Merge branch 'master' into fix-catalog

Author: odeimaiz

packages/service-library/src/servicelib/rabbitmq/rpc_interfaces/webserver/functions/functions_rpc_interface.py

@@ -16,6 +16,7 @@
     RegisteredFunctionJob,
     RegisteredFunctionJobCollection,
 )
+from models_library.functions import FunctionUserAccessRights
 from models_library.products import ProductName
 from models_library.rabbitmq_basic_types import RPCMethodName
 from models_library.rest_pagination import PageMetaInfoLimitOffset
@@ -388,3 +389,21 @@ async def delete_function_job_collection(
         product_name=product_name,
     )
     assert result is None  # nosec
+
+
+@log_decorator(_logger, level=logging.DEBUG)
+async def get_function_user_permissions(
+    rabbitmq_rpc_client: RabbitMQRPCClient,
+    *,
+    user_id: UserID,
+    product_name: ProductName,
+    function_id: FunctionID,
+) -> FunctionUserAccessRights:
+    result = await rabbitmq_rpc_client.request(
+        WEBSERVER_RPC_NAMESPACE,
+        TypeAdapter(RPCMethodName).validate_python("get_function_user_permissions"),
+        function_id=function_id,
+        user_id=user_id,
+        product_name=product_name,
+    )
+    return TypeAdapter(FunctionUserAccessRights).validate_python(result)

services/api-server/src/simcore_service_api_server/api/routes/functions_routes.py

@@ -21,8 +21,11 @@
     RegisteredFunctionJobCollection,
     SolverFunctionJob,
 )
+from models_library.functions import FunctionUserAccessRights
 from models_library.functions_errors import (
+    FunctionExecuteAccessDeniedError,
     FunctionInputsValidationError,
+    FunctionReadAccessDeniedError,
     UnsupportedFunctionClassError,
 )
 from models_library.products import ProductName
@@ -371,6 +374,22 @@ async def run_function(  # noqa: PLR0913
     job_service: Annotated[JobService, Depends(get_job_service)],
 ) -> RegisteredFunctionJob:
 
+    user_permissions: FunctionUserAccessRights = (
+        await wb_api_rpc.get_function_user_permissions(
+            function_id=function_id, user_id=user_id, product_name=product_name
+        )
+    )
+    if not user_permissions.read:
+        raise FunctionReadAccessDeniedError(
+            user_id=user_id,
+            function_id=function_id,
+        )
+    if not user_permissions.execute:
+        raise FunctionExecuteAccessDeniedError(
+            user_id=user_id,
+            function_id=function_id,
+        )
+
     from .function_jobs_routes import function_job_status
 
     to_run_function = await wb_api_rpc.get_function(

services/api-server/src/simcore_service_api_server/services_rpc/wb_api_server.py

@@ -23,6 +23,7 @@
     RegisteredFunctionJobCollection,
 )
 from models_library.api_schemas_webserver.licensed_items import LicensedItemRpcGetPage
+from models_library.functions import FunctionUserAccessRights
 from models_library.licenses import LicensedItemID
 from models_library.products import ProductName
 from models_library.projects import ProjectID
@@ -526,6 +527,20 @@ async def delete_function_job_collection(
             function_job_collection_id=function_job_collection_id,
         )
 
+    async def get_function_user_permissions(
+        self,
+        *,
+        user_id: UserID,
+        product_name: ProductName,
+        function_id: FunctionID,
+    ) -> FunctionUserAccessRights:
+        return await functions_rpc_interface.get_function_user_permissions(
+            self._client,
+            user_id=user_id,
+            product_name=product_name,
+            function_id=function_id,
+        )
+
 
 def setup(app: FastAPI, rabbitmq_rmp_client: RabbitMQRPCClient):
     wb_api_rpc_client = WbApiRpcClient(_client=rabbitmq_rmp_client)

services/api-server/tests/unit/api_functions/test_api_routers_functions.py

@@ -7,6 +7,7 @@
 from uuid import uuid4
 
 import httpx
+import respx
 from httpx import AsyncClient
 from models_library.api_schemas_webserver.functions import (
     FunctionJobCollection,
@@ -16,11 +17,14 @@
     RegisteredProjectFunction,
     RegisteredProjectFunctionJob,
 )
+from models_library.functions import FunctionUserAccessRights
 from models_library.functions_errors import (
     FunctionIDNotFoundError,
     FunctionReadAccessDeniedError,
 )
 from models_library.rest_pagination import PageMetaInfoLimitOffset
+from models_library.users import UserID
+from pytest_mock import MockType
 from servicelib.aiohttp import status
 from simcore_service_api_server._meta import API_VTAG
 
