Merge branch 'master' into filter

Synicix · web-flow · commit 727a4f6e5977 · 2021-02-11T13:38:27.000-06:00
diff --git a/README.md b/README.md
@@ -31,7 +31,7 @@ HOST_UID=1000 # Unix UID associated with non-root login
 PY_VER=3.8    # Python version: 3.6|3.7|3.8
 IMAGE=djtest  # Image type:     djbase|djtest|djlab|djlabhub
 DISTRO=alpine # Distribution:   alpine|debian
-AS_SCRIPT=
+AS_SCRIPT=    # If 'TRUE', will not keep container alive but run tests and exit
 ```
 - Navigate to `LNX-docker-compose.yaml` and check first comment which will provide best instruction on how to start the service. Yes, the command is a bit long...
 
diff --git a/dj_gui_api_server/DJConnector.py b/dj_gui_api_server/DJConnector.py
@@ -2,11 +2,18 @@
 import datajoint as dj
 import datetime
 import numpy as np
+
 from .dj_connector_exceptions import InvalidDeleteRequest, InvalidRestriction, \
     UnsupportedTableType
 from functools import reduce
+from datajoint.errors import AccessError
+import re
+from .errors import InvalidDeleteRequest, InvalidRestriction, UnsupportedTableType
 
 DAY = 24 * 60 * 60
+DEFAULT_FETCH_LIMIT = 1000  # Stop gap measure to deal with super large tables
+TABLE_INFO_REGEX = re.compile(
+    r'.*?FROM\s+`(?P<schema>\w+)`.*?name\s*?=\s*?"(?P<table>.*?)".*?')
 
 
 class DJConnector():
@@ -281,6 +288,43 @@ def insert_tuple(jwt_payload: dict, schema_name: str, table_name: str,
         schema_virtual_module = dj.create_virtual_module(schema_name, schema_name)
         getattr(schema_virtual_module, table_name).insert1(tuple_to_insert)
 
+    @staticmethod
+    def record_dependency(jwt_payload: dict, schema_name: str, table_name: str,
+                          primary_restriction: dict) -> list:
+        """
+        Return summary of dependencies associated with a restricted table
+        :param jwt_payload: Dictionary containing databaseAddress, username and password
+            strings
+        :type jwt_payload: dict
+        :param schema_name: Name of schema
+        :type schema_name: str
+        :param table_name: Table name under the given schema; must be in camel case
+        :type table_name: str
+        :param primary_restriction: Restriction to be applied to table
+        :type primary_restriction: dict
+        :return: Tables that are dependant on specific records. Includes accessibility and,
+            if accessible, how many rows are affected.
+        :rtype: list
+        """
+        DJConnector.set_datajoint_config(jwt_payload)
+        virtual_module = dj.VirtualModule(schema_name, schema_name)
+        table = getattr(virtual_module, table_name)
+        # Retrieve dependencies of related to retricted
+        dependencies = [dict(schema=descendant.database, table=descendant.table_name,
+                             accessible=True, count=len(descendant & primary_restriction))
+                        for descendant in table().descendants(as_objects=True)]
+        # Determine first issue regarding access
+        # Start transaction, try to delete, catch first occurrence, rollback
+        virtual_module.schema.connection.start_transaction()
+        try:
+            (table & primary_restriction).delete(safemode=False, transaction=False)
+        except AccessError as errors:
+            dependencies = dependencies + [dict(TABLE_INFO_REGEX.match(
+                errors.args[2]).groupdict(), accessible=False)]
+        finally:
+            virtual_module.schema.connection.cancel_transaction()
+        return dependencies
+
     @staticmethod
     def update_tuple(jwt_payload: dict, schema_name: str, table_name: str,
                      tuple_to_update: dict):
@@ -371,7 +415,6 @@ def set_datajoint_config(jwt_payload: dict):
         dj.config['database.host'] = jwt_payload['databaseAddress']
         dj.config['database.user'] = jwt_payload['username']
         dj.config['database.password'] = jwt_payload['password']
-
         dj.conn(reset=True)
 
     @staticmethod
diff --git a/dj_gui_api_server/DJGUIAPIServer.py b/dj_gui_api_server/DJGUIAPIServer.py
@@ -229,6 +229,31 @@ def insert_tuple(jwt_payload: dict):
         return str(e), 500
 
 
+@app.route('/api/record/dependency', methods=['GET'])
+@protected_route
+def record_dependency(jwt_payload: dict) -> dict:
+    """
+    Route to insert record. Expects:
+        (html:GET:Authorization): Must include in format of: bearer <JWT-Token>
+        (html:query_params): {"schemaName": <schema_name>, "tableName": <table_name>,
+                           "restriction": <b64 JSON restriction>}
+            NOTE: Table name must be in CamalCase
+    :param jwt_payload: Dictionary containing databaseAddress, username and password
+        strings.
