🎨 moving projects between workspaces (#6312)

Author: matusdrobuliak66

api/specs/web-server/_projects_workspaces.py

@@ -0,0 +1,34 @@
+""" Helper script to automatically generate OAS
+
+This OAS are the source of truth
+"""
+
+# pylint: disable=redefined-outer-name
+# pylint: disable=unused-argument
+# pylint: disable=unused-variable
+# pylint: disable=too-many-arguments
+
+
+from typing import Annotated
+
+from fastapi import APIRouter, Depends, status
+from simcore_service_webserver._meta import API_VTAG
+from simcore_service_webserver.projects._workspaces_handlers import (
+    _ProjectWorkspacesPathParams,
+)
+
+router = APIRouter(
+    prefix=f"/{API_VTAG}",
+    tags=["projects", "workspaces"],
+)
+
+
+@router.put(
+    "/projects/{project_id}/workspaces/{workspace_id}",
+    status_code=status.HTTP_204_NO_CONTENT,
+    summary="Move project to the workspace",
+)
+async def replace_project_workspace(
+    _path: Annotated[_ProjectWorkspacesPathParams, Depends()],
+):
+    ...

api/specs/web-server/openapi.py

@@ -42,6 +42,7 @@
         "_projects_states",
         "_projects_tags",
         "_projects_wallet",
+        "_projects_workspaces",
         "_publications",
         "_resource_usage",
         "_statics",

services/web/server/src/simcore_service_webserver/api/v0/openapi.yaml

@@ -3482,6 +3482,32 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/Envelope_WalletGet_'
+  /v0/projects/{project_id}/workspaces/{workspace_id}:
+    put:
+      tags:
+      - projects
+      - workspaces
+      summary: Move project to the workspace
+      operationId: replace_project_workspace
+      parameters:
+      - required: true
+        schema:
+          title: Project Id
+          type: string
+          format: uuid
+        name: project_id
+        in: path
+      - required: true
+        schema:
+          title: Workspace Id
+          exclusiveMinimum: true
+          type: integer
+          minimum: 0
+        name: workspace_id
+        in: path
+      responses:
+        '204':
+          description: Successful Response
   /v0/publications/service-submission:
     post:
       tags:

services/web/server/src/simcore_service_webserver/projects/_crud_api_create.py

@@ -287,6 +287,8 @@ async def create_project(  # pylint: disable=too-many-arguments,too-many-branche
                     user_id=user_id if workspace_id is None else None,
                     workspace_id=workspace_id,
                 )
+                # Folder ID is not part of the project resource
+                predefined_project.pop("folderId")
 
         if from_study:
             # 1.1 prepare copy

services/web/server/src/simcore_service_webserver/projects/_folders_db.py

@@ -98,3 +98,15 @@ async def delete_project_to_folder(
                 & (projects_to_folders.c.user_id == private_workspace_user_id_or_none)
             )
         )
+
+
+async def delete_all_project_to_folder_by_project_id(
+    app: web.Application,
+    project_id: ProjectID,
+) -> None:
+    async with get_database_engine(app).acquire() as conn:
+        await conn.execute(
+            projects_to_folders.delete().where(
+                projects_to_folders.c.project_uuid == f"{project_id}"
+            )
+        )

services/web/server/src/simcore_service_webserver/projects/_groups_db.py

@@ -190,3 +190,15 @@ async def delete_project_group(
                 & (project_to_groups.c.gid == group_id)
             )
         )
+
+
+async def delete_all_project_groups(
+    app: web.Application,
+    project_id: ProjectID,
+) -> None:
+    async with get_database_engine(app).acquire() as conn:
+        await conn.execute(
+            project_to_groups.delete().where(
+                project_to_groups.c.project_uuid == f"{project_id}"
+            )
+        )

services/web/server/src/simcore_service_webserver/projects/_workspaces_api.py

@@ -0,0 +1,69 @@
+import logging
+
+from aiohttp import web
+from models_library.products import ProductName
+from models_library.projects import ProjectID
+from models_library.users import UserID
+from models_library.workspaces import WorkspaceID
+
+from ..projects._access_rights_api import get_user_project_access_rights
+from ..users.api import get_user
+from ..workspaces.api import check_user_workspace_access
+from . import _folders_db as project_to_folders_db
+from . import _groups_db as project_groups_db
+from .db import APP_PROJECT_DBAPI, ProjectDBAPI
+from .exceptions import ProjectInvalidRightsError
+
+_logger = logging.getLogger(__name__)
+
+
+async def move_project_into_workspace(
+    app: web.Application,
+    *,
+    user_id: UserID,
+    project_id: ProjectID,
+    workspace_id: WorkspaceID | None,
+    product_name: ProductName,
+) -> None:
+    project_api: ProjectDBAPI = app[APP_PROJECT_DBAPI]
+
+    # 1. User needs to have delete permission on project
+    project_access_rights = await get_user_project_access_rights(
+        app, project_id=project_id, user_id=user_id, product_name=product_name
+    )
+    if project_access_rights.delete is False:
+        raise ProjectInvalidRightsError(user_id=user_id, project_uuid=project_id)
+
+    # 2. User needs to have write permission on workspace
+    if workspace_id:
+        await check_user_workspace_access(
+            app,
+            user_id=user_id,
+            workspace_id=workspace_id,
+            product_name=product_name,
+            permission="write",
+        )
+
+    # 3. Delete project to folders (for everybody)
+    await project_to_folders_db.delete_all_project_to_folder_by_project_id(
+        app,
+        project_id=project_id,
+    )
+
+    # 4. Update workspace ID on the project resource
+    await project_api.patch_project(
+        project_uuid=project_id,
+        new_partial_project_data={"workspace_id": workspace_id},
+    )
+
+    # 5. Remove all project permissions, leave only the user who moved the project
+    user = await get_user(app, user_id=user_id)
+    await project_groups_db.delete_all_project_groups(app, project_id=project_id)
+    await project_groups_db.update_or_insert_project_group(
+        app,
+        project_id=project_id,
+        group_id=user["primary_gid"],
+        read=True,
+        write=True,
+        delete=True,
+    )

