diff options
author | Frederick Muriuki Muriithi | 2024-07-29 14:38:32 -0500 |
---|---|---|
committer | Frederick Muriuki Muriithi | 2024-08-05 09:52:18 -0500 |
commit | d3fd64fb5237febb9628c4ccbd259969327ab2ec (patch) | |
tree | 81ef0ec177188ca80b6f95c277bf9684cfaddccd | |
parent | 09642e11e318d149cf628d6b536e04443845665d (diff) | |
download | gn-uploader-d3fd64fb5237febb9628c4ccbd259969327ab2ec.tar.gz |
Put endpoints behind an authorisation check
Put all endpoints that cause data changes behind authorisation.
-rw-r--r-- | uploader/dbinsert.py | 8 | ||||
-rw-r--r-- | uploader/entry.py | 3 | ||||
-rw-r--r-- | uploader/parse.py | 3 | ||||
-rw-r--r-- | uploader/samples.py | 5 | ||||
-rw-r--r-- | uploader/upload/rqtl2.py | 19 |
5 files changed, 38 insertions, 0 deletions
diff --git a/uploader/dbinsert.py b/uploader/dbinsert.py index 88d16ef..66b0c41 100644 --- a/uploader/dbinsert.py +++ b/uploader/dbinsert.py @@ -11,6 +11,7 @@ from flask import ( flash, request, url_for, Blueprint, redirect, render_template, current_app as app) +from uploader.authorisation import require_login from uploader.db_utils import with_db_connection, database_connection from uploader.db import species, species_by_id, populations_by_species @@ -90,6 +91,7 @@ def tissues() -> tuple: return tuple() @dbinsertbp.route("/platform", methods=["POST"]) +@require_login def select_platform(): "Select the platform (GeneChipId) used for the data." job_id = request.form["job_id"] @@ -113,6 +115,7 @@ def select_platform(): return render_error("Unknown error") @dbinsertbp.route("/study", methods=["POST"]) +@require_login def select_study(): "View to select/create the study (ProbeFreeze) associated with the data." form = request.form @@ -142,6 +145,7 @@ def select_study(): return render_error(f"Missing data: {aserr.args[0]}") @dbinsertbp.route("/create-study", methods=["POST"]) +@require_login def create_study(): "Create a new study (ProbeFreeze)." form = request.form @@ -218,6 +222,7 @@ def dataset_datascales() -> tuple: return tuple() @dbinsertbp.route("/dataset", methods=["POST"]) +@require_login def select_dataset(): "Select the dataset to add the file contents against" form = request.form @@ -238,6 +243,7 @@ def select_dataset(): return render_error(f"Missing data: {aserr.args[0]}") @dbinsertbp.route("/create-dataset", methods=["POST"]) +@require_login def create_dataset(): "Select the dataset to add the file contents against" form = request.form @@ -317,6 +323,7 @@ def selected_keys(original: dict, keys: tuple) -> dict: return {key: value for key,value in original.items() if key in keys} @dbinsertbp.route("/final-confirmation", methods=["POST"]) +@require_login def final_confirmation(): "Preview the data before triggering entry into the database" form = request.form @@ -352,6 +359,7 @@ def final_confirmation(): return render_error(f"Missing data: {aserr.args[0]}") @dbinsertbp.route("/insert-data", methods=["POST"]) +@require_login def insert_data(): "Trigger data insertion" form = request.form diff --git a/uploader/entry.py b/uploader/entry.py index 941200a..82034ed 100644 --- a/uploader/entry.py +++ b/uploader/entry.py @@ -16,6 +16,7 @@ from flask import ( send_from_directory) from uploader.db import species +from uploader.authorisation import require_login from uploader.db_utils import with_db_connection from uploader.oauth2.client import user_logged_in @@ -91,6 +92,7 @@ def index(): return render_template("index.html" if user_logged_in() else "login.html") @entrybp.route("/upload", methods=["GET", "POST"]) +@require_login def upload_file(): """Enables uploading the files""" if request.method == "GET": @@ -123,6 +125,7 @@ def upload_file(): filetype=request.form["filetype"])) @entrybp.route("/data-review", methods=["GET"]) +@require_login def data_review(): """Provide some help on data expectations to the user.""" return render_template("data_review.html") diff --git a/uploader/parse.py b/uploader/parse.py index 865dae2..dea4f95 100644 --- a/uploader/parse.py +++ b/uploader/parse.py @@ -11,6 +11,7 @@ from quality_control.errors import InvalidValue, DuplicateHeading from uploader import jobs from uploader.dbinsert import species_by_id from uploader.db_utils import with_db_connection +from uploader.authorisation import require_login parsebp = Blueprint("parse", __name__) @@ -23,6 +24,7 @@ def isduplicateheading(item): return isinstance(item, DuplicateHeading) @parsebp.route("/parse", methods=["GET"]) +@require_login