+    :type jwt_payload: dict
+    :return: If sucessfuly sends back a list of dependencies otherwise returns error
+    :rtype: dict
+    """
+    # Get dependencies
+    try:
+        dependencies = DJConnector.record_dependency(
+            jwt_payload, request.args.get('schemaName'), request.args.get('tableName'),
+            loads(b64decode(request.args.get('restriction').encode('utf-8')).decode('utf-8')))
+        return dict(dependencies=dependencies)
+    except Exception as e:
+        return str(e), 500
+
+
 @app.route('/api/update_tuple', methods=['POST'])
 @protected_route
 def update_tuple(jwt_payload: dict):
diff --git a/dj_gui_api_server/errors.py b/dj_gui_api_server/errors.py
diff --git a/requirements.txt b/requirements.txt
@@ -1,3 +1,4 @@
 flask
-datajoint==0.13.dev2
 pyjwt[crypto]
+datajoint==0.13.dev4
+datajoint_connection_hub
diff --git a/tests/test_attributes.py b/tests/test_attributes.py
@@ -76,6 +76,7 @@ class Decimal(dj.Manual):
     yield Decimal
     Decimal.drop()
 
+
 @pytest.fixture
 def String(schema):
     @schema
@@ -88,6 +89,7 @@ class String(dj.Manual):
     yield String
     String.drop()
 
+
 @pytest.fixture
 def Bool(schema):
     @schema
@@ -100,6 +102,7 @@ class Bool(dj.Manual):
     yield Bool
     Bool.drop()
 
+
 @pytest.fixture
 def Date(schema):
     @schema
@@ -190,6 +193,7 @@ class Uuid(dj.Manual):
     yield Uuid
     Uuid.drop()
 
+
 @pytest.fixture
 def ParentPart(schema):
     @schema
@@ -199,30 +203,29 @@ class ScanData(dj.Manual):
         ---
         data: int unsigned
         """
-        
+
     @schema
     class ProcessScanData(dj.Computed):
         definition = """
         -> ScanData # Forigen Key Reference
         ---
         processed_scan_data : int unsigned
         """
-            
+
         class ProcessScanDataPart(dj.Part):
             definition = """
             -> ProcessScanData
             ---
             processed_scan_data_part : int unsigned
             """
-            
-            
+
         def make(self, key):
             scan_data_dict = (ScanData & key).fetch1()
             self.insert1(dict(key, processed_scan_data=scan_data_dict['data']))
             self.ProcessScanDataPart.insert1(
                 dict(key, processed_scan_data_part=scan_data_dict['data'] * 2))
 
-    yield dict(ScanData=ScanData, ProcessScanData=ProcessScanData)
+    yield ScanData, ProcessScanData
     ScanData.drop()
 
 
@@ -267,6 +270,7 @@ def test_decimal(token, client, Decimal):
         token=token,
     )
 
+
 def test_string(token, client, String):
     validate(
         table=String,
@@ -277,6 +281,7 @@ def test_string(token, client, String):
         token=token,
     )
 
+
 def test_bool(token, client, Bool):
     validate(
         table=Bool,
@@ -287,6 +292,7 @@ def test_bool(token, client, Bool):
         token=token,
     )
 
+
 def test_date(token, client, Date):
     validate(
         table=Date,
@@ -363,23 +369,26 @@ def test_uuid(token, client, Uuid):
         token=token,
     )
 
+
 def test_part_table(token, client, ParentPart):
-    ParentPart['ScanData'].insert1(dict(scan_id=0, data=5))
-    ParentPart['ProcessScanData'].populate()
-    
+    ScanData, ProcessScanData = ParentPart
+    ScanData.insert1(dict(scan_id=0, data=5))
+    ProcessScanData.populate()
+
     # Test Parent
     REST_value = client.post('/api/fetch_tuples',
-                            headers=dict(Authorization=f'Bearer {token}'),
-                            json=dict(schemaName='add_types',
