gramps-project
diff --git a/‎gramps_webapi/__main__.py‎
Lines changed: 3 additions & 1 deletion b/‎gramps_webapi/__main__.py‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎gramps_webapi/api/resources/trees.py‎
Lines changed: 6 additions & 10 deletions b/‎gramps_webapi/api/resources/trees.py‎
Lines changed: 6 additions & 10 deletions
diff --git a/‎gramps_webapi/api/resources/user.py‎
Lines changed: 21 additions & 3 deletions b/‎gramps_webapi/api/resources/user.py‎
Lines changed: 21 additions & 3 deletions
diff --git a/‎gramps_webapi/api/util.py‎
Lines changed: 26 additions & 3 deletions b/‎gramps_webapi/api/util.py‎
Lines changed: 26 additions & 3 deletions
diff --git a/‎gramps_webapi/app.py‎
Lines changed: 11 additions & 3 deletions b/‎gramps_webapi/app.py‎
Lines changed: 11 additions & 3 deletions
diff --git a/‎gramps_webapi/auth/const.py‎
Lines changed: 2 additions & 0 deletions b/‎gramps_webapi/auth/const.py‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎gramps_webapi/const.py‎
Lines changed: 3 additions & 0 deletions b/‎gramps_webapi/const.py‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎gramps_webapi/data/example_gramps_auth.cfg‎
Lines changed: 1 addition & 1 deletion b/‎gramps_webapi/data/example_gramps_auth.cfg‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎gramps_webapi/data/test_auth.cfg‎
Lines changed: 1 addition & 1 deletion b/‎gramps_webapi/data/test_auth.cfg‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/test_endpoints/__init__.py‎
Lines changed: 9 additions & 7 deletions b/‎tests/test_endpoints/__init__.py‎
Lines changed: 9 additions & 7 deletions
@@ -33,7 +33,7 @@
 from .dbmanager import WebDbManager
 from .app import create_app
 from .auth import add_user, delete_user, fill_tree, user_db
-from .const import ENV_CONFIG_FILE
+from .const import ENV_CONFIG_FILE, TREE_MULTI
 
 logging.basicConfig()
 LOG = logging.getLogger("gramps_webapi")
@@ -125,6 +125,8 @@ def migrate_db(ctx):
 def search(ctx, tree):
     app = ctx.obj["app"]
     if not tree:
+        if app.config["TREE"] == TREE_MULTI:
+            raise ValueError("`tree` is required when multi-tree support is enabled.")
         # needed for backwards compatibility!
         dbmgr = WebDbManager(name=app.config["TREE"], create_if_missing=False)
         tree = dbmgr.dirname
 
@@ -30,6 +30,7 @@
 from werkzeug.security import safe_join
 
 from ...auth.const import PERM_ADD_TREE, PERM_EDIT_OTHER_TREE, PERM_EDIT_TREE
+from ...const import TREE_MULTI
 from ...dbmanager import WebDbManager
 from ..auth import require_permissions
 from ..util import get_tree_from_jwt, use_args
@@ -66,18 +67,12 @@ def validate_tree_id(tree_id: str) -> None:
         abort(422)
 
 
-def get_single_tree_id() -> str:
-    """Get the tree ID in the case of using app.config['TREE']."""
-    dbmgr = WebDbManager(name=current_app.config["TREE"], create_if_missing=False)
-    return dbmgr.dirname
-
-
 class TreesResource(ProtectedResource):
     """Resource for getting info about trees."""
 
     def get(self):
         """Get info about all trees."""
-        user_tree_id = get_tree_from_jwt() or get_single_tree_id()
+        user_tree_id = get_tree_from_jwt()
         # only allowed to see details about our own tree
         tree_ids = [user_tree_id]
         return [get_tree_details(tree_id) for tree_id in tree_ids]
@@ -90,9 +85,10 @@ def get(self):
     )
     def post(self, args):
         """Create a new tree."""
+        if current_app.config["TREE"] != TREE_MULTI:
+            abort(405)
         require_permissions([PERM_ADD_TREE])
         tree_id = str(uuid.uuid4())
-        # TODO dbid
         dbmgr = WebDbManager(dirname=tree_id, name=args["name"], create_if_missing=True)
         return {"name": args["name"], "tree_id": dbmgr.dirname}, 201
 
@@ -103,7 +99,7 @@ class TreeResource(ProtectedResource):
     def get(self, tree_id: str):
         """Get info about a tree."""
         validate_tree_id(tree_id)
-        user_tree_id = get_tree_from_jwt() or get_single_tree_id()
+        user_tree_id = get_tree_from_jwt()
         if tree_id != user_tree_id:
             # only allowed to see details about our own tree
             abort(403)
@@ -117,7 +113,7 @@ def get(self, tree_id: str):
     )
     def put(self, args, tree_id: str):
         """Modify a tree."""
-        user_tree_id = get_tree_from_jwt() or get_single_tree_id()
+        user_tree_id = get_tree_from_jwt()
         if tree_id == user_tree_id:
             require_permissions([PERM_EDIT_TREE])
         else:
 
@@ -23,7 +23,7 @@
 from gettext import gettext as _
 from typing import Tuple
 
-from flask import abort, jsonify, render_template
+from flask import abort, current_app, jsonify, render_template
 from flask_jwt_extended import create_access_token, get_jwt, get_jwt_identity
 from webargs import fields
 