services/web/server/src/simcore_service_webserver/projects/_workspaces_handlers.py

@@ -0,0 +1,84 @@
+import functools
+import logging
+
+from aiohttp import web
+from models_library.projects import ProjectID
+from models_library.utils.common_validators import null_or_none_str_to_none_validator
+from models_library.workspaces import WorkspaceID
+from pydantic import BaseModel, Extra, validator
+from servicelib.aiohttp.requests_validation import parse_request_path_parameters_as
+from servicelib.aiohttp.typing_extension import Handler
+from servicelib.mimetype_constants import MIMETYPE_APPLICATION_JSON
+
+from .._meta import api_version_prefix as VTAG
+from ..folders.errors import FolderAccessForbiddenError, FolderNotFoundError
+from ..login.decorators import login_required
+from ..security.decorators import permission_required
+from ..workspaces.errors import WorkspaceAccessForbiddenError, WorkspaceNotFoundError
+from . import _workspaces_api
+from ._common_models import RequestContext
+from .exceptions import ProjectInvalidRightsError, ProjectNotFoundError
+
+_logger = logging.getLogger(__name__)
+
+
+def _handle_projects_workspaces_exceptions(handler: Handler):
+    @functools.wraps(handler)
+    async def wrapper(request: web.Request) -> web.StreamResponse:
+        try:
+            return await handler(request)
+
+        except (
+            ProjectNotFoundError,
+            FolderNotFoundError,
+            WorkspaceNotFoundError,
+        ) as exc:
+            raise web.HTTPNotFound(reason=f"{exc}") from exc
+
+        except (
+            ProjectInvalidRightsError,
+            FolderAccessForbiddenError,
+            WorkspaceAccessForbiddenError,
+        ) as exc:
+            raise web.HTTPForbidden(reason=f"{exc}") from exc
+
+    return wrapper
+
+
+routes = web.RouteTableDef()
+
+
+class _ProjectWorkspacesPathParams(BaseModel):
+    project_id: ProjectID
+    workspace_id: WorkspaceID | None
+
+    class Config:
+        extra = Extra.forbid
+
+    # validators
+    _null_or_none_str_to_none_validator = validator(
+        "workspace_id", allow_reuse=True, pre=True
+    )(null_or_none_str_to_none_validator)
+
+
+@routes.put(
+    f"/{VTAG}/projects/{{project_id}}/workspaces/{{workspace_id}}",
+    name="replace_project_workspace",
+)
+@login_required
+@permission_required("project.workspaces.*")
+@_handle_projects_workspaces_exceptions
+async def replace_project_workspace(request: web.Request):
+    req_ctx = RequestContext.parse_obj(request)
+    path_params = parse_request_path_parameters_as(
+        _ProjectWorkspacesPathParams, request
+    )
+
+    await _workspaces_api.move_project_into_workspace(
+        app=request.app,
+        user_id=req_ctx.user_id,
+        project_id=path_params.project_id,
+        workspace_id=path_params.workspace_id,
+        product_name=req_ctx.product_name,
+    )
+    raise web.HTTPNoContent(content_type=MIMETYPE_APPLICATION_JSON)

services/web/server/src/simcore_service_webserver/projects/plugin.py

@@ -21,6 +21,7 @@
     _states_handlers,
     _tags_handlers,
     _wallets_handlers,
+    _workspaces_handlers,
 )
 from ._observer import setup_project_observer_events
 from ._projects_access import setup_projects_access
@@ -59,5 +60,6 @@ def setup_projects(app: web.Application) -> bool:
     app.router.add_routes(_wallets_handlers.routes)
     app.router.add_routes(_folders_handlers.routes)
     app.router.add_routes(_projects_nodes_pricing_unit_handlers.routes)
+    app.router.add_routes(_workspaces_handlers.routes)
 
     return True

services/web/server/src/simcore_service_webserver/security/_authz_access_roles.py

@@ -73,6 +73,7 @@ class PermissionDict(TypedDict, total=False):
             "project.tag.*",
             "project.template.create",
             "project.wallet.*",
+            "project.workspaces.*",
             "resource-usage.read",
             "tag.crud.*",
             "user.apikey.*",