-                                      tableName=ParentPart['ProcessScanData'].__name__)).json['tuples'][0]
-    
+                             headers=dict(Authorization=f'Bearer {token}'),
+                             json=dict(schemaName='add_types',
+                                       tableName=ProcessScanData.__name__)).json['tuples'][0]
+
     assert REST_value == [0, 5]
 
     # Test Child
-    REST_value = client.post('/api/fetch_tuples',
-                            headers=dict(Authorization=f'Bearer {token}'),
-                            json=dict(schemaName='add_types',
-                                      tableName=ParentPart['ProcessScanData'].__name__ + '.' + 
-                                      ParentPart['ProcessScanData'].ProcessScanDataPart.__name__)).json['tuples'][0]
+    REST_value = client.post(
+        '/api/fetch_tuples',
+        headers=dict(Authorization=f'Bearer {token}'),
+        json=dict(schemaName='add_types',
+                  tableName=(ProcessScanData.__name__ + '.' +
+                             ProcessScanData.ProcessScanDataPart.__name__))).json['tuples'][0]
 
     assert REST_value == [0, 10]
diff --git a/tests/test_dependencies.py b/tests/test_dependencies.py
@@ -0,0 +1,144 @@
+from os import getenv
+import pytest
+from dj_gui_api_server.DJGUIAPIServer import app
+import datajoint as dj
+from base64 import b64encode
+from json import dumps
+
+
+@pytest.fixture
+def client():
+    with app.test_client() as client:
+        yield client
+
+
+@pytest.fixture
+def token(client):
+    yield client.post('/api/login', json=dict(databaseAddress=getenv('TEST_DB_SERVER'),
+                                              username=getenv('TEST_DB_USER'),
+                                              password=getenv('TEST_DB_PASS'))).json['jwt']
+
+
+@pytest.fixture
+def connection():
+    dj.config['safemode'] = False
+    connection = dj.conn(host=getenv('TEST_DB_SERVER'),
+                         user=getenv('TEST_DB_USER'),
+                         password=getenv('TEST_DB_PASS'), reset=True)
+    connection.query("""
+                     CREATE USER IF NOT EXISTS 'underprivileged'@'%%'
+                     IDENTIFIED BY 'datajoint';
+                     """)
+    connection.query("GRANT ALL PRIVILEGES ON `deps`.* TO 'underprivileged'@'%%';")
+    deps_secret = dj.VirtualModule('deps_secret', 'deps_secret', create_tables=True)
+    deps = dj.VirtualModule('deps', 'deps', create_tables=True)
+    @deps.schema
+    class TableA(dj.Lookup):
+        definition = """
+        a_id: int
+        ---
+        a_name: varchar(30)
+        """
+        contents = [(0, 'Raphael',), (1, 'Bernie',)]
+
+    @deps.schema
+    class TableB(dj.Lookup):
+        definition = """
+        -> TableA
+        b_id: int
+        ---
+        b_number: float
+        """
+        contents = [(0, 10, 22.12), (0, 11, -1.21,), (1, 21, 7.77,)]
+    deps = dj.VirtualModule('deps', 'deps', create_tables=True)
+
+    @deps_secret.schema
+    class DiffTableB(dj.Lookup):
+        definition = """
+        -> deps.TableA
+        bs_id: int
+        ---
+        bs_number: float
+        """
+        contents = [(0, -10, -99.99), (0, -11, 287.11,)]
+
+    @deps.schema
+    class TableC(dj.Lookup):
+        definition = """
+        -> TableB
+        c_id: int
+        ---
+        c_int: int
+        """
+        contents = [(0, 10, 100, -8), (0, 11, 200, -9,), (0, 11, 300, -7,)]
+
+    yield connection
+
+    deps_secret.schema.drop()
+    deps.schema.drop()
