Merge pull request #986 from mguidon/anonymous_user

ISAN: Anonymous users need to have access to their files and update-pipeline

Author: mguidon

services/web/server/src/simcore_service_webserver/config/server-docker-dev.yaml

@@ -7,7 +7,7 @@ main:
   client_outdir: ${SIMCORE_WEB_OUTDIR}
   log_level: DEBUG
   testing: True
-  studies_access_enabled: False
+  studies_access_enabled: True
   monitoring_enabled: True
 director:
   host: ${DIRECTOR_HOST}

services/web/server/src/simcore_service_webserver/security_roles.py

@@ -24,6 +24,11 @@
   },
   UserRole.GUEST: {
       "can": [
+        # Anonymous users need access to the filesystem because files are being transferred
+        "project.update",
+        "storage.locations.*", # "storage.datcore.read"
+        "storage.files.*",
+
         "project.read",          # "studies.user.read",
                                  # "studies.templates.read"
         # NOTE: All services* are not necessary since it only requires login
@@ -39,7 +44,6 @@
   UserRole.USER: {
       "can": [
           "project.create",      # "studies.user.create",
-          "project.update",
           "project.delete",      # "study.node.create",
                                  # "study.node.delete",
                                  # "study.node.rename",
@@ -50,8 +54,7 @@
                                  # "preferences.role.update"
           "user.tokens.*",       # "preferences.token.create",
                                  # "preferences.token.delete"
-          "storage.locations.*", # "storage.datcore.read"
-          "storage.files.*",
+          
         # NOTE: All services* are not necessary since it only requires login
         # and there is no distinction among logged in users.
         # TODO: kept temporarily as a way to denote resources

services/web/server/tests/unit/with_postgres/test_projects.py

@@ -373,7 +373,7 @@ async def test_new_template_from_project(client, logged_user, user_project, expe
 # PUT --------
 @pytest.mark.parametrize("user_role,expected", [
     (UserRole.ANONYMOUS, web.HTTPUnauthorized),
-    (UserRole.GUEST, web.HTTPForbidden),
+    (UserRole.GUEST, web.HTTPOk),
     (UserRole.USER, web.HTTPOk),
     (UserRole.TESTER, web.HTTPOk),
 ])
@@ -420,7 +420,7 @@ async def test_replace_project_updated_inputs(client, logged_user, user_project,
 
 @pytest.mark.parametrize("user_role,expected", [
     (UserRole.ANONYMOUS, web.HTTPUnauthorized),
-    (UserRole.GUEST, web.HTTPForbidden),
+    (UserRole.GUEST, web.HTTPOk),
     (UserRole.USER, web.HTTPOk),
     (UserRole.TESTER, web.HTTPOk),
 ])

services/web/server/tests/unit/with_postgres/test_storage.py

@@ -120,7 +120,7 @@ async def logged_user(client, role: UserRole):
 
 @pytest.mark.parametrize("role,expected", [
     (UserRole.ANONYMOUS, web.HTTPUnauthorized),
-    (UserRole.GUEST, web.HTTPForbidden),
+    (UserRole.GUEST, web.HTTPOk),
     (UserRole.USER, web.HTTPOk),
     (UserRole.TESTER, web.HTTPOk),
 ])
@@ -137,7 +137,7 @@ async def test_get_storage_locations(client, storage_server, logged_user, role,
 
 @pytest.mark.parametrize("role,expected", [
     (UserRole.ANONYMOUS, web.HTTPUnauthorized),
-    (UserRole.GUEST, web.HTTPForbidden),
+    (UserRole.GUEST, web.HTTPOk),
     (UserRole.USER, web.HTTPOk),
     (UserRole.TESTER, web.HTTPOk),
 ])
@@ -159,7 +159,7 @@ async def test_get_datasets_metadata(client, storage_server, logged_user, role,
 
 @pytest.mark.parametrize("role,expected", [
     (UserRole.ANONYMOUS, web.HTTPUnauthorized),
-    (UserRole.GUEST, web.HTTPForbidden),
+    (UserRole.GUEST, web.HTTPOk),
     (UserRole.USER, web.HTTPOk),
     (UserRole.TESTER, web.HTTPOk),
 ])
@@ -180,7 +180,7 @@ async def test_get_files_metadata_dataset(client, storage_server, logged_user, r
 
 @pytest.mark.parametrize("role,expected", [
     (UserRole.ANONYMOUS, web.HTTPUnauthorized),
-    (UserRole.GUEST, web.HTTPForbidden),
+    (UserRole.GUEST, web.HTTPOk),
     (UserRole.USER, web.HTTPOk),
     (UserRole.TESTER, web.HTTPOk),
 ])
@@ -201,7 +201,7 @@ async def test_storage_file_meta(client, storage_server, logged_user, role, expe
 
 @pytest.mark.parametrize("role,expected", [
     (UserRole.ANONYMOUS, web.HTTPUnauthorized),
-    (UserRole.GUEST, web.HTTPForbidden),
+    (UserRole.GUEST, web.HTTPOk),
     (UserRole.USER, web.HTTPOk),
     (UserRole.TESTER, web.HTTPOk),
 ])