@@ -50,6 +50,7 @@
     PERM_EDIT_OTHER_USER,
     PERM_EDIT_OWN_USER,
     PERM_EDIT_USER_ROLE,
+    PERM_EDIT_USER_TREE,
     PERM_MAKE_ADMIN,
     PERM_VIEW_OTHER_TREE_USER,
     PERM_VIEW_OTHER_USER,
@@ -61,6 +62,7 @@
     SCOPE_CREATE_ADMIN,
     SCOPE_RESET_PW,
 )
+from ...const import TREE_MULTI
 from ..auth import has_permissions, require_permissions
 from ..ratelimiter import limiter
 from ..tasks import (
@@ -71,7 +73,7 @@
     send_email_new_user,
     send_email_reset_password,
 )
-from ..util import get_tree_from_jwt, get_tree_id, use_args
+from ..util import get_tree_from_jwt, get_tree_id, tree_exists, use_args
 from . import LimitedScopeProtectedResource, ProtectedResource, Resource
 
 
@@ -154,6 +156,7 @@ def get(self, user_name: str):
             "email": fields.Str(required=False),
             "full_name": fields.Str(required=False),
             "role": fields.Int(required=False),
+            "tree": fields.Str(required=False),
         },
         location="json",
     )
@@ -168,11 +171,16 @@ def put(self, args, user_name: str):
                 require_permissions([PERM_EDIT_OTHER_TREE_USER_ROLE])
             else:
                 require_permissions([PERM_EDIT_USER_ROLE])
+        if "tree" in args:
+            require_permissions([PERM_EDIT_USER_TREE])
+            if not tree_exists(args["tree"]):
+                abort(422)
         modify_user(
             name=user_name,
             email=args.get("email"),
             fullname=args.get("full_name"),
             role=args.get("role"),
+            tree=args.get("tree"),
         )
         return "", 200
 
@@ -199,6 +207,8 @@ def post(self, args, user_name: str):
             require_permissions([PERM_ADD_USER])
         else:
             require_permissions([PERM_ADD_OTHER_TREE_USER])
+            if not tree_exists(args["tree"]):
+                abort(422)
         try:
             add_user(
                 name=user_name,
@@ -250,9 +260,14 @@ def post(self, args, user_name: str):
         if user_name == "-":
             # Registering a new user does not make sense for "own" user
             abort(404)
+        if not args.get("tree") and current_app.config["TREE"] == TREE_MULTI:
+            # if multi-tree is enabled, tree is required
+            abort(422)
         # do not allow registration if no tree owner account exists!
         if get_number_users(tree=args.get("tree"), roles=(ROLE_OWNER,)) == 0:
             abort(405)
+        if "tree" in args and not tree_exists(args["tree"]):
+            abort(422)
         try:
             add_user(
                 name=user_name,
@@ -292,17 +307,20 @@ class UserCreateOwnerResource(LimitedScopeProtectedResource):
         location="json",
     )
     def post(self, args, user_name: str):
-        """Create a user with owner permissions."""
+        """Create a user with admin permissions."""
         if user_name == "-":
             # User name - is not allowed
             abort(404)
+        # FIXME what about multi-tree
         if get_number_users() > 0:
             # there is already a user in the user DB
             abort(405)
         claims = get_jwt()
         if claims[CLAIM_LIMITED_SCOPE] != SCOPE_CREATE_ADMIN:
             # This is a wrong token!
             abort(403)
+        if "tree" in args and not tree_exists(args["tree"]):
+            abort(422)
         add_user(
             name=user_name,
             password=args["password"],
 
@@ -31,19 +31,22 @@
 
 from flask import abort, current_app, g, jsonify, make_response, request
 from flask_jwt_extended import get_jwt
-from gramps.cli.clidbman import CLIDbManager
+from gramps.cli.clidbman import NAME_FILE, CLIDbManager
+from gramps.gen.config import config
 from gramps.gen.const import GRAMPS_LOCALE
 from gramps.gen.db.base import DbReadBase
+from gramps.gen.db.dbconst import DBBACKEND
 from gramps.gen.dbstate import DbState
 from gramps.gen.errors import HandleError
 from gramps.gen.proxy import PrivateProxyDb
 from gramps.gen.utils.grampslocale import GrampsLocale
 from marshmallow import RAISE
 from webargs.flaskparser import FlaskParser
+from werkzeug.security import safe_join
 
 from ..auth import config_get, get_tree
 from ..auth.const import PERM_VIEW_PRIVATE
-from ..const import DB_CONFIG_ALLOWED_KEYS, LOCALE_MAP
+from ..const import DB_CONFIG_ALLOWED_KEYS, LOCALE_MAP, TREE_MULTI
 from ..dbmanager import WebDbManager
 from .auth import has_permissions
 from .search import SearchIndexer
@@ -310,7 +313,27 @@ def get_tree_id(guid: str) -> str:
     """Get the appropriate tree ID for a user."""
     tree_id = get_tree(guid)
     if not tree_id:
-        # needed for backwards compatibility!
+        if current_app.config["TREE"] == TREE_MULTI:
+            # multi-tree support enabled but user has no tree ID: forbidden!
+            abort(403)
+        # needed for backwards compatibility: single-tree mode but user without tree ID
         dbmgr = WebDbManager(name=current_app.config["TREE"], create_if_missing=False)
         tree_id = dbmgr.dirname
     return tree_id
+
+
+def tree_exists(tree_id: str) -> bool:
+    """Check if a tree exists."""
+    dbdir = config.get("database.path")
+    dir_path = safe_join(dbdir, tree_id)
+    if not dir_path:
+        return False
+    if not os.path.isdir(dir_path):
+        return False
+    name_path = os.path.join(dir_path, NAME_FILE)
+    if not os.path.isfile(name_path):
+        return False
+    dbid_path = os.path.join(dir_path, DBBACKEND)
+    if not os.path.isfile(dbid_path):
+        return False
+    return True
@@ -35,7 +35,7 @@
 from .api.search import SearchIndexer
 from .auth import user_db
 from .config import DefaultConfig, DefaultConfigJWT
-from .const import API_PREFIX, ENV_CONFIG_FILