aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--wqflask/base/trait.py17
-rw-r--r--wqflask/base/webqtlConfig.py4
-rw-r--r--wqflask/maintenance/set_resource_defaults.py20
-rw-r--r--wqflask/utility/authentication_tools.py79
-rw-r--r--wqflask/wqflask/resource_manager.py6
-rw-r--r--wqflask/wqflask/views.py20
6 files changed, 90 insertions, 56 deletions
diff --git a/wqflask/base/trait.py b/wqflask/base/trait.py
index 7700ecd5..c2b8b910 100644
--- a/wqflask/base/trait.py
+++ b/wqflask/base/trait.py
@@ -42,11 +42,11 @@ def create_trait(**kw):
if kw.get('dataset_name') != "Temp":
if dataset.type == 'Publish':
- permitted = check_resource_availability(dataset, kw.get('name'))
+ permissions = check_resource_availability(dataset, kw.get('name'))
else:
- permitted = check_resource_availability(dataset)
+ permissions = check_resource_availability(dataset)
- if permitted != "no-access":
+ if "view" in permissions['data']:
the_trait = GeneralTrait(**kw)
if the_trait.dataset.type != "Temp":
@@ -382,9 +382,16 @@ def retrieve_trait_info(trait, dataset, get_qtl_info=False):
resource_id = get_resource_id(dataset, trait.name)
if dataset.type == 'Publish':
- the_url = "http://localhost:8080/run-action?resource={}&user={}&branch=data&action=view".format(resource_id, g.user_session.user_id)
+ the_url = "http://localhost:8081/run-action?resource={}&user={}&branch=data&action=view".format(resource_id, g.user_session.user_id)
else:
- the_url = "http://localhost:8080/run-action?resource={}&user={}&branch=data&action=view&trait={}".format(resource_id, g.user_session.user_id, trait.name)
+ the_url = "http://localhost:8081/run-action?resource={}&user={}&branch=data&action=view&trait={}".format(resource_id, g.user_session.user_id, trait.name)
+
+ response = requests.get(the_url).content
+ if response.strip() == "no-access":
+ trait.view = False
+ return trait
+ else:
+ trait_info = json.loads(response)
try:
response = requests.get(the_url).content
diff --git a/wqflask/base/webqtlConfig.py b/wqflask/base/webqtlConfig.py
index 55407123..3d86bc22 100644
--- a/wqflask/base/webqtlConfig.py
+++ b/wqflask/base/webqtlConfig.py
@@ -17,6 +17,10 @@ DEBUG = 1
#USER privilege
USERDICT = {'guest':1,'user':2, 'admin':3, 'root':4}
+#Set privileges
+SUPER_PRIVILEGES = {'data': ['no-access', 'view', 'edit'], 'metadata': ['no-access', 'view', 'edit'], 'admin': ['not-admin', 'edit-access', 'edit-admins']}
+DEFAULT_PRIVILEGES = {'data': ['no-access', 'view'], 'metadata': ['no-access', 'view'], 'admin': ['not-admin']}
+
#minimum number of informative strains
KMININFORMATIVE = 5
diff --git a/wqflask/maintenance/set_resource_defaults.py b/wqflask/maintenance/set_resource_defaults.py
index 0c221bbf..ddb3b17b 100644
--- a/wqflask/maintenance/set_resource_defaults.py
+++ b/wqflask/maintenance/set_resource_defaults.py
@@ -68,9 +68,13 @@ def insert_probeset_resources(default_owner_id):
resource_ob['data'] = { "dataset" : str(resource[0])}
resource_ob['type'] = "dataset-probeset"
if resource[2] < 1 and resource[3] > 0:
- resource_ob['default_mask'] = { "data": "view" }
+ resource_ob['default_mask'] = { "data": "view",
+ "metadata": "view",
+ "admin": "not-admin"}
else:
- resource_ob['default_mask'] = { "data": "no-access" }
+ resource_ob['default_mask'] = { "data": "no-access",
+ "metadata": "no-access",
+ "admin": "not-admin"}
resource_ob['group_masks'] = {}
add_resource(resource_ob)
@@ -98,7 +102,9 @@ def insert_publish_resources(default_owner_id):
resource_ob['data'] = { "dataset" : str(resource[1]) ,
"trait" : str(resource[0])}
resource_ob['type'] = "dataset-publish"
