def create_user_db(self):
# Create database just for users if does not exist
my_client = mongoDBInterface.get_db_client()
if not my_client.list_database_names().__contains__("Users"):
mongoDBInterface.get_db_client()["Users"].create_collection(
"users")
mongoDBInterface.get_col("Users", "users")
mongoDBInterface.get_col("Users", "users").insert_one(self.__dict__)
def get_user_infos_for_project(project_name):
id_token = request.args.get('id_token')
if id_token is None or id_token == "":
response = {
'message': "ID Token is not included with the request uri in args"
}
response = make_response(response)
return response, 400
requestor_email = get_email(id_token)
if requestor_email is None:
response = {'message': "ID Token has expired or is invalid"}
response = make_response(response)
return response, 400
users_col = get_col(project_name, "users")
if users_col.find_one({'email': requestor_email}) is None:
response = {
'message':
"Not allowed to perform this action unless you are part of the project"
}
response = make_response(response)
return response, 403
all_users = users_col.find({})
all_users_dict = {"users": list(all_users)}
all_users_json = JSONEncoder().encode(all_users_dict)
return all_users_json, 200
def remove_user_from_project(project_name):
id_token = request.args.get('id_token')
if id_token is None or id_token == "":
response = {
'message': "ID Token is not included with the request uri in args"
}
response = make_response(response)
return response, 400
requestor_email = get_email(id_token)
if requestor_email is None:
response = {'message': "ID Token has expired or is invalid"}
response = make_response(response)
return response, 400
if 'user' in request.json:
email = request.json['user']
else:
response = {'message': "Missing user"}
response = make_response(response)
return response, 400
users_col = get_col(project_name, "users")
requestor = users_col.find_one({'email': requestor_email})
print(requestor_email)
if requestor_email == email or requestor[
'isAdmin']: # if you want to delete yourself, or are an admin, can delete others
users_col.delete_one({'email': email})
remove_project_from_user(email, project_name)
return "", 204
def create_user():
# creates a new user based on the ID token that gets sent over
id_token = request.args.get('id_token')
if id_token is None or id_token == "":
response = {
'message': "ID Token is not included with the request uri in args"
}
response = make_response(response)
return response, 400
requestor_email = get_email(id_token)
if requestor_email is None:
response = {'message': "ID Token has expired or is invalid"}
response = make_response(response)
return response, 400
all_users = get_col("users", "users")
if all_users.find_one({'email': requestor_email}) is not None:
response = {'message': "User already exists"}
response = make_response(response)
return response, 400
all_users.insert_one({
'email': requestor_email,
'projects': []
}) # projects should just include the project IDs which the user
# is part of! When a new user is created it should be empty
return "", 204
def get_projects():
id_token = request.args.get('id_token')
if id_token is None or id_token == "":
response = {
'message': "ID Token is not included with the request uri in args"
}
response = make_response(response)
return response, 400
requestor_email = get_email(id_token)
if requestor_email is None:
response = {'message': "ID Token has expired or is invalid"}
response = make_response(response)
return response, 400
all_users_col = get_col("users", "users")
requestor = all_users_col.find_one({"email": requestor_email})
if requestor is None:
response = {'message': "Not authorised to perform this action"}
response = make_response(response)
return response, 401
my_client = get_db_client()
names = my_client.list_database_names()
names.remove("admin")
names.remove("local")
names.remove("users")
response = {'projects': names}
response = make_response(response)
return response, 200
def get_document(project_name, document_id):
id_token = request.args.get('id_token')
if id_token is None or id_token == "":
response = {
'message': "ID Token is not included with the request uri in args"
}
response = make_response(response)
return response, 400
requestor_email = get_email(id_token)
if requestor_email is None:
response = {'message': "ID Token has expired or is invalid"}
response = make_response(response)
return response, 400
users_col = get_col(project_name, "users")
requestor = users_col.find_one({'email': requestor_email})
if requestor is None:
response = {'message': "You are not authorised to perform this action"}
response = make_response(response)
return response, 403
