[feature] UI Fine grained access - project locking and notification

* write permissions needed to remove a user not delete permission
* added test for opening a shared project 2 times
* access_rights renamed to accessRights
*added test for groups access rights 
* adding state endpoint
* mypy
* now check project is locked
* user is automatically enters room upon successful login
* project state now returns the value + owner of the lock if any

Author: sanderegg

api/specs/common/schemas/project.yaml

@@ -1,17 +1,18 @@
 components:
   schemas:
     Project:
-      $ref: './project-v0.0.1-converted.yaml'
+      $ref: "./project-v0.0.1-converted.yaml"
     ProjectEnveloped:
       type: object
       required:
         - data
       properties:
         data:
-          $ref: '#/components/schemas/Project'
+          $ref: "#/components/schemas/Project"
         error:
           nullable: true
           default: null
+
     ProjectArrayEnveloped:
       type: object
       required:
@@ -20,7 +21,43 @@ components:
         data:
           type: array
           items:
-            $ref: '#/components/schemas/Project'
+            $ref: "#/components/schemas/Project"
+        error:
+          nullable: true
+          default: null
+
+    ProjectState:
+      type: object
+      required:
+        - locked
+      properties:
+        locked:
+          type: object
+          description: describes the project lock state
+          required:
+            - value
+          properties:
+            value:
+              type: boolean
+              description: true if the project is locked
+            owner:
+              type: object
+              properties:
+                first_name:
+                  type: string
+                last_name:
+                  type: string
+              required:
+                - firstName
+                - lastName
+
+    ProjectStateEnveloped:
+      type: object
+      required:
+        - data
+      properties:
+        data:
+          $ref: "#/components/schemas/ProjectState"
         error:
           nullable: true
           default: null

api/specs/webserver/components/schemas/group.yaml

@@ -42,13 +42,13 @@ UsersGroup:
       description: url to the group thumbnail
       type: string
       format: uri
-    access_rights:
+    accessRights:
       $ref: "#/GroupAccessRights"
   required:
     - gid
     - label
     - description
-    - access_rights
+    - accessRights
   example:
     - gid: "27"
       label: "A user"

api/specs/webserver/openapi-groups.yaml

@@ -181,7 +181,15 @@ paths:
         content:
           application/json:
             schema:
-              $ref: "./components/schemas/group.yaml#/GroupAccessRights"
+              type: object
+              properties:
+                accessRights:
+                  $ref: "./components/schemas/group.yaml#/GroupAccessRights"
+              required:
+                - accessRights
+
+
+
       responses:
         "200":
           description: modified user

api/specs/webserver/openapi-projects.yaml

@@ -171,6 +171,29 @@ paths:
         default:
           $ref: "#/components/responses/DefaultErrorResponse"
 
+  /projects/{project_id}/state:
+    parameters:
+      - name: project_id
+        in: path
+        required: true
+        schema:
+          type: string
+    get:
+      tags:
+        - project
+      summary: returns the state of a project
+      operationId: state_project
+      responses:
+        "200":
+          description: returns the project current state
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/ProjectStateEnveloped"
+
+        default:
+          $ref: "#/components/responses/DefaultErrorResponse"
+
   /projects/{project_id}/close:
     parameters:
       - name: project_id
@@ -362,6 +385,9 @@ components:
     ProjectArrayEnveloped:
       $ref: "../common/schemas/project.yaml#/components/schemas/ProjectArrayEnveloped"
 
+    ProjectStateEnveloped:
+      $ref: "../common/schemas/project.yaml#/components/schemas/ProjectStateEnveloped"
+
     RunningServiceEnveloped:
       $ref: "../common/schemas/running_service.yaml#/components/schemas/RunningServiceEnveloped"
 

api/specs/webserver/openapi.yaml

@@ -159,6 +159,9 @@ paths:
   /projects/{project_id}:open:
     $ref: "./openapi-projects.yaml#/paths/~1projects~1{project_id}~1open"
 