+    connection.query("DROP USER 'underprivileged'@'%%';")
+    connection.close()
+    dj.config['safemode'] = True
+
+
+@pytest.fixture
+def underprivileged_token(client, connection):
+    yield client.post('/api/login', json=dict(databaseAddress=getenv('TEST_DB_SERVER'),
+                                              username='underprivileged',
+                                              password='datajoint')).json['jwt']
+
+
+def test_dependencies_underprivileged(underprivileged_token, client):
+    schema_name = 'deps'
+    table_name = 'TableA'
+    restriction = b64encode(dumps(dict(a_id=0)).encode('utf-8')).decode('utf-8')
+    REST_dependencies = client.get(
+        f"""/api/record/dependency?schemaName={
+            schema_name}&tableName={table_name}&restriction={restriction}""",
+        headers=dict(Authorization=f'Bearer {underprivileged_token}')).json['dependencies']
+    REST_records = client.post('/api/fetch_tuples',
+                               headers=dict(Authorization=f'Bearer {underprivileged_token}'),
+                               json=dict(schemaName=schema_name,
+                                         tableName=table_name)).json['tuples']
+    assert len(REST_records) == 2
+    assert len(REST_dependencies) == 4
+    table_a = [el for el in REST_dependencies
+               if el['schema'] == 'deps' and 'table_a' in el['table']][0]
+    assert table_a['accessible'] and table_a['count'] == 1
+    table_b = [el for el in REST_dependencies
+               if el['schema'] == 'deps' and 'table_b' in el['table']][0]
+    assert table_b['accessible'] and table_b['count'] == 2
+    table_c = [el for el in REST_dependencies
+               if el['schema'] == 'deps' and 'table_c' in el['table']][0]
+    assert table_c['accessible'] and table_c['count'] == 3
+    diff_table_b = [el for el in REST_dependencies
+                    if el['schema'] == 'deps_secret' and 'diff_table_b' in el['table']][0]
+    assert not diff_table_b['accessible']
+
+
+def test_dependencies_admin(token, client, connection):
+    schema_name = 'deps'
+    table_name = 'TableA'
+    restriction = b64encode(dumps(dict(a_id=0)).encode('utf-8')).decode('utf-8')
+    REST_dependencies = client.get(
+        f"""/api/record/dependency?schemaName={
+            schema_name}&tableName={table_name}&restriction={restriction}""",
+        headers=dict(Authorization=f'Bearer {token}')).json['dependencies']
+    REST_records = client.post('/api/fetch_tuples',
+                               headers=dict(Authorization=f'Bearer {token}'),
+                               json=dict(schemaName=schema_name,
+                                         tableName=table_name)).json['tuples']
+    assert len(REST_records) == 2
+    assert len(REST_dependencies) == 4
+    table_a = [el for el in REST_dependencies
+               if el['schema'] == 'deps' and 'table_a' in el['table']][0]
+    assert table_a['accessible'] and table_a['count'] == 1
+    table_b = [el for el in REST_dependencies
+               if el['schema'] == 'deps' and 'table_b' in el['table']][0]
+    assert table_b['accessible'] and table_b['count'] == 2
+    table_c = [el for el in REST_dependencies
+               if el['schema'] == 'deps' and 'table_c' in el['table']][0]
+    assert table_c['accessible'] and table_c['count'] == 3
+    diff_table_b = [el for el in REST_dependencies
+                    if el['schema'] == 'deps_secret' and 'diff_table_b' in el['table']][0]
+    assert diff_table_b['accessible'] and diff_table_b['count'] == 2