- resource_ob['default_mask'] = { "data": "view" }
+ resource_ob['default_mask'] = { "data": "view",
+ "metadata": "view",
+ "admin": "not-admin"}
resource_ob['group_masks'] = {}
@@ -124,9 +130,13 @@ def insert_geno_resources(default_owner_id):
resource_ob['data'] = { "dataset" : str(resource[0]) }
resource_ob['type'] = "dataset-geno"
if resource[2] < 1:
- resource_ob['default_mask'] = { "data": "view" }
+ resource_ob['default_mask'] = { "data": "view",
+ "metadata": "view",
+ "admin": "not-admin"}
else:
- resource_ob['default_mask'] = { "data": "no-access" }
+ resource_ob['default_mask'] = { "data": "no-access",
+ "metadata": "no-access",
+ "admin": "not-admin"}
resource_ob['group_masks'] = {}
add_resource(resource_ob)
diff --git a/wqflask/utility/authentication_tools.py b/wqflask/utility/authentication_tools.py
index dfa0e2d9..6c88949b 100644
--- a/wqflask/utility/authentication_tools.py
+++ b/wqflask/utility/authentication_tools.py
@@ -3,7 +3,7 @@ from __future__ import absolute_import, print_function, division
import json
import requests
-from base import data_set
+from base import data_set, webqtlConfig
from utility import hmac
from utility.redis_tools import get_redis_conn, get_resource_info, get_resource_id
@@ -18,45 +18,47 @@ def check_resource_availability(dataset, trait_id=None):
#ZS: Check if super-user - we should probably come up with some way to integrate this into the proxy
if g.user_session.user_id in Redis.smembers("super_users"):
- return "edit"
+ return webqtlConfig.SUPER_PRIVILEGES
- resource_id = get_resource_id(dataset, trait_id)
response = None
- if resource_id:
- resource_info = get_resource_info(resource_id)
-
- the_url = "http://localhost:8080/available?resource={}&user={}".format(resource_id, g.user_session.user_id)
- try:
- response = json.loads(requests.get(the_url).content)['data']
- except:
- response = resource_info['default_mask']['data']
- if 'edit' in response:
- return "edit"
- elif 'view' in response:
- return "view"
- else:
- return "no-access"
+ #At least for now assume temporary entered traits are accessible#At least for now assume temporary entered traits are accessible
+ if type(dataset) == str:
+ return webqtlConfig.DEFAULT_PRIVILEGES
+ if dataset.type == "Temp":
+ return webqtlConfig.DEFAULT_PRIVILEGES
- return False
+ resource_id = get_resource_id(dataset, trait_id)
-def check_admin(resource_id=None):
+ if resource_id:
+ resource_info = get_resource_info(resource_id)
+ else:
+ return response #ZS: Need to substitute in something that creates the resource in Redis later
- return "not-admin"
+ the_url = "http://localhost:8081/available?resource={}&user={}".format(resource_id, g.user_session.user_id)
+ try:
+ response = json.loads(requests.get(the_url).content)
+ except:
+ response = resource_info['default_mask']
- # ZS: commented out until proxy can return this
- # the_url = "http://localhost:8080/available?resource={}&user={}".format(resource_id, g.user_session.user_id)
- # try:
- # response = json.loads(requests.get(the_url).content)
- # except:
- # response = resource_info['default_mask']['admin']
+ if response:
+ return response
+ else: #ZS: No idea how this would happen, but just in case
+ return False
- # if 'edit-admins' in response:
- # return "edit-admins"
- # elif 'edit-access' in response:
- # return "edit-access"
- # else:
- # return "not-admin"
+def check_admin(resource_id=None):
+ the_url = "http://localhost:8081/available?resource={}&user={}".format(resource_id, g.user_session.user_id)
+ try:
+ response = json.loads(requests.get(the_url).content)['admin']