+  /projects/{project_id}/state:
+    $ref: "./openapi-projects.yaml#/paths/~1projects~1{project_id}~1state"
+
   /projects/{project_id}:close:
     $ref: "./openapi-projects.yaml#/paths/~1projects~1{project_id}~1close"
 

mypy.ini

@@ -3,7 +3,8 @@
 python_version = 3.6
 warn_return_any = True
 warn_unused_configs = True
-
+namespace_packages = True
+; ignore_missing_imports = True
 # Per-module options:
 [mypy-aio-pika.*]
 ignore_missing_imports = True
@@ -17,6 +18,8 @@ ignore_missing_imports = True
 ignore_missing_imports = True
 [mypy-aiosmtplib.*]
 ignore_missing_imports = True
+[mypy-aiozipkin.*]
+ignore_missing_imports = True
 [mypy-asyncpg.*]
 ignore_missing_imports = True
 [mypy-celery.*]
@@ -27,6 +30,10 @@ ignore_missing_imports = True
 ignore_missing_imports = True
 [mypy-jsondiff.*]
 ignore_missing_imports = True
+[mypy-jsonschema.*]
+ignore_missing_imports = True
+[mypy-openapi_core.*]
+ignore_missing_imports = True
 [mypy-passlib.*]
 ignore_missing_imports = True
 [mypy-prometheus_client.*]
@@ -39,3 +46,7 @@ ignore_missing_imports = True
 ignore_missing_imports = True
 [mypy-trafaret.*]
 ignore_missing_imports = True
+[mypy-trafaret_config.*]
+ignore_missing_imports = True
+[mypy-yarl.*]
+ignore_missing_imports = True

packages/postgres-database/src/simcore_postgres_database/cli.py

@@ -11,14 +11,14 @@
 from copy import deepcopy
 from logging.config import fileConfig
 from pathlib import Path
-from typing import Dict
+from typing import Dict, Optional
 
-import alembic.command
 import click
+
+import alembic.command
 import docker
 from alembic import __version__ as __alembic_version__
 from alembic.config import Config as AlembicConfig
-
 from simcore_postgres_database.models import *
 from simcore_postgres_database.utils import build_url, raise_if_not_responsive
 
@@ -110,29 +110,28 @@ def _reset_cache():
 def main():
     """ Simplified CLI for database migration with alembic """
 
-
 @main.command()
 @click.option("--user", "-u")
 @click.option("--password", "-p")
 @click.option("--host")
 @click.option("--port", type=int)
 @click.option("--database", "-d")
-def discover(**cli_inputs) -> Dict:
+def discover(**cli_inputs) -> Optional[Dict]:
     """ Discovers databases and caches configs in ~/.simcore_postgres_database.json (except if --no-cache)"""
     # NOTE: Do not add defaults to user, password so we get a chance to ping urls
     # TODO: if multiple candidates online, then query user to select
 
     click.echo("Discovering database ...")
     cli_cfg = {key: value for key, value in cli_inputs.items() if value is not None}
 
-    def _test_cached():
+    def _test_cached() -> Dict:
         """Tests cached configuration """
         cfg = _load_cache() or {}
         if cfg:
             cfg.update(cli_cfg)  # overrides
         return cfg
 
-    def _test_env():
+    def _test_env() -> Dict:
         """Tests environ variables """
         cfg = {
             "user": os.getenv("POSTGRES_USER"),
@@ -144,7 +143,7 @@ def _test_env():
         cfg.update(cli_cfg)
         return cfg
 
-    def _test_swarm():
+    def _test_swarm() -> Dict:
         """Tests published port in swarm from host """
         cfg = _test_env()
         cfg["host"] = "127.0.0.1"
@@ -182,6 +181,7 @@ def _test_swarm():
 
     _reset_cache()
     click.secho("Sorry, database not found !!", blink=False, bold=True, fg="red")
+    return None
 
 
 @main.command()

packages/pytest-simcore/src/pytest_simcore/websocket_client.py

@@ -10,7 +10,7 @@
 
 
 @pytest.fixture()
-async def security_cookie(loop, client) -> str:
+async def security_cookie_factory(loop, client) -> str:
     # get the cookie by calling the root entrypoint
     resp = await client.get("/v0/")
     payload = await resp.json()
@@ -32,17 +32,23 @@ async def socketio_url(loop, client) -> str:
 
 
 @pytest.fixture()
-async def socketio_client(socketio_url: str, security_cookie: str):
+async def socketio_client(
+    socketio_url: str, security_cookie_factory: str
+) -> socketio.AsyncClient:
     clients = []
 
     async def connect(client_session_id) -> socketio.AsyncClient:
-        sio = socketio.AsyncClient(ssl_verify=False)    # enginio 3.10.0 introduced ssl verification
-        url = str(URL(socketio_url).with_query({'client_session_id': client_session_id}))
+        sio = socketio.AsyncClient(
+            ssl_verify=False
+        )  # enginio 3.10.0 introduced ssl verification
+        url = str(
+            URL(socketio_url).with_query({"client_session_id": client_session_id})
+        )
 
