/utils_tags.py +++ b/packages/postgres-database/src/simcore_postgres_database/utils_tags.py @@ -88,14 +88,17 @@ async def create( read: bool = True, write: bool = True, delete: bool = True, + priority: int | None = None, ) -> TagDict: """Creates tag and defaults to full access rights to `user_id`""" - values = { + values: dict[str, str | int] = { "name": name, "color": color, } if description: values["description"] = description + if priority is not None: + values["priority"] = priority async with transaction_context(self.engine, connection) as conn: # insert new tag @@ -184,7 +187,7 @@ async def update( updates = { name: value for name, value in fields.items() - if name in {"name", "color", "description"} + if name in {"name", "color", "description", "priority"} } if not updates: diff --git a/packages/postgres-database/src/simcore_postgres_database/utils_tags_sql.py b/packages/postgres-database/src/simcore_postgres_database/utils_tags_sql.py index 91da1ea6656..bd727a0dcc3 100644 --- a/packages/postgres-database/src/simcore_postgres_database/utils_tags_sql.py +++ b/packages/postgres-database/src/simcore_postgres_database/utils_tags_sql.py @@ -89,6 +89,7 @@ def list_tags_stmt(*, user_id: int): ) ) .group_by(tags.c.id) # makes it tag.id uniqueness + .order_by(tags.c.priority.nulls_last()) .order_by(tags.c.id) ) From 276ad09a6524c46e0cb9c3f568e531c51d0a0a01 Mon Sep 17 00:00:00 2001 From: Pedro Crespo-Valero <32402063+pcrespov@users.noreply.github.com> Date: Wed, 2 Oct 2024 17:24:19 +0200 Subject: [PATCH 11/16] migration --- .../8a742f3efdd9_new_tags_priority_column.py | 27 +++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 packages/postgres-database/src/simcore_postgres_database/migration/versions/8a742f3efdd9_new_tags_priority_column.py diff --git a/packages/postgres-database/src/simcore_postgres_database/migration/versions/8a742f3efdd9_new_tags_priority_column.py b/packages/postgres-database/src/simcore_postgres_database/migration/versions/8a742f3efdd9_new_tags_priority_column.py new file mode 100644 index 00000000000..abede70a281 --- /dev/null +++ b/packages/postgres-database/src/simcore_postgres_database/migration/versions/8a742f3efdd9_new_tags_priority_column.py @@ -0,0 +1,27 @@ +"""new tags priority column + +Revision ID: 8a742f3efdd9 +Revises: 10729e07000d +Create Date: 2024-10-02 15:23:27.446241+00:00 + +""" +import sqlalchemy as sa +from alembic import op + +# revision identifiers, used by Alembic. +revision = "8a742f3efdd9" +down_revision = "10729e07000d" +branch_labels = None +depends_on = None + + +def upgrade(): + # ### commands auto generated by Alembic - please adjust! ### + op.add_column("tags", sa.Column("priority", sa.Integer(), nullable=True)) + # ### end Alembic commands ### + + +def downgrade(): + # ### commands auto generated by Alembic - please adjust! ### + op.drop_column("tags", "priority") + # ### end Alembic commands ### From 05907b594dbf1edd977c259e1709bd9629c81b24 Mon Sep 17 00:00:00 2001 From: Pedro Crespo-Valero <32402063+pcrespov@users.noreply.github.com> Date: Wed, 2 Oct 2024 17:25:01 +0200 Subject: [PATCH 12/16] renames --- .../web/server/src/simcore_service_webserver/tags/errors.py | 3 --- .../web/server/src/simcore_service_webserver/tags/schemas.py | 4 ++-- 2 files changed, 2 insertions(+), 5 deletions(-) delete mode 100644 services/web/server/src/simcore_service_webserver/tags/errors.py diff --git a/services/web/server/src/simcore_service_webserver/tags/errors.py b/services/web/server/src/simcore_service_webserver/tags/errors.py deleted file mode 100644 index 1f0c631748f..00000000000 --- a/services/web/server/src/simcore_service_webserver/tags/errors.py +++ /dev/null @@ -1,3 +0,0 @@ -# Not found -# Not enough access rights -# diff --git a/services/web/server/src/simcore_service_webserver/tags/schemas.py b/services/web/server/src/simcore_service_webserver/tags/schemas.py index 722b3ef5099..01663e0d337 100644 --- a/services/web/server/src/simcore_service_webserver/tags/schemas.py +++ b/services/web/server/src/simcore_service_webserver/tags/schemas.py @@ -25,14 +25,14 @@ class TagUpdate(InputSchema): name: str | None = None description: str | None = None color: ColorStr | None = None - order: int | None = None + priority: int | None = None class TagCreate(InputSchema): name: str description: str | None = None color: ColorStr - order: int | None = None + priority: int | None = None class TagAccessRights(OutputSchema): From 510ce1a75fb44451d1eaf60eca5d96fa5dbc78b0 Mon Sep 17 00:00:00 2001 From: Pedro Crespo-Valero <32402063+pcrespov@users.noreply.github.com> Date: Wed, 2 Oct 2024 17:25:24 +0200 Subject: [PATCH 13/16] =?UTF-8?q?services/webserver=20api=20version:=200.4?