Beispiel #1
0
    def get_by_id_untrusted(session,
                            user_id,
                            project_string_id,
                            file_id,
                            directory_id=None):
        """

        Even if we trust the directory (ie from project default),
        still have to check the file is in it!

        TODO make user_id and proejct_string_id optional (ie if directory is supplied?)

        This needs work but is used in a ton of places so review carefully!
        Plus want to keep as "one function" so we don't have a bunch of random checks

        """
        from shared.database.project import Project
        from shared.database.source_control.working_dir import WorkingDirFileLink

        if not directory_id:
            project = Project.get(session, project_string_id)
            # start_time = time.time()
            working_dir = project.directory_default
            directory_id = working_dir.id

        working_dir_sub_query = session.query(WorkingDirFileLink).filter(
            WorkingDirFileLink.working_dir_id == directory_id).subquery('working_dir_sub_query')

        file = session.query(File).filter(
            File.id == working_dir_sub_query.c.file_id,
            File.id == file_id).first()

        # end_time = time.time()
        # print("File access time", end_time - start_time)
        return file
Beispiel #2
0
def register_user(user_data, session):
    """

    :param user_data:
        Example
        user_data={
            'username': '******',
            'email': '*****@*****.**',
            'password': '******',
            'project_string_id': 'myproject'

        }
    :return:
    """
    # User registration
    password_hash = hashing_functions.make_password_hash(
        user_data['email'],
        user_data['password'])

    # TODO could insert logic here to attach a user to a project based on say the sigup code
    # ie signup_code.something?

    username = user_data['username']
    user_email = user_data['email']

    new_user = User(
        email = user_email,
        password_hash = password_hash,
        username = username,
        api_enabled_builder = True,
        api_enabled_trainer = True,
        security_email_verified = True,
        last_builder_or_trainer_mode = 'builder',
        permissions_general = {'general': ['normal_user']}

    )

    new_user.permissions_projects = {}  # I don't like having this here but alternative of committing object seems worse
    session.add(new_user)

    if 'project_string_id' in user_data:
        new_user.current_project_string_id = user_data['project_string_id']
        project = Project.get(session, user_data['project_string_id'])
        if project is not None:
            new_user.projects.append(project)
            new_user_working_dir = WorkingDir.new_user_working_dir(
                session,
                None,
                project,
                new_user
            )

            permission_result, permission_error = Project_permissions.add(user_data['project_string_id'],
                                                                          new_user,
                                                                          user_data['project_string_id'])
    return new_user
Beispiel #3
0
def has_project_permissions_for_export(export, project_string_id, session):
    log = regular_log.default()
    project = Project.get(session, project_string_id)
    # Theory is that if a user has access to project
    # They have access to download from project
    if export.project_id == project.id:
        log['error'][
            'project_permissions'] = 'Permission error, invalid project export match'

    return log
def generate_mask_by_project_id(project_string_id):
    # TODO use a thread, this is a long running process

    semantic_segmentation_data_prep = Semantic_segmentation_data_prep()

    with sessionMaker.session_scope() as session:
        project = Project.get(session, project_string_id)
        type = "joint"
        # type = "binary"
        semantic_segmentation_data_prep.generate_mask_core(
            session, project, type)

    return "ok", 200, {'ContentType': 'application/json'}
Beispiel #5
0
    def by_project_core(project_string_id: str,
                        Roles: list,
                        apis_project_list: list = [],
                        apis_user_list: list = []):

        with sessionMaker.session_scope() as session:
            if not project_string_id or project_string_id == "null" or project_string_id == "undefined":
                raise Forbidden(default_denied_message)

            if request.authorization is not None:

                result = API_Permissions.by_project(
                    session=session,
                    project_string_id=project_string_id,
                    Roles=Roles)
                if result is not True:
                    raise Forbidden(default_denied_message +
                                    " API Permissions")

                # At the moment auth doesn't actually
                # get project as it has all results stored...
                # not clear that we would need a None check here
                # given its checked in auth?

                project = Project.get(session, project_string_id)
                if project is None:
                    raise Forbidden(default_denied_message +
                                    " Can't find project")

                # Project APIs, maybe should role this into API_Permissions
                check_all_apis(project=project,
                               apis_required_list=apis_project_list)

                return True

            result = Project_permissions.check_permissions(
                session=session,
                apis_project_list=apis_project_list,
                apis_user_list=apis_user_list,
                project_string_id=project_string_id,
                Roles=Roles)

            if result is True:
                return True
            else:
                raise Forbidden(default_denied_message)
Beispiel #6
0
def web_build_name_to_file_id_dict(project_string_id):
    """
	Given we know a label_name, and where we are working,
	return the label_file_id

