def __init__(self, property_file_name):
self.props = IngestProps(property_file_name,
required_props=[
'nexus.token', 'neo4j.server',
'neo4j.username', 'neo4j.password',
'collections.input.file', 'uuid.api.url'
])
self.uuid_helper = UUIDHelper(ingest_props=self.props)
self.token = self.props.get('nexus.token')
self.neo4j_server = self.props.get('neo4j.server')
self.neo4j_user = self.props.get('neo4j.username')
self.neo4j_password = self.props.get('neo4j.password')
self.collections_tsv_path = self.props.get("collections.input.file")
self.auth_helper = AuthHelper.instance()
if string_helper.isBlank(
self.collections_tsv_path) or not os.path.isfile(
self.collections_tsv_path):
raise Exception("collections tsf file does not exist:" +
self.collections_tsv_path)
if not self.collections_tsv_path.endswith(".tsv"):
raise Exception("collections file must be of type .tsv : " +
self.collections_tsv_path)
self.collection_info = []
with open(self.collections_tsv_path, newline='') as tsvfile:
reader = csv.DictReader(tsvfile, delimiter='\t')
for row in reader:
info_row = {}
for key in row.keys():
info_row[key] = row[key]
self.collection_info.append(info_row)
self.graph = Graph(self.neo4j_server,
auth=(self.neo4j_user, self.neo4j_password))
def init_auth_helper(self):
if AuthHelper.isInitialized() == False:
auth_helper = AuthHelper.create(self.app_client_id,
self.app_client_secret)
else:
auth_helper = AuthHelper.instance()
return auth_helper
def get_provenance_data_object(self, token, groupUUID=None):
provenance_group = None
try:
if groupUUID != None:
provenance_group = self.get_group_by_identifier(groupUUID)
else:
#manually find the group id given the current user:
group_uuid = None
entity = Entity(self.provenance_config['APP_CLIENT_ID'],
self.provenance_config['APP_CLIENT_SECRET'],
self.provenance_config['UUID_WEBSERVICE_URL'])
group_list = entity.get_user_groups(token)
for grp in group_list:
if grp['generateuuid'] == True:
groupUUID = grp['uuid']
# if provenance_group is already set, this means the user belongs to more than one writable group
if provenance_group != None:
ValueError(
'Error: Current user is a member of multiple groups allowed to create new entities. The user must select which one to use'
)
provenance_group = self.get_group_by_identifier(
groupUUID)
#TODO: THIS IS HARDCODED!! WE NEED TO CHANGE THIS TO TRACK TEST GROUPS DIFFERENTLY
# for now if the group is the IEC Testing group, keep looking for a different group
# only use the IEC Testing group if no other writable group is found for the user
# NOTE: this code will simply return the first writable group it encounters
if groupUUID != '5bd084c8-edc2-11e8-802f-0e368f3075e8':
break
if groupUUID == None:
raise ValueError(
'Unauthorized: Current user is not a member of a group allowed to create new entities'
)
except ValueError as ve:
raise ve
ret_provenance_group = {
HubmapConst.PROVENANCE_GROUP_UUID_ATTRIBUTE:
groupUUID,
HubmapConst.PROVENANCE_GROUP_NAME_ATTRIBUTE:
provenance_group['displayname']
}
authcache = None
if AuthHelper.isInitialized() == False:
authcache = AuthHelper.create(
self.provenance_config['appclientid'],
self.provenance_config['appclientsecret'])
else:
authcache = AuthHelper.instance()
userinfo = authcache.getUserInfo(token, True)
ret_provenance_group[
HubmapConst.PROVENANCE_SUB_ATTRIBUTE] = userinfo['sub']
ret_provenance_group[
HubmapConst.PROVENANCE_USER_EMAIL_ATTRIBUTE] = userinfo['email']
ret_provenance_group[
HubmapConst.
