new permissions ui

EGA-archive · Nov 7, 2023 · 2c3c41e · 2c3c41e
1 parent 12f5b1e
commit 2c3c41e
Show file tree

Hide file tree

Showing 47 changed files with 1,648 additions and 138 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -42,6 +42,7 @@ RUN apt-get update && \
 COPY deploy/nginx.conf        /beacon/nginx.conf
 COPY deploy/supervisord.conf  /beacon/supervisord.conf
 COPY deploy/entrypoint.sh     /usr/local/bin/entrypoint.sh
+COPY deploy/permissions.sh     /usr/local/bin/permissions.sh
 COPY beacon                   /beacon/beacon
 COPY ui                       /beacon/ui
 

diff --git a/beacon/request/handlers.py b/beacon/request/handlers.py
@@ -59,131 +59,113 @@ async def wrapper(request: Request):
 
         LOG.debug(access_token)
         if access_token is not None:
-            with open("/beacon/beacon/request/public_datasets.yml", 'r') as stream:
-                public_datasets = yaml.safe_load(stream)
-            list_of_public_datasets= public_datasets['public_datasets']
-            try:
-                specific_datasets = qparams.query.request_parameters['datasets']
-            except Exception:
-                specific_datasets = []
-            access_token = access_token[7:]  # cut out 7 characters: len('Bearer ')
-
+            print('we have access token')
+        else:
+            access_token = 'Bearer public'
+        try:
+            specific_datasets = qparams.query.request_parameters['datasets']
+        except Exception:
+            specific_datasets = []
+        access_token = access_token[7:]  # cut out 7 characters: len('Bearer ')
+        LOG.debug(access_token)
 
+
+
+        authorized_datasets, authenticated = await resolve_token(access_token, search_datasets)
+        LOG.debug(authorized_datasets)
+        #LOG.debug('all datasets:  %s', all_datasets)
+        LOG.info('resolved datasets:  %s', authorized_datasets)
+        LOG.debug(authenticated)
+        LOG.debug(specific_datasets)
+
+
+        specific_datasets_unauthorized = []
+        specific_datasets_unauthorized_and_found = []
+        bio_list = []
+        search_and_authorized_datasets = []
+        specific_search_datasets = []
+        # Get response
+        if specific_datasets != []:
+            for element in authorized_datasets:
+                if element in specific_datasets:
+                    search_and_authorized_datasets.append(element)
+            for elemento in specific_datasets:
+                if elemento not in search_and_authorized_datasets:
+                    specific_datasets_unauthorized.append(elemento)
+            qparams.query.request_parameters = {}
+            qparams.query.request_parameters['datasets'] = '*******'
+            _, _, datasets = get_datasets(None, qparams)
+            beacon_datasets = [ r for r in datasets ]
+            all_datasets = [r['id'] for r in beacon_datasets]
 
-
-            authorized_datasets, authenticated = await resolve_token(access_token, search_datasets)
-            LOG.debug(authorized_datasets)
-            #LOG.debug('all datasets:  %s', all_datasets)
-            LOG.info('resolved datasets:  %s', authorized_datasets)
-            LOG.debug(authenticated)
-            LOG.debug(specific_datasets)
+            response_datasets = [ r['id'] for r in beacon_datasets if r['id'] in search_and_authorized_datasets]
+            LOG.debug(specific_search_datasets)
+            LOG.debug(response_datasets)
 
+            list_of_dataset_dicts=[]
 
-            specific_datasets_unauthorized = []
-            specific_datasets_unauthorized_and_found = []
-            bio_list = []
-            search_and_authorized_datasets = []
-            specific_search_datasets = []
-            for public_dataset in list_of_public_datasets:
-                authorized_datasets.append(public_dataset)
-            # Get response
-            if specific_datasets != []:
-                for element in authorized_datasets:
-                    if element in specific_datasets:
-                        search_and_authorized_datasets.append(element)
-                for elemento in specific_datasets:
-                    if elemento not in search_and_authorized_datasets:
-                        specific_datasets_unauthorized.append(elemento)
-                qparams.query.request_parameters = {}
-                qparams.query.request_parameters['datasets'] = '*******'
-                _, _, datasets = get_datasets(None, qparams)
-                beacon_datasets = [ r for r in datasets ]
-                all_datasets = [r['id'] for r in beacon_datasets]
-
-                response_datasets = [ r['id'] for r in beacon_datasets if r['id'] in search_and_authorized_datasets]
-                LOG.debug(specific_search_datasets)
-                LOG.debug(response_datasets)
-
-                list_of_dataset_dicts=[]
-
-                for data_r in response_datasets:
-                    dict_dataset = {}
-                    dict_dataset['dataset']=data_r
-                    dict_dataset['ids']=[ r['ids'] for r in beacon_datasets if r['id'] == data_r ]
-                    list_of_dataset_dicts.append(dict_dataset)
+            for data_r in response_datasets:
+                dict_dataset = {}
+                dict_dataset['dataset']=data_r
+                dict_dataset['ids']=[ r['ids'] for r in beacon_datasets if r['id'] == data_r ]
+                list_of_dataset_dicts.append(dict_dataset)
 