@@ -580,3 +584,34 @@ async def test_list_function_job_collections_with_function_filter(
         RegisteredFunctionJobCollection.model_validate(data["items"][0])
         == mock_registered_function_job_collection
     )
+
+
+async def test_run_function_not_allowed(
+    client: AsyncClient,
+    mock_handler_in_functions_rpc_interface: Callable[[str, Any], None],
+    mock_registered_function: RegisteredProjectFunction,
+    auth: httpx.BasicAuth,
+    user_id: UserID,
+    mocked_webserver_rest_api_base: respx.MockRouter,
+    mocked_webserver_rpc_api: dict[str, MockType],
+) -> None:
+    """Test that running a function is not allowed."""
+    mock_handler_in_functions_rpc_interface(
+        "get_function_user_permissions",
+        FunctionUserAccessRights(
+            user_id=user_id,
+            execute=False,
+            read=True,
+            write=True,
+        ),
+    )
+
+    response = await client.post(
+        f"{API_VTAG}/functions/{mock_registered_function.uid}:run",
+        json={},
+        auth=auth,
+    )
+    assert response.status_code == status.HTTP_403_FORBIDDEN
+    assert response.json()["errors"][0] == (
+        f"Function {mock_registered_function.uid} execute access denied for user {user_id}"
+    )

services/director-v2/src/simcore_service_director_v2/modules/dask_client.py

@@ -90,7 +90,7 @@
 _logger = logging.getLogger(__name__)
 
 
-_DASK_DEFAULT_TIMEOUT_S: Final[int] = 5
+_DASK_DEFAULT_TIMEOUT_S: Final[int] = 35
 
 
 _UserCallbackInSepThread = Callable[[], None]

services/static-webserver/client/source/class/osparc/dashboard/NewPlusMenu.js

@@ -244,9 +244,9 @@ qx.Class.define("osparc.dashboard.NewPlusMenu", {
 
       const permissions = osparc.data.Permissions.getInstance();
       if (permissions.canDo("dashboard.templates.read")) {
-        const templatesButton = this.self().createMenuButton("@FontAwesome5Solid/copy/16", this.tr("Tutorials..."));
-        templatesButton.addListener("execute", () => this.fireDataEvent("changeTab", "templatesTab"), this);
-        moreMenu.add(templatesButton);
+        const tutorialsButton = this.self().createMenuButton("@FontAwesome5Solid/copy/16", this.tr("Tutorials..."));
+        tutorialsButton.addListener("execute", () => this.fireDataEvent("changeTab", "tutorialsTab"), this);
+        moreMenu.add(tutorialsButton);
       }
 
       if (permissions.canDo("dashboard.services.read")) {

services/web/server/src/simcore_service_webserver/catalog/_catalog_rest_client_service.py

@@ -2,7 +2,7 @@
 
 import logging
 import urllib.parse
-from collections.abc import Callable, Iterator
+from collections.abc import Iterator
 from contextlib import contextmanager
 from typing import Any, Final
 
@@ -30,20 +30,11 @@
 from yarl import URL
 
 from .._meta import api_version_prefix
+from ._models import ServiceKeyVersionDict
 from .settings import CatalogSettings, get_plugin_settings
 
 _logger = logging.getLogger(__name__)
 
-# Cache settings
-_SECOND = 1  # in seconds
-_MINUTE = 60 * _SECOND
-_CACHE_TTL: Final = 1 * _MINUTE
-
-
-def _create_service_cache_key(_f: Callable[..., Any], *_args, **kw):
-    assert len(_args) == 1, f"Expected only app, got {_args}"  # nosec
-    return f"get_service_{kw['user_id']}_{kw['service_key']}_{kw['service_version']}_{kw['product_name']}"
-
 
 @contextmanager
 def _handle_client_exceptions(app: web.Application) -> Iterator[ClientSession]:
@@ -96,10 +87,27 @@ def to_backend_service(rel_url: URL, origin: URL, version_prefix: str) -> URL:
     return origin.with_path(new_path).with_query(rel_url.query)
 