col = get_db_collection(project_name, "documents")
doc = col.find_one({'_id': ObjectId(document_id)}, {'_id': 0})
doc = {'document': doc}
doc = JSONEncoder().encode(doc)
return doc, 200
def get_preset_labels(project_name):
id_token = request.args.get('id_token')
if id_token is None or id_token == "":
response = {
'message': "ID Token is not included with the request uri in args"
}
response = make_response(response)
return response, 400
requestor_email = get_email(id_token)
if requestor_email is None:
response = {'message': "ID Token has expired or is invalid"}
response = make_response(response)
return response, 400
user_col = get_db_collection(project_name, "users")
requestor = user_col.find_one({'email': requestor_email})
if requestor is None:
response = {'message': "You are not authorised to perform this action"}
response = make_response(response)
return response, 403
labels_col = get_col(project_name, "labels")
labels = labels_col.find({})
labels_list = list(labels)
labels_dict = {'labels': labels_list}
labels_out = JSONEncoder().encode(labels_dict)
return labels_out, 200
def update_user(project_name):
# inputs: id_token of requestor, project name, email of user to be changed, and changes to be applied
id_token = request.args.get('id_token')
if id_token is None or id_token == "":
response = {
'message': "ID Token is not included with the request uri in args"
}
response = make_response(response)
return response, 400
requestor_email = get_email(id_token)
if requestor_email is None:
response = {'message': "ID Token has expired or is invalid"}
response = make_response(response)
return response, 400
if 'user' in request.json:
email = request.json['user']
else:
response = {'message': "Missing user"}
response = make_response(response)
return response, 400
if 'permissions' in request.json:
permissions = request.json['permissions']
else:
response = {'message': "Missing permissions"}
response = make_response(response)
return response, 400
project_user_col = get_col(project_name, "users")
if project_user_col.find_one({
'email': requestor_email
}) is None: # if requestor is not in project, return unauthorised
response = {'message': "Not authorised to perform this action"}
response = make_response(response)
return response, 401
if not project_user_col.find_one({
'email': requestor_email
})['isAdmin']: # if the requestor is not an admin, return forbidden
response = {'message': "Forbidden to perform this action"}
response = make_response(response)
return response, 403
if project_user_col.find_one({
'email': email
}) is None: # if cannot find an existing user for that email
response = {
'message':
"That user does not exist in the project, add them to the project first"
}
response = make_response(response)
return response, 400
project_user_col.update_one({'email': email}, {'$set': permissions})
return "", 204
def add_document(self, document):
self.documents.append(document)
# link with DB and push there when appending something
col = mongoDBInterface.get_col(self.name, "documents")
for d in self.documents:
if not col.find_one(d.__dict__):
col.insert_one(d.__dict__)
def remove_user():
id_token = request.args.get('id_token')
if id_token is None or id_token == "":
response = {
'message': "ID Token is not included with the request uri in args"
}
response = make_response(response)
return response, 400
requestor_email = get_email(id_token)
if requestor_email is None:
response = {'message': "ID Token has expired or is invalid"}
response = make_response(response)
return response, 400
get_col("users", "users").delete_one({"email": requestor_email})
return "", 204
def delete_preset_labels(project_name, label_id):
id_token = request.args.get('id_token')
if id_token is None or id_token == "":
response = {
'message': "ID Token is not included with the request uri in args"
}
response = make_response(response)
return response, 400
requestor_email = get_email(id_token)
if requestor_email is None:
response = {'message': "ID Token has expired or is invalid"}
response = make_response(response)
return response, 400
user_col = get_db_collection(project_name, "users")
requestor = user_col.find_one({'email': requestor_email, 'isAdmin': True})
if requestor is None:
response = {'message': "You are not authorised to perform this action"}
response = make_response(response)
return response, 403
labels_col = get_col(project_name, "labels")
labels_col.delete_one({"_id": ObjectId(label_id)})
# Go into each document, and delete all mentions of that label from each document
document_col = get_col(project_name, "documents")
document_col.update(
{"user_and_labels": {
"$elemMatch": {
"label": ObjectId(label_id)
}
}}, {"$pull": {
"user_and_labels": {