-                for dataset_searched in specific_datasets_unauthorized:
-                    if dataset_searched not in all_datasets:
-                        dict_dataset = {}
-                        dict_dataset['dataset']=dataset_searched
-                        dict_dataset['ids'] = ['Dataset not found']
-                        LOG.debug(dict_dataset['dataset'])
-                        LOG.debug(dict_dataset['ids'])
-                        list_of_dataset_dicts.append(dict_dataset)
-
-                for data_s in specific_datasets_unauthorized_and_found:
+            for dataset_searched in specific_datasets_unauthorized:
+                if dataset_searched not in all_datasets:
                     dict_dataset = {}
-                    dict_dataset['dataset']=data_s
-                    dict_dataset['ids'] = ['Unauthorized dataset']
+                    dict_dataset['dataset']=dataset_searched
+                    dict_dataset['ids'] = ['Dataset not found']
+                    LOG.debug(dict_dataset['dataset'])
+                    LOG.debug(dict_dataset['ids'])
                     list_of_dataset_dicts.append(dict_dataset)
+
+            for data_s in specific_datasets_unauthorized_and_found:
+                dict_dataset = {}
+                dict_dataset['dataset']=data_s
+                dict_dataset['ids'] = ['Unauthorized dataset']
+                list_of_dataset_dicts.append(dict_dataset)
 
-                LOG.debug(specific_datasets_unauthorized_and_found)
-                LOG.debug(specific_datasets_unauthorized)
-                LOG.debug(list_of_dataset_dicts)
+            LOG.debug(specific_datasets_unauthorized_and_found)
+            LOG.debug(specific_datasets_unauthorized)
+            LOG.debug(list_of_dataset_dicts)
 
-            else:
-                qparams.query.request_parameters = {}
-                qparams.query.request_parameters['datasets'] = '*******'
-                _, _, datasets = get_datasets(None, qparams)
-                beacon_datasets = [ r for r in datasets ]
-                LOG.debug(authorized_datasets)
-                specific_datasets = [ r['id'] for r in beacon_datasets if r['id'] not in authorized_datasets]
-                response_datasets = [ r['id'] for r in beacon_datasets if r['id'] in authorized_datasets]
-                LOG.debug(specific_datasets)
-                LOG.debug(response_datasets)
-                specific_datasets_unauthorized.append(specific_datasets)
-                for unauth in specific_datasets_unauthorized:
-                    for unauth_spec in unauth:
-                        biosample_ids = [ r['ids'] for r in beacon_datasets if r['id'] == unauth_spec ]
-                        bio_list.append(biosample_ids)
-
-                list_of_dataset_dicts=[]
-
-                for data_r in response_datasets:
-                    dict_dataset = {}
-                    dict_dataset['dataset']=data_r
-                    dict_dataset['ids']=[ r['ids'] for r in beacon_datasets if r['id'] == data_r ]
-                    list_of_dataset_dicts.append(dict_dataset)
-
-                for data_s in specific_datasets:
-                    dict_dataset = {}
-                    dict_dataset['dataset']=data_s
-                    dict_dataset['ids'] = ['Unauthorized dataset']
-                    list_of_dataset_dicts.append(dict_dataset)
-                #LOG.debug(list_of_dataset_dicts)
         else:
-            #write here code for public datasets
-            list_of_dataset_dicts=[]
             qparams.query.request_parameters = {}
             qparams.query.request_parameters['datasets'] = '*******'
             _, _, datasets = get_datasets(None, qparams)
             beacon_datasets = [ r for r in datasets ]
-            with open("/beacon/beacon/request/public_datasets.yml", 'r') as stream:
-                public_datasets = yaml.safe_load(stream)
-            list_of_public_datasets= public_datasets['public_datasets']
-            LOG.debug(list_of_public_datasets)
-            for data_r in list_of_public_datasets:
+            LOG.debug(authorized_datasets)
+            specific_datasets = [ r['id'] for r in beacon_datasets if r['id'] not in authorized_datasets]
+            response_datasets = [ r['id'] for r in beacon_datasets if r['id'] in authorized_datasets]
+            LOG.debug(specific_datasets)
+            LOG.debug(response_datasets)
+            specific_datasets_unauthorized.append(specific_datasets)
+            for unauth in specific_datasets_unauthorized:
+                for unauth_spec in unauth:
+                    biosample_ids = [ r['ids'] for r in beacon_datasets if r['id'] == unauth_spec ]
+                    bio_list.append(biosample_ids)
+
+            list_of_dataset_dicts=[]
+
+            for data_r in response_datasets:
                 dict_dataset = {}
                 dict_dataset['dataset']=data_r
                 dict_dataset['ids']=[ r['ids'] for r in beacon_datasets if r['id'] == data_r ]
                 list_of_dataset_dicts.append(dict_dataset)
+
+            for data_s in specific_datasets:
+                dict_dataset = {}
+                dict_dataset['dataset']=data_s
+                dict_dataset['ids'] = ['Unauthorized dataset']
+                list_of_dataset_dicts.append(dict_dataset)
             #LOG.debug(list_of_dataset_dicts)
 