         headers = {}
-        if security_cookie:
+        if security_cookie_factory:
             # WARNING: engineio fails with empty cookies. Expects "key=value"
-            headers.update({'Cookie': security_cookie})
+            headers.update({"Cookie": security_cookie_factory})
 
         await sio.connect(url, headers=headers)
         assert sio.sid

packages/service-library/src/servicelib/utils.py

@@ -8,15 +8,15 @@
 import logging
 import os
 from pathlib import Path
-from typing import Any, Coroutine, List, Optional, Union
+from typing import Any, Awaitable, Coroutine, List, Optional, Union
 
 logger = logging.getLogger(__name__)
 
 
 def is_production_environ() -> bool:
-    """ 
-        If True, this code most probably 
-        runs in a production container of one of the 
+    """
+        If True, this code most probably
+        runs in a production container of one of the
         osparc-simcore services.
     """
     # WARNING: based on a convention that is not constantly verified
@@ -46,7 +46,9 @@ def search_osparc_repo_dir(start: Union[str, Path], max_iterations=8) -> Optiona
 
 
 # FUTURES
-def fire_and_forget_task(obj: Union[Coroutine, asyncio.Future]) -> asyncio.Future:
+def fire_and_forget_task(
+    obj: Union[Coroutine, asyncio.Future, Awaitable]
+) -> asyncio.Future:
     future = asyncio.ensure_future(obj)
 
     def log_exception_callback(fut: asyncio.Future):
@@ -63,7 +65,7 @@ def log_exception_callback(fut: asyncio.Future):
 async def logged_gather(
     *tasks, reraise: bool = True, log: logging.Logger = logger
 ) -> List[Any]:
-    """ 
+    """
         *all* coroutine passed are executed concurrently and once they are all
         completed, the first error (if any) is reraised or all returned
 

scripts/common.Makefile

@@ -100,6 +100,9 @@ autoformat: ## runs black python formatter on this service's code. Use AFTER mak
 		--exclude "/(\.eggs|\.git|\.hg|\.mypy_cache|\.nox|\.tox|\.venv|\.svn|_build|buck-out|build|dist|migration|client-sdk|generated_code)/" \
 		$(CURDIR)
 
+.PHONY: mypy
+mypy: $(REPO_BASE_DIR)/scripts/mypy.bash $(REPO_BASE_DIR)/mypy.ini ## runs mypy python static type checker on this services's code. Use AFTER make install-*
+	@$(REPO_BASE_DIR)/scripts/mypy.bash src
 
 .PHONY: version-patch version-minor version-major
 version-patch: ## commits version with bug fixes not affecting the cookiecuter config

scripts/mypy.bash

@@ -0,0 +1,22 @@
+#!/bin/bash
+# http://redsymbol.net/articles/unofficial-bash-strict-mode/
+set -o errexit
+set -o nounset
+set -o pipefail
+IFS=$'\n\t'
+
+target_path=$(realpath ${1:-Please give target path as argument})
+cd "$(dirname "$0")"
+default_mypy_config="$(dirname ${PWD})/mypy.ini"
+mypy_config=$(realpath ${2:-${default_mypy_config}})
+
+echo mypying ${target_path} using config in ${mypy_config}...
+
+echo $default_mypy_config
+docker run --rm \
+  -v ${mypy_config}:/config/mypy.ini \
+  -v ${target_path}:/src \
+  --workdir=/src \
+  kiwicom/mypy mypy \
+    --config-file /config/mypy.ini \
+    /src

services/web/client/source/class/osparc/component/export/Permissions.js

@@ -157,7 +157,7 @@ qx.Class.define("osparc.component.export.Permissions", {
           ctrl.bindProperty("login", "subtitle", null, item, id); // user
           ctrl.bindProperty("description", "subtitle", null, item, id); // organization
           ctrl.bindProperty("isOrg", "isOrganization", null, item, id);
-          ctrl.bindProperty("access_rights", "accessRights", null, item, id);
+          ctrl.bindProperty("accessRights", "accessRights", null, item, id);
           ctrl.bindProperty("showOptions", "showOptions", null, item, id);
         },
         configureItem: item => {
@@ -229,7 +229,7 @@ qx.Class.define("osparc.component.export.Permissions", {
             collaborator["thumbnail"] = osparc.utils.Avatar.getUrl(collaborator["login"], 32);
             collaborator["name"] = osparc.utils.Utils.firstsUp(collaborator["first_name"], collaborator["last_name"]);
           }
-          collaborator["access_rights"] = aceessRights[gid];
+          collaborator["accessRights"] = aceessRights[gid];
           if (this.__isUserOwner()) {
             collaborator["showOptions"] = true;
           }