	Arguments:
		project_string_id, integer
		working_dir_id, integer

	Returns:
		dict of label files
		or None / failure case

	"""
    log = {"success": False, "errors": []}

    directory_id = request.headers.get('directory_id', None)
    if directory_id is None:
        log["errors"].append("'directory_id' not supplied")
        return jsonify(log), 200

    with sessionMaker.session_scope() as session:

        project = Project.get(session, project_string_id)
        verify_result = WorkingDir.verify_directory_in_project(
            session, project, directory_id)
        if verify_result is False:
            log["errors"].append("Invalid directory id")
            log["success"] = False
            return jsonify(log=log), 200

        name_to_file_id, result = build_name_to_file_id_dict(
            session=session, directory_id=directory_id)
        if result == True:
            log["success"] = True

    return jsonify(log=log, name_to_file_id=name_to_file_id), 200
Beispiel #7
0
    def check_permissions(Roles,
                          project_string_id,
                          session,
                          apis_project_list=None,
                          apis_user_list=None):
        """
		TODO this could use better organization
		ie project_string_id is None check could be here, but
		we seem to do it an extra time on line 123

		"""
        if project_string_id is None:
            # TODO merge None checks from other thing up top here.
            raise Forbidden("project_string_id is None")

        if 'allow_anonymous' in Roles:
            return True

        project = Project.get(session, project_string_id)
        if project is None:
            raise Forbidden(default_denied_message)

        # Careful here! Just becuase a project is public
        # Doesn't mean public is allowed acccess to all
        # routes. ie only admins can delete project

        # if a project is public we don't need to check a user's apis right?
        if 'allow_if_project_is_public' in Roles:
            if project:
                if project.is_public is True:
                    return True

        # TODO merge LoggedIn() with getUserID() similar internal logic
        if LoggedIn() != True:
            raise Forbidden(default_denied_message)

        if 'allow_any_logged_in_user' in Roles:  # TODO not happy with this name, want more clarity on how this effects other permissions like apis / project etc.
            return True

        user = session.query(User).filter(User.id == getUserID()).one()

        if user.is_super_admin == True:
            return True

        if apis_project_list:
            check_all_apis(project=project,
                           apis_required_list=apis_project_list)

        if apis_user_list:
            User_Permissions.general(user=user, apis_user_list=apis_user_list)

        # This could be slow if a user has a lot of projects?
        for project, Permissions in user.permissions_projects.items():

            if Permissions is None:
                continue

            if project_string_id == project:
                check_role_result = check_roles(Roles, Permissions)
                if check_role_result is True:
                    return True

        # Default
        # Good to have this here so we can call
        # this function as one line and don't ahve to worry
        # About returning False (must have returned True eariler)
        raise Forbidden(default_denied_message)
Beispiel #8
0
def filter_by_project(session, project_string_id, query):

    project = Project.get(session=session, project_string_id=project_string_id)

    query = query.filter(Job.project == project)
    return query
Beispiel #9
0
def update_tags(project_string_id):
    """
	Update tags to latest

	"""
    have_error = False
    error_message_list = []

    with sessionMaker.session_scope() as session:

        data = request.get_json(force=True)

        tag_list = data.get('tag_list', None)

        # tag_list could be none, ie deleted all tags...

        #if tag_list is None:
        #error_message_list.append("tag list is None")
        #return jsonify(error_message_list), 400, {'ContentType' : 'application/json'}

        project = Project.get(session, project_string_id)

        print(tag_list)

        rebuilt_tag_list = []

        for tag in tag_list:
            if valid_tag(tag):

                name = tag.lower()

                #Check if tag with same name already exists
                #If so can just add that database object to
                tag_db = session.query(Tag).filter(Tag.name == name).first()

                if not tag_db:

                    tag_db = Tag()
                    tag_db.name = name

                    tag_db.is_public = project.is_public

                    session.add(tag_db)

                if tag_db:
                    session.add(tag_db)

                # TODO handle counts properly ie on tag being removed etc.
                #tag_db.count += 1

                rebuilt_tag_list.append(tag_db)

        session.add(project)

        # This handles removing link to tag that's no longer in project

        project.tag_list = rebuilt_tag_list

    return json.dumps({'success': True}), 200, {
        'ContentType': 'application/json'
    }