+
 
 
         qparams = RequestParams(**json_body).from_request(request)
 
-        if access_token is not None:
+        if access_token != 'public':
             decoded = jwt.decode(access_token, options={"verify_signature": False})
             LOG.debug(decoded)
             token_username = decoded['preferred_username']

diff --git a/beacon/utils/auth.py b/beacon/utils/auth.py
@@ -32,11 +32,13 @@ async def resolve_token(token, requested_datasets_ids):
                          'Accept': 'application/json'},
                 json={'datasets': requested_datasets_ids},  # will set the Content-Type to application/json
         ) as resp:
+            '''
             if resp.status > 200:
                 LOG.error('Permissions server error %d', resp.status)
                 error = await resp.text()
                 LOG.error('Error: %s', error)
                 raise web.HTTPUnauthorized(body=error)
+            '''
             content = await resp.content.read()
             authorized_datasets = content.decode('utf-8')
             authorized_datasets_list = authorized_datasets.split('"')

diff --git a/deploy/docker-compose.yml b/deploy/docker-compose.yml
@@ -103,6 +103,7 @@ services:
       - ./logger.yml:/beacon/logger.yml
     ports:
       - "5051:5051"
+      - 8010:8000
     networks:
       - beacon-priv
       - pub
@@ -178,3 +179,5 @@ services:
     volumes:
       - ../frontend:/usr/src/app
 
+
+
diff --git a/deploy/permissions.sh b/deploy/permissions.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+bash permissions/permissions-ui/start.sh
+python -m permissions
diff --git a/permissions/auth.py b/permissions/auth.py
@@ -61,7 +61,8 @@ async def get_user_info(access_token):
             else:
                 LOG.error('Content: %s', content)
                 LOG.error('Invalid token')
-                raise web.HTTPUnauthorized()
+                user = 'public'
+                return user
 
         user = None
         async with ClientSession(trust_env=True) as session:
@@ -75,7 +76,8 @@ async def get_user_info(access_token):
                 else:
                     content = await resp.text()
                     LOG.error('Content: %s', content)
-                    raise web.HTTPUnauthorized()
+                    user = 'public'
+                    return user
 
 
 
@@ -96,7 +98,10 @@ async def decorated(request):
         LOG.info('The user is: %r', user)
         if user is None:
             raise web.HTTPUnauthorized()
-        username = user.get('preferred_username')
+        elif user == 'public':
+            username = 'public'
+        else:
+            username = user.get('preferred_username')
         LOG.debug('username: %s', username)
 
         return await func(request, username)

diff --git a/permissions/controlled_datasets.yml b/permissions/controlled_datasets.yml
@@ -1,2 +1,3 @@
 controlled_datasets:
-- CINECA_synthetic_cohort_EUROPE_UK1
+- nothing
+- vamos
diff --git a/permissions/permissions-ui/.dockerignore b/permissions/permissions-ui/.dockerignore
@@ -0,0 +1,4 @@
+.dockerignore
+*.pyc
+__pycache__
+env
diff --git a/permissions/permissions-ui/bash/__init__.py b/permissions/permissions-ui/bash/__init__.py
diff --git a/permissions/permissions-ui/bash/admin.py b/permissions/permissions-ui/bash/admin.py
@@ -0,0 +1,3 @@
+from django.contrib import admin
+
+# Register your models here.
diff --git a/permissions/permissions-ui/bash/apps.py b/permissions/permissions-ui/bash/apps.py
@@ -0,0 +1,6 @@
+from django.apps import AppConfig
+
+
+class BashConfig(AppConfig):
+    default_auto_field = 'django.db.models.BigAutoField'
+    name = 'bash'
diff --git a/permissions/permissions-ui/bash/models.py b/permissions/permissions-ui/bash/models.py
@@ -0,0 +1,3 @@
+from django.db import models
+
+# Create your models here.
diff --git a/permissions/permissions-ui/bash/tests.py b/permissions/permissions-ui/bash/tests.py
@@ -0,0 +1,3 @@
+from django.test import TestCase
+
+# Create your tests here.
diff --git a/permissions/permissions-ui/bash/urls.py b/permissions/permissions-ui/bash/urls.py
@@ -0,0 +1,11 @@
+from django.urls import path
+#from .views import HomePageView
+from . import views
+app_name = 'bash'
+
+urlpatterns = [
+    path('', views.bash_view, name='index'),
+    path('public', views.public_view, name='public'),
+    path('controlled', views.controlled_view, name='controlled'),
+    path('registered', views.registered_view, name='registered')
+]
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		from django.contrib import admin

		# Register your models here.
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		from django.db import models

		# Create your models here.
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		from django.test import TestCase

		# Create your tests here.