Source code for tvb.interfaces.rest.server.access_permissions.permissions

# -*- coding: utf-8 -*-
#
#
# TheVirtualBrain-Framework Package. This package holds all Data Management, and 
# Web-UI helpful to run brain-simulations. To use it, you also need to download
# TheVirtualBrain-Scientific Package (for simulators). See content of the
# documentation-folder for more details. See also http://www.thevirtualbrain.org
#
# (c) 2012-2023, Baycrest Centre for Geriatric Care ("Baycrest") and others
#
# This program is free software: you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software Foundation,
# either version 3 of the License, or (at your option) any later version.
# This program is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.  See the GNU General Public License for more details.
# You should have received a copy of the GNU General Public License along with this
# program.  If not, see <http://www.gnu.org/licenses/>.
#
#
#   CITATION:
# When using The Virtual Brain for scientific publications, please cite it as explained here:
# https://www.thevirtualbrain.org/tvb/zwei/neuroscience-publications
#
#
from abc import abstractmethod

from sqlalchemy.orm.exc import NoResultFound
from tvb.core.entities.storage import CaseDAO, DatatypeDAO
from tvb.core.services.exceptions import ProjectServiceException
from tvb.core.services.project_service import ProjectService
from tvb.interfaces.rest.commons.exceptions import InvalidIdentifierException
from tvb.interfaces.rest.server.request_helper import get_current_user


[docs] class ResourceAccessPermission: def __init__(self, resource_identifier, required_role=None): self.resource_identifier = resource_identifier self.required_role = required_role
[docs] def has_access(self): current_user = get_current_user() if self.required_role is not None and current_user.role != self.required_role: return False return self._check_permission(current_user.id)
@abstractmethod def _check_permission(self, logged_user_id): """ :return: a list of users id who can access the requested resource """ raise RuntimeError("Not implemented.")
[docs] class ProjectAccessPermission(ResourceAccessPermission): def __init__(self, project_gid): super(ProjectAccessPermission, self).__init__(project_gid) self.project_dao = CaseDAO() def _check_permission(self, logged_user_id): try: project = self.project_dao.get_project_lazy_by_gid(self.resource_identifier) except (ProjectServiceException, NoResultFound): raise InvalidIdentifierException() return self.check_project_permission(logged_user_id, project.id)
[docs] def check_project_permission(self, logged_user_id, project_id): project_members = self.project_dao.get_members_of_project(project_id) return logged_user_id in [project_member.id for project_member in project_members]
[docs] class OperationAccessPermission(ProjectAccessPermission): def __init__(self, operation_gid): super(OperationAccessPermission, self).__init__(operation_gid) def _check_permission(self, logged_user_id): operation = ProjectService.load_operation_by_gid(self.resource_identifier) if operation is None: raise InvalidIdentifierException() return self.check_project_permission(logged_user_id, operation.fk_launched_in)
[docs] class DataTypeAccessPermission(ProjectAccessPermission): def __init__(self, datatype_gid): super(DataTypeAccessPermission, self).__init__(datatype_gid) self.datatype_dao = DatatypeDAO() def _check_permission(self, logged_user_id): datatype = self.datatype_dao.get_datatype_by_gid(self.resource_identifier) if datatype is None: raise InvalidIdentifierException() if self.check_project_permission(logged_user_id, datatype.parent_operation.fk_launched_in): return True links = self.datatype_dao.get_links_for_datatype(datatype.id) if links is not None: for link in links: if self.check_project_permission(logged_user_id, link.fk_to_project): return True return False