+ except:
+ response = resource_info['default_mask']['admin']
+
+ if 'edit-admins' in response:
+ return "edit-admins"
+ elif 'edit-access' in response:
+ return "edit-access"
+ else:
+ return "not-admin"
def check_owner(dataset=None, trait_id=None, resource_id=None):
if resource_id:
@@ -74,15 +76,18 @@ def check_owner(dataset=None, trait_id=None, resource_id=None):
def check_owner_or_admin(dataset=None, trait_id=None, resource_id=None):
if not resource_id:
- resource_id = get_resource_id(dataset, trait_id)
+ if dataset.type == "Temp":
+ return "not-admin"
+ else:
+ resource_id = get_resource_id(dataset, trait_id)
if g.user_session.user_id in Redis.smembers("super_users"):
- return [resource_id, "owner"]
+ return "owner"
resource_info = get_resource_info(resource_id)
if g.user_session.user_id == resource_info['owner_id']:
- return [resource_id, "owner"]
+ return "owner"
else:
- return [resource_id, check_admin(resource_id)]
+ return check_admin(resource_id)
- return [resource_id, "not-admin"] \ No newline at end of file
+ return "not-admin" \ No newline at end of file
diff --git a/wqflask/wqflask/resource_manager.py b/wqflask/wqflask/resource_manager.py
index 0f9f5c9d..39a07310 100644
--- a/wqflask/wqflask/resource_manager.py
+++ b/wqflask/wqflask/resource_manager.py
@@ -18,7 +18,7 @@ def manage_resource():
params = request.form if request.form else request.args
if 'resource_id' in request.args:
resource_id = request.args['resource_id']
- admin_status = check_owner_or_admin(resource_id=resource_id)[1]
+ admin_status = check_owner_or_admin(resource_id=resource_id)
resource_info = get_resource_info(resource_id)
group_masks = resource_info['group_masks']
@@ -67,7 +67,7 @@ def search_for_groups():
def change_owner():
resource_id = request.form['resource_id']
if 'new_owner' in request.form:
- admin_status = check_owner_or_admin(resource_id=resource_id)[1]
+ admin_status = check_owner_or_admin(resource_id=resource_id)
if admin_status == "owner":
new_owner_id = request.form['new_owner']
change_resource_owner(resource_id, new_owner_id)
@@ -100,7 +100,7 @@ def change_default_privileges():
@app.route("/resources/add_group", methods=('POST',))
def add_group_to_resource():
resource_id = request.form['resource_id']
- admin_status = check_owner_or_admin(resource_id=resource_id)[1]
+ admin_status = check_owner_or_admin(resource_id=resource_id)
if admin_status == "owner" or admin_status == "edit-admins" or admin_status == "edit-access":
if 'selected_group' in request.form:
group_id = request.form['selected_group']
diff --git a/wqflask/wqflask/views.py b/wqflask/wqflask/views.py
index dc431aa9..bc01839b 100644
--- a/wqflask/wqflask/views.py
+++ b/wqflask/wqflask/views.py
@@ -96,13 +96,21 @@ def check_access_permissions():
pass
else:
if 'dataset' in request.args:
- dataset = create_dataset(request.args['dataset'])
- if 'trait_id' in request.args:
- available = check_resource_availability(dataset, request.args['trait_id'])
+ if request.args['dataset'] == "Temp":
+ permissions = check_resource_availability("Temp")
else:
- available = check_resource_availability(dataset)
-
- if available == "no-access":
+ dataset = create_dataset(request.args['dataset'])
+
+ if dataset.type == "Temp":
+ permissions = False
+ if 'trait_id' in request.args:
+ permissions = check_resource_availability(dataset, request.args['trait_id'])
+ elif dataset.type != "Publish":
+ permissions = check_resource_availability(dataset)
+ else:
+ return None
+
+ if 'view' not in permissions['data']:
return redirect(url_for("no_access_page"))
@app.teardown_appcontext