= =?UTF-8?q?3.0=20=E2=86=92=200.43.1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- services/web/server/VERSION | 2 +- services/web/server/setup.cfg | 2 +- .../server/src/simcore_service_webserver/api/v0/openapi.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/services/web/server/VERSION b/services/web/server/VERSION index 8298bb08b2d..f8287cf9564 100644 --- a/services/web/server/VERSION +++ b/services/web/server/VERSION @@ -1 +1 @@ -0.43.0 +0.43.1 diff --git a/services/web/server/setup.cfg b/services/web/server/setup.cfg index a2bfd28d955..4e3589a674b 100644 --- a/services/web/server/setup.cfg +++ b/services/web/server/setup.cfg @@ -1,5 +1,5 @@ [bumpversion] -current_version = 0.43.0 +current_version = 0.43.1 commit = True message = services/webserver api version: {current_version} → {new_version} tag = False diff --git a/services/web/server/src/simcore_service_webserver/api/v0/openapi.yaml b/services/web/server/src/simcore_service_webserver/api/v0/openapi.yaml index 90aeff0748b..6511fa48415 100644 --- a/services/web/server/src/simcore_service_webserver/api/v0/openapi.yaml +++ b/services/web/server/src/simcore_service_webserver/api/v0/openapi.yaml @@ -2,7 +2,7 @@ openapi: 3.0.2 info: title: simcore-service-webserver description: Main service with an interface (http-API & websockets) to the web front-end - version: 0.43.0 + version: 0.43.1 servers: - url: '' description: webserver From 5370e300e45cbae786737b58f071ffda10c51e81 Mon Sep 17 00:00:00 2001 From: Pedro Crespo-Valero <32402063+pcrespov@users.noreply.github.com> Date: Wed, 2 Oct 2024 17:26:06 +0200 Subject: [PATCH 14/16] updates OAS --- .../src/simcore_service_webserver/api/v0/openapi.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/services/web/server/src/simcore_service_webserver/api/v0/openapi.yaml b/services/web/server/src/simcore_service_webserver/api/v0/openapi.yaml index 6511fa48415..13aa1b47dad 100644 --- a/services/web/server/src/simcore_service_webserver/api/v0/openapi.yaml +++ b/services/web/server/src/simcore_service_webserver/api/v0/openapi.yaml @@ -11931,6 +11931,9 @@ components: title: Color pattern: ^#([A-Fa-f0-9]{6}|[A-Fa-f0-9]{3})$ type: string + priority: + title: Priority + type: integer TagGet: title: TagGet required: @@ -12020,6 +12023,9 @@ components: title: Color pattern: ^#([A-Fa-f0-9]{6}|[A-Fa-f0-9]{3})$ type: string + priority: + title: Priority + type: integer TaskCounts: title: TaskCounts type: object From 45a1543802f5d3951ff4d83c4a070eb74ea4f62d Mon Sep 17 00:00:00 2001 From: Pedro Crespo-Valero <32402063+pcrespov@users.noreply.github.com> Date: Wed, 2 Oct 2024 18:29:38 +0200 Subject: [PATCH 15/16] fixes test --- .../web/server/tests/unit/with_dbs/03/tags/test_tags.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/services/web/server/tests/unit/with_dbs/03/tags/test_tags.py b/services/web/server/tests/unit/with_dbs/03/tags/test_tags.py index 42777f3e97a..6306fde9bb8 100644 --- a/services/web/server/tests/unit/with_dbs/03/tags/test_tags.py +++ b/services/web/server/tests/unit/with_dbs/03/tags/test_tags.py @@ -229,7 +229,7 @@ async def test_create_tags_with_order_index( url = client.app.router["create_tag"].url_for() num_tags = 3 expected_tags: list[Any] = [None] * num_tags - for creation_index, priority_index in enumerate(range(num_tags, 0, -1)): + for creation_index, priority_index in enumerate(range(num_tags - 1, -1, -1)): resp = await client.post( f"{url}", json={ @@ -266,11 +266,11 @@ async def test_create_tags_with_order_index( # (3) new tag without priority should get last (because is last created) resp = await client.post( f"{url}", - json={"name": "New", "description": "w/o priority"}, + json={"name": "New", "color": "#f00", "description": "w/o priority"}, ) last_created, _ = await assert_status(resp, status.HTTP_200_OK) url = client.app.router["list_tags"].url_for() resp = await client.get(f"{url}") got, _ = await assert_status(resp, status.HTTP_200_OK) - assert got == [expected_tags[::-1], last_created] + assert got == [*expected_tags[::-1], last_created] From 98662e5a810dcc1e21509e9b7efd914174445926 Mon Sep 17 00:00:00 2001 From: Pedro Crespo-Valero <32402063+pcrespov@users.noreply.github.com> Date: Thu, 3 Oct 2024 15:19:58 +0200 Subject: [PATCH 16/16] minor --- services/web/server/tests/unit/with_dbs/03/tags/test_tags.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/services/web/server/tests/unit/with_dbs/03/tags/test_tags.py b/services/web/server/tests/unit/with_dbs/03/tags/test_tags.py index 6306fde9bb8..eff7bc5c532 100644 --- a/services/web/server/tests/unit/with_dbs/03/tags/test_tags.py +++ b/services/web/server/tests/unit/with_dbs/03/tags/test_tags.py @@ -89,6 +89,8 @@ async def test_tags_to_studies( ), exclude_unset=True, ) + user_project["folderId"] = None + data = await assert_get_same_project(client, user_project, status.HTTP_200_OK) # Delete tag0