'label': ObjectId(label_id)
}
}})
return "", 204
def preset_labels():
# make sure project id is passed
if 'project_name' in request.json:
project_name = str(request.json['project_name'])
labels_col = get_col(project_name, "labels")
labels_cursor = labels_col.find({})
labels = list(labels_cursor)
for l in labels:
l['_id'] = str(l['_id'])
if request.method == 'GET':
response = {"labels": labels}
response = make_response(response)
return response, 200
# identify if passed label is already in the preset list
if 'label' in request.json:
label = request.json['label']
if labels_col.find_one({"name": label}) is not None:
label_present = True
else:
label_present = False
if request.method == 'POST':
if label_present:
response = {'message': "Label already set"}
response = make_response(response)
return response, 400
else:
labels_col.insert_one({"name": label})
response = {'message': "Added label successfully"}
response = make_response(response)
return response, 200
if request.method == 'DELETE':
if label_present:
labels_col.delete_one({"name": label})
response = {'message': "Label deleted successfully"}
response = make_response(response)
return response, 200
else:
response = {'message': "Label was not set"}
response = make_response(response)
return response, 400
else:
response = {'message': 'No label value provided'}
response = make_response(response)
return response, 400
else:
response = {'message': 'No project id provided'}
response = make_response(response)
return response, 400
def create_project():
id_token = request.args.get('id_token')
if id_token is None or id_token == "":
response = {
'message': "ID Token is not included with the request uri in args"
}
response = make_response(response)
return response, 400
requestor_email = get_email(id_token)
if requestor_email is None:
response = {'message': "ID Token has expired or is invalid"}
response = make_response(response)
return response, 400
if 'project_name' in request.json:
project = request.json['project_name']
else:
response = {'message': "Missing project name"}
response = make_response(response)
return response, 400
my_client = get_db_client()
if re.match(r'^\w+$', project):
response = {
'message': "Project name can only be Alphanumerics and underscores"
}
response = make_response(response)
return response, 400
if project not in my_client.list_database_names():
create_db_for_proj(project)
project_user_col = get_col(project, "users")
project_user_col.insert_one({
'email': requestor_email,
'isAdmin': True,
'isContributor': True
})
add_project_to_user(requestor_email, project)
else:
response = {'message': "Project already exists"}
response = make_response(response)
return response, 400
return "", 204
def delete_project(project_name):
id_token = request.args.get('id_token')
if id_token is None or id_token == "":
response = {
'message': "ID Token is not included with the request uri in args"
}
response = make_response(response)
return response, 400
requestor_email = get_email(id_token)
if requestor_email is None:
response = {'message': "ID Token has expired or is invalid"}
response = make_response(response)
return response, 400
if project_name == "local" or project_name == "users" or project_name == "admin":
response = {
'message':
"Cannot delete that project because it is not a user created project"
}
response = make_response(response)
return response, 400
user_col = get_col(project_name, "users")
requestor = user_col.find_one({'email': requestor_email, 'isAdmin': True})
if requestor is None:
response = {'message': "Not authorised for that operation"}
response = make_response(response)
return response, 403
my_client = get_db_client()
names = my_client.list_database_names()
if project_name in names:
all_users = user_col.find({})
for user in all_users:
user_email = user['email']
remove_project_from_user(user_email, project_name)
my_client.drop_database(project_name)
else:
response = {'message': "Project does not exist"}
response = make_response(response)
return response, 400
return "", 204
def add_preset_labels(project_name):
id_token = request.args.get('id_token')
if id_token is None or id_token == "":
response = {
'message': "ID Token is not included with the request uri in args"
}
response = make_response(response)
return response, 400
requestor_email = get_email(id_token)
if requestor_email is None:
response = {'message': "ID Token has expired or is invalid"}
response = make_response(response)
return response, 400
user_col = get_db_collection(project_name, "users")
requestor = user_col.find_one({'email': requestor_email, 'isAdmin': True})
if requestor is None:
response = {'message': "You are not authorised to perform this action"}