def parse(): """Trigger file parsing""" errors = False @@ -160,6 +162,7 @@ def fail(job_id: str): return render_template("no_such_job.html", job_id=job_id) @parsebp.route("/abort", methods=["POST"]) +@require_login def abort(): """Handle user request to abort file processing""" job_id = request.form["job_id"] diff --git a/uploader/samples.py b/uploader/samples.py index 9c95770..7a80336 100644 --- a/uploader/samples.py +++ b/uploader/samples.py @@ -22,6 +22,7 @@ from functional_tools import take from uploader import jobs from uploader.files import save_file +from uploader.authorisation import require_login from uploader.input_validation import is_integer_input from uploader.db_utils import ( with_db_connection, @@ -37,6 +38,7 @@ from uploader.db import ( samples = Blueprint("samples", __name__) @samples.route("/upload/species", methods=["GET", "POST"]) +@require_login def select_species(): """Select the species.""" if request.method == "GET": @@ -58,6 +60,7 @@ def select_species(): @samples.route("/upload/species/<int:species_id>/create-population", methods=["POST"]) +@require_login def create_population(species_id: int): """Create new grouping/population.""" if not is_integer_input(species_id): @@ -100,6 +103,7 @@ def create_population(species_id: int): @samples.route("/upload/species/<int:species_id>/population", methods=["GET", "POST"]) +@require_login def select_population(species_id: int): """Select from existing groupings/populations.""" if not is_integer_input(species_id): @@ -233,6 +237,7 @@ def build_sample_upload_job(# pylint: disable=[too-many-arguments] @samples.route("/upload/species/<int:species_id>/populations/<int:population_id>/samples", methods=["GET", "POST"]) +@require_login def upload_samples(species_id: int, population_id: int):#pylint: disable=[too-many-return-statements] """Upload the samples.""" samples_uploads_page = redirect(url_for("samples.upload_samples", diff --git a/uploader/upload/rqtl2.py b/uploader/upload/rqtl2.py index 6aed1f7..ff7556d 100644 --- a/uploader/upload/rqtl2.py +++ b/uploader/upload/rqtl2.py @@ -32,6 +32,7 @@ from uploader.files import save_file, fullpath from uploader.dbinsert import species as all_species from uploader.db_utils import with_db_connection, database_connection +from uploader.authorisation import require_login from uploader.db.platforms import platform_by_id, platforms_by_species from uploader.db.averaging import averaging_methods, averaging_method_by_id from uploader.db.tissues import all_tissues, tissue_by_id, create_new_tissue @@ -53,8 +54,10 @@ from uploader.db.datasets import ( rqtl2 = Blueprint("rqtl2", __name__) + @rqtl2.route("/", methods=["GET", "POST"]) @rqtl2.route("/select-species", methods=["GET", "POST"]) +@require_login def select_species(): """Select the species.""" if request.method == "GET": @@ -72,6 +75,7 @@ def select_species(): @rqtl2.route("/upload/species/<int:species_id>/select-population", methods=["GET", "POST"]) +@require_login def select_population(species_id: int): """Select/Create the population to organise data under.""" with database_connection(app.config["SQL_URI"]) as conn: @@ -101,6 +105,7 @@ def select_population(species_id: int): @rqtl2.route("/upload/species/<int:species_id>/create-population", methods=["POST"]) +@require_login def create_population(species_id: int): """Create a new population for the given species.""" population_page = redirect(url_for("upload.rqtl2.select_population", @@ -143,6 +148,7 @@ class __RequestError__(Exception): #pylint: disable=[invalid-name] @rqtl2.route(("/upload/species/<int:species_id>/population/<int:population_id>" "/rqtl2-bundle"), methods=["GET", "POST"]) +@require_login def upload_rqtl2_bundle(species_id: int, population_id: int): """Allow upload of R/qtl2 bundle.""" with database_connection(app.config["SQL_URI"]) as conn: @@ -241,6 +247,7 @@ def chunks_directory(uniqueidentifier: str) -> Path: @rqtl2.route(("/upload/species/<int:species_id>/population/<int:population_id>" "/rqtl2-bundle-chunked"), methods=["GET"]) +@require_login def upload_rqtl2_bundle_chunked_get(# pylint: disable=["unused-argument"] species_id: int, population_id: int @@ -285,6 +292,7 @@ def __merge_chunks__(targetfile: Path, chunkpaths: tuple[Path, ...]) -> Path: @rqtl2.route(("/upload/species/<int:species_id>/population/<int:population_id>" "/rqtl2-bundle-chunked"), methods=["POST"]) +@require_login def upload_rqtl2_bundle_chunked_post(species_id: int, population_id: int): """ Extension to the `upload_rqtl2_bundle` endpoint above that allows large @@ -343,6 +351,7 @@ def upload_rqtl2_bundle_chunked_post(species_id: int, population_id: int): @rqtl2.route("/upload/species/rqtl2-bundle/qc-status/<uuid:jobid>", methods=["GET", "POST"]) +@require_login def rqtl2_bundle_qc_status(jobid: UUID): """Check the status of the QC jobs.""" with (Redis.from_url(app.config["REDIS_URL"], decode_responses=True) as rconn, @@ -564,6 +573,7 @@ def with_errors(endpointthunk: Callable, *checkfns): @rqtl2.route(("/upload/species/<int:species_id>/population/<int:population_id>" "/rqtl2-bundle/select-geno-dataset"), methods=["POST"]) +@require_login def select_geno_dataset(species_id: int, population_id: int): """Select from existing geno datasets.""" with database_connection(app.config["SQL_URI"]) as conn: @@ -602,6 +612,7 @@ def select_geno_dataset(species_id: int, population_id: int): @rqtl2.route(("/upload/species/<int:species_id>/population/<int:population_id>" "/rqtl2-bundle/create-geno-dataset"), methods=["POST"]) +@require_login def create_geno_dataset(species_id: int, population_id: int): """Create a new geno dataset.""" with database_connection(app.config["SQL_URI"]) as conn: @@ -671,6 +682,7 @@ def create_geno_dataset(species_id: int, population_id: int): @rqtl2.route(("/upload/species/<int:species_id>/population/<int:population_id>" "/rqtl2-bundle/select-tissue"), methods=["POST"]) +@require_login def select_tissue(species_id: int, population_id: int): """Select from existing tissues.""" with database_connection(app.config["SQL_URI"]) as conn: @@ -701,6 +713,7 @@ def select_tissue(species_id: int, population_id: int): @rqtl2.route(("/upload/species/<int:species_id>/population/<int:population_id>" "/rqtl2-bundle/create-tissue"), methods=["POST"]) +@require_login def create_tissue(species_id: int, population_id: int): """Add new tissue, organ or biological material to the system.""" form = request.form @@ -745,6 +758,7 @@ def create_tissue(species_id: int, population_id: int): @rqtl2.route(("/upload/species/<int:species_id>/population/<int:population_id>" "/rqtl2-bundle/select-probeset-study"), methods=["POST"]) +@require_login def select_probeset_study(species_id: int, population_id: int): """Select or create a probeset study.""" with database_connection(app.config["SQL_URI"]) as conn: @@ -780,6 +794,7 @@ def select_probeset_study(species_id: int, population_id: int): @rqtl2.route(("/upload/species/<int:species_id>/population/<int:population_id>" "/rqtl2-bundle/select-probeset-dataset"), methods=["POST"]) +@require_login def select_probeset_dataset(species_id: int, population_id: int): """Select or create a probeset dataset.""" with database_connection(app.config["SQL_URI"]) as conn: @@ -820,6 +835,7 @@ def select_probeset_dataset(species_id: int, population_id: int): @rqtl2.route(("/upload/species/<int:species_id>/population/<int:population_id>" "/rqtl2-bundle/create-probeset-study"), methods=["POST"]) +@require_login def create_probeset_study(species_id: int, population_id: int): """Create a new probeset study.""" errorclasses = "alert-error error-rqtl2 error-rqtl2-create-probeset-study" @@ -882,6 +898,7 @@ def create_probeset_study(species_id: int, population_id: int): @rqtl2.route(("/upload/species/<int:species_id>/population/<int:population_id>" "/rqtl2-bundle/create-probeset-dataset"), methods=["POST"]) +@require_login def create_probeset_dataset(species_id: int, population_id: int):#pylint: disable=[too-many-return-statements] """Create a new probeset dataset.""" errorclasses = "alert-error error-rqtl2 error-rqtl2-create-probeset-dataset" @@ -973,6 +990,7 @@ def create_probeset_dataset(species_id: int, population_id: int):#pylint: disabl @rqtl2.route(("/upload/species/<int:species_id>/population/<int:population_id>" "/rqtl2-bundle/dataset-info"), methods=["POST"]) +@require_login def select_dataset_info(species_id: int, population_id: int): """ If `geno` files exist in the R/qtl2 bundle, prompt user to provide the @@ -1065,6 +1083,7 @@ def select_dataset_info(species_id: int, population_id: int): @rqtl2.route(("/upload/species/<int:species_id>/population/<int:population_id>" "/rqtl2-bundle/confirm-bundle-details"), methods=["POST"]) +@require_login def confirm_bundle_details(species_id: int, population_id: int): """Confirm the details and trigger R/qtl2 bundle processing...""" redisuri = app.config["REDIS_URL"] |