PROVENANCE_USER_DISPLAYNAME_ATTRIBUTE] = userinfo['name']
return ret_provenance_group
def get_group_by_identifier(self, identifier):
if len(identifier) == 0:
raise ValueError("identifier cannot be blank")
authcache = None
if AuthHelper.isInitialized() == False:
authcache = AuthHelper.create(
self.md_config['APP_CLIENT_ID'], self.md_config['APP_CLIENT_SECRET'])
else:
authcache = AuthHelper.instance()
groupinfo = authcache.getHuBMAPGroupInfo()
# search through the keys for the identifier, return the value
for k in groupinfo.keys():
if str(k).lower() == str(identifier).lower():
group = groupinfo.get(k)
return group
else:
group = groupinfo.get(k)
if str(group['uuid']).lower() == str(identifier).lower():
return group
raise ValueError("cannot find a Hubmap group matching: [" + identifier + "]")
def init_app(self, flask_app):
client_id = get_config_param('APP_CLIENT_ID')
client_secret = get_config_param('APP_CLIENT_SECRET')
self.flask_app = flask_app
self.login_manager.init_app(self.flask_app)
self.globus_oauth = globus_sdk.ConfidentialAppAuthClient(
get_config_param('APP_CLIENT_ID'),
get_config_param('APP_CLIENT_SECRET'))
self.login_manager.user_loader(self.load_user)
self.flask_app.add_url_rule('/login', 'login', self.login)
if not AuthHelper.isInitialized():
self.authHelper = AuthHelper.create(clientId=client_id,
clientSecret=client_secret)
else:
self.authHelper = AuthHelper.instance()
def get_writeable_flag(self, token, writeable_uuid_list, current_record):
authcache = None
if AuthHelper.isInitialized() == False:
authcache = AuthHelper.create(self.confdata['APP_CLIENT_ID'],
self.confdata['APP_CLIENT_SECRET'])
else:
authcache = AuthHelper.instance()
userinfo = None
userinfo = authcache.getUserInfo(token, True)
role_list = AuthCache.getHMRoles()
data_curator_uuid = role_list['hubmap-data-curator']['uuid']
is_data_curator = False
for role_uuid in userinfo['hmroleids']:
if role_uuid == data_curator_uuid:
is_data_curator = True
break
# the data curator role overrules the group level write rules
if is_data_curator == True:
if current_record['metadata_properties']['status'] in [
HubmapConst.DATASET_STATUS_QA
]:
return True
else:
return False
# perform two checks:
# 1. make sure the user has write access to the record's group
# 2. make sure the record has a status that is writable
if current_record['metadata_properties'][
'provenance_group_uuid'] in writeable_uuid_list:
if current_record['metadata_properties']['status'] in [
HubmapConst.DATASET_STATUS_NEW,
HubmapConst.DATASET_STATUS_ERROR,
HubmapConst.DATASET_STATUS_REOPENED
]:
return True
return False
app = Flask(__name__, instance_path=os.path.join(os.path.abspath(os.path.dirname(__file__)), 'instance'), instance_relative_config=True)
app.config.from_pyfile('app.cfg')
# Enable/disable CORS from configuration based on docker or non-docker deployment
if app.config['ENABLE_CORS']:
CORS(app)
token_list = {}
# Initialize the AuthHelper
# This is used by the @secured decorator
if AuthHelper.isInitialized() == False:
authcache = AuthHelper.create(
app.config['APP_CLIENT_ID'], app.config['APP_CLIENT_SECRET'])
else:
authcache = AuthHelper.instance()
@app.before_first_request
def init():
global logger
try:
logger = logging.getLogger('ontology.service')
logger.setLevel(logging.INFO)
logFH = logging.FileHandler(LOG_FILE_NAME)
logger.addHandler(logFH)
logger.info("started")
except Exception as e:
print("Error opening log file during startup")
print(str(e))
# Suppress InsecureRequestWarning warning when requesting status on https with ssl cert verify disabled
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
####################################################################################################
## AuthHelper initialization
####################################################################################################
# Initialize AuthHelper class and ensure singleton
try:
if AuthHelper.isInitialized() == False:
auth_helper_instance = AuthHelper.create(
app.config['GLOBUS_APP_ID'], app.config['GLOBUS_APP_SECRET'])
logger.info("Initialized AuthHelper class successfully :)")
else:
auth_helper_instance = AuthHelper.instance()
except Exception:
msg = "Failed to initialize the AuthHelper class"
# Log the full stack trace, prepend a line with our message
logger.exception(msg)
####################################################################################################
## Default route
####################################################################################################
@app.route('/', methods=['GET'])
def home():
return "This is HuBMAP Web Gateway :)"
if __name__ == "__main__":
NEO4J_SERVER = ''
NEO4J_USERNAME = ''
NEO4J_PASSWORD = ''
APP_CLIENT_ID = ''
APP_CLIENT_SECRET = ''
UUID_WEBSERVICE_URL = ''
HUBMAP_WEBSERVICE_FILEPATH = ''
if AuthHelper.isInitialized() == False:
authcache = AuthHelper.create(
APP_CLIENT_ID, APP_CLIENT_SECRET)
else:
authcache = AuthHelper.instance()
processed_secret = AuthHelper.instance().getProcessSecret()
conf_data = {'NEO4J_SERVER' : NEO4J_SERVER, 'NEO4J_USERNAME': NEO4J_USERNAME,
'NEO4J_PASSWORD': NEO4J_PASSWORD,
'APP_CLIENT_ID': APP_CLIENT_ID,
'APP_CLIENT_SECRET': processed_secret,
'UUID_WEBSERVICE_URL': UUID_WEBSERVICE_URL,
'HUBMAP_WEBSERVICE_FILEPATH': HUBMAP_WEBSERVICE_FILEPATH}
nexus_token = ''
initialize_all_entity_access_levels(conf_data)
initialize_all_dataset_access_levels(conf_data, nexus_token)