 
+# Cache settings for services rest API
+_SECOND = 1  # in seconds
+_MINUTE = 60 * _SECOND
+_CACHE_TTL: Final = 1 * _MINUTE
+
+
+@cached(
+    ttl=_CACHE_TTL,
+    key_builder=lambda _f, *_args, **kw: f"get_services_for_user_in_product_{kw['user_id']}_{kw['product_name']}",
+    cache=Cache.MEMORY,
+)
 async def get_services_for_user_in_product(
-    app: web.Application, user_id: UserID, product_name: str, *, only_key_versions: bool
-) -> list[dict]:
+    app: web.Application, *, user_id: UserID, product_name: str
+) -> list[ServiceKeyVersionDict]:
+    """
+    DEPRECATED: see instead RPC interface.
+    SEE https://github.com/ITISFoundation/osparc-simcore/issues/7838
+    """
     settings: CatalogSettings = get_plugin_settings(app)
+    only_key_versions = True
+
     url = (URL(settings.api_base_url) / "services").with_query(
         {"user_id": user_id, "details": f"{not only_key_versions}"}
     )
@@ -115,13 +123,18 @@ async def get_services_for_user_in_product(
                     user_id,
                 )
                 return []
-            body: list[dict] = await response.json()
-            return body
+            services: list[dict] = await response.json()
+
+            # This reduces the size cached in the memory
+            return [
+                ServiceKeyVersionDict(key=service["key"], version=service["version"])
+                for service in services
+            ]
 
 
 @cached(
     ttl=_CACHE_TTL,
-    key_builder=_create_service_cache_key,
+    key_builder=lambda _f, *_args, **kw: f"get_service_{kw['user_id']}_{kw['service_key']}_{kw['service_version']}_{kw['product_name']}",
     cache=Cache.MEMORY,
     # SEE https://github.com/ITISFoundation/osparc-simcore/pull/7802
 )
@@ -133,6 +146,10 @@ async def get_service(
     service_version: ServiceVersion,
     product_name: ProductName,
 ) -> dict[str, Any]:
+    """
+    DEPRECATED: see instead RPC interface.
+    SEE https://github.com/ITISFoundation/osparc-simcore/issues/7838
+    """
     settings: CatalogSettings = get_plugin_settings(app)
     url = URL(
         f"{settings.api_base_url}/services/{urllib.parse.quote_plus(service_key)}/{service_version}",
@@ -144,8 +161,8 @@ async def get_service(
             url, headers={X_PRODUCT_NAME_HEADER: product_name}
         ) as response:
             response.raise_for_status()
-            body: dict[str, Any] = await response.json()
-            return body
+            service: dict[str, Any] = await response.json()
+            return service
 
 
 async def get_service_resources(

services/web/server/src/simcore_service_webserver/catalog/_controller_rest.py

@@ -37,7 +37,6 @@
 from ..utils_aiohttp import envelope_json_response
 from . import _catalog_rest_client_service, _service
 from ._controller_rest_exceptions import (
-    DefaultPricingUnitForServiceNotFoundError,
     handle_plugin_requests_exceptions,
 )
 from ._controller_rest_schemas import (
@@ -50,6 +49,7 @@
     ServiceTagPathParams,
     ToServiceInputsQueryParams,
 )
+from .errors import DefaultPricingUnitForServiceNotFoundError
 
 _logger = logging.getLogger(__name__)
 

services/web/server/src/simcore_service_webserver/catalog/_controller_rest_exceptions.py

@@ -105,19 +105,12 @@ async def _handler_catalog_client_errors(
 }
 
 
-_exceptions_handlers_map: ExceptionHandlersMap = {
+catalog_exceptions_handlers_map: ExceptionHandlersMap = {
     CatalogResponseError: _handler_catalog_client_errors,
     CatalogConnectionError: _handler_catalog_client_errors,
 }
-_exceptions_handlers_map.update(to_exceptions_handlers_map(_TO_HTTP_ERROR_MAP))
+catalog_exceptions_handlers_map.update(to_exceptions_handlers_map(_TO_HTTP_ERROR_MAP))
 
 handle_plugin_requests_exceptions = exception_handling_decorator(
-    _exceptions_handlers_map
-)
-
-
-__all__: tuple[str, ...] = (
-    "CatalogForbiddenError",
-    "CatalogItemNotFoundError",
-    "DefaultPricingUnitForServiceNotFoundError",
+    catalog_exceptions_handlers_map
 )

services/web/server/src/simcore_service_webserver/catalog/_models.py

@@ -1 +1,6 @@
-# NOTE: missing. @bisgaard-itis will follow up here
+from typing import TypedDict
+
+
+class ServiceKeyVersionDict(TypedDict):
+    key: str
+    version: str