response = make_response(response)
return response, 403
if 'label_name' in request.json:
label_name = request.json['label_name']
else:
response = {'message': "Missing label to add"}
response = make_response(response)
return response, 400
labels_col = get_col(project_name, "labels")
label_in_database = labels_col.find_one({"name": label_name})
if label_in_database is not None:
response = {'message': "That label already exists"}
response = make_response(response)
return response, 400
labels_col.insert_one({"name": label_name})
return "", 204
def get_user_info():
id_token = request.args.get('id_token')
if id_token is None or id_token == "":
response = {
'message': "ID Token is not included with the request uri in args"
}
response = make_response(response)
return response, 400
requestor_email = get_email(id_token)
if requestor_email is None:
response = {'message': "ID Token has expired or is invalid"}
response = make_response(response)
return response, 400
users_col = get_col("users", "users")
user_dict = users_col.find_one({"email": requestor_email})
user_json = JSONEncoder().encode(user_dict)
return user_json, 200
def get_user_emails():
id_token = request.args.get('id_token')
if id_token is None or id_token == "":
response = {
'message': "ID Token is not included with the request uri in args"
}
response = make_response(response)
return response, 400
requestor_email = get_email(id_token)
if requestor_email is None:
response = {'message': "ID Token has expired or is invalid"}
response = make_response(response)
return response, 400
users_col = get_col("users", "users")
all_users = users_col.find({}, {'email': 1})
all_users_dict = {"users": list(all_users)}
all_users_json = JSONEncoder().encode(all_users_dict)
return all_users_json, 200
def create_document(project_name):
id_token = request.args.get('id_token')
if id_token is None or id_token == "":
response = {
'message': "ID Token is not included with the request uri in args"
}
response = make_response(response)
return response, 400
requestor_email = get_email(id_token)
if requestor_email is None:
response = {'message': "ID Token has expired or is invalid"}
response = make_response(response)
return response, 400
users_col = get_col(project_name, "users")
requestor = users_col.find_one({
'email': requestor_email,
'isContributor': True
})
if requestor is None:
response = {'message': "You are not authorised to perform this action"}
response = make_response(response)
return response, 403
if 'content' in request.json:
content = request.json['content']
else:
response = {'message': "Missing content"}
response = make_response(response)
return response, 400
doc = Document(content, [], [])
doc.data = content
doc.upload(project_name)
return '', 204
def get_document_ids(project_name):
id_token = request.args.get('id_token')
try:
page = int(request.args.get('page'))
page_size = int(request.args.get('page_size'))
except (ValueError, TypeError):
response = {'message': "page and page_size must be integers"}
response = make_response(response)
return response, 400
if id_token is None or id_token == "":
response = {
'message': "ID Token is not included with the request uri in args"
}
response = make_response(response)
return response, 400
requestor_email = get_email(id_token)
if requestor_email is None:
response = {'message': "ID Token has expired or is invalid"}
response = make_response(response)
return response, 400
users_col = get_col(project_name, "users")
requestor = users_col.find_one({'email': requestor_email})
if requestor is None:
response = {'message': "You are not authorised to perform this action"}
response = make_response(response)
return response, 403
col = get_db_collection(project_name, "documents")
docs = col.find({}, {'_id': 1}).skip(page * page_size).limit(page_size)
docs_dict = {'docs': list(docs)}
docs = JSONEncoder().encode(docs_dict)
return docs, 200
def update_preset_labels(project_name, label_id):
id_token = request.args.get('id_token')
if id_token is None or id_token == "":
response = {
'message': "ID Token is not included with the request uri in args"
}
response = make_response(response)
return response, 400
requestor_email = get_email(id_token)
if requestor_email is None:
response = {'message': "ID Token has expired or is invalid"}
response = make_response(response)
return response, 400
user_col = get_db_collection(project_name, "users")
requestor = user_col.find_one({'email': requestor_email, 'isAdmin': True})
if requestor is None:
response = {'message': "You are not authorised to perform this action"}
response = make_response(response)
return response, 403
if 'label_name' in request.json:
label_name = request.json['label_name']
else:
response = {'message': "Missing label to add"}
response = make_response(response)
return response, 400
labels_col = get_col(project_name, "labels")
labels_col.update_one({"_id": ObjectId(label_id)},
{'$set': {
'name': label_name
}})
return "", 204
def remove_project_from_user(user_email, project_name):
user_col = get_col("users", "users")
user_col.update_one({"email": user_email}, {"$pull": {"projects": project_name}})
def add_project_to_user(user_email, project_name):
user_col = get_col("users", "users")
user_col.update_one({"email": user_email}, {"$push": {"projects": project_name}})
def get_db_collection(proj, col):
col = mongoDBInterface.get_col(proj, col)
return col
def upload_file():
id_token = request.args.get('id_token')
if id_token is None or id_token == "":
response = {
'message': "ID Token is not included with the request uri in args"
}
response = make_response(response)
return response, 400
requestor_email = get_email(id_token)
if requestor_email is None:
response = {'message': "ID Token has expired or is invalid"}
response = make_response(response)
return response, 400
if request.method == 'POST':
if 'projectName' in request.form:
project_name = str(request.form['projectName'])
else:
response = {'message': 'No project id provided'}
response = make_response(response)
return response, 400
users_col = get_col(project_name, "users")
requestor = users_col.find_one({
'email': requestor_email,
'isContributor': True
})
if requestor is None:
response = {
'message': "You are not authorised to perform this action"
}
response = make_response(response)
return response, 403
if 'inputFile' not in request.files:
response = {'message': 'No file selected'}
response = make_response(response)
return response, 400
file = request.files['inputFile']
if file.filename == '':
response = {'message': 'No file selected'}
response = make_response(response)
return response, 400
if file:
filename = secure_filename(file.filename)
filelocation = os.path.join(uploads_dir, filename)
file.save(filelocation)
with open(filelocation) as csv_file:
csv_reader = csv.reader(csv_file, delimiter=",")
is_first_line = True
for row in csv_reader:
if is_first_line:
is_first_line = False
else:
document = Document(row[1], [], [])
# Find project database and populate document collection
project = Project(project_name, [], [])
project.add_document(document)
# Delete file when done
os.remove(filelocation)
response = {'message': 'Documents imported successfully'}
response = make_response(response)
return response, 200
def set_labels(self, preset_labels):
self.preset_labels = preset_labels
# link with DB and push there new list of labels
col = mongoDBInterface.get_col(self.name, "labels")
col.insert_many([label.__dict__ for label in self.preset_labels])
def add_user_to_project(project_name):
# inputs: id_token of requestor, project name, email of user to be added to project
id_token = request.args.get('id_token')
if id_token is None or id_token == "":
response = {
'message': "ID Token is not included with the request uri in args"
}
response = make_response(response)
return response, 400
requestor_email = get_email(id_token)
if requestor_email is None:
response = {'message': "ID Token has expired or is invalid"}
response = make_response(response)
return response, 400
if 'user' in request.json:
email = request.json['user']
else:
response = {'message': "Missing user"}
response = make_response(response)
return response, 400
# check if the new user is already in the "users" collection in the "users" database
user_to_add = get_col("users", "users").find_one({'email': email})
if user_to_add is None:
response = {'message': "User does not exist/does not have an account"}
response = make_response(response)
return response, 400
project_user_col = get_col(project_name, "users")
if project_user_col.find_one({
'email': requestor_email
}) is None: # if requestor is not in project, return unauthorised
response = {'message': "Not authorised to perform this action"}
response = make_response(response)
return response, 401
if not project_user_col.find_one({
'email': requestor_email
})['isAdmin']: # if the requestor is not an admin, return forbidden
response = {'message': "Forbidden to perform this action"}
response = make_response(response)
return response, 403
if project_user_col.find_one({
'email': email
}) is None: # if cannot find an existing user for that email
project_user_col.insert_one({
'email': email,
'isAdmin': False,
'isContributor': False
})
add_project_to_user(email, project_name)
return "", 204
else:
response = {'message': "That user is already in the provided project"}
response = make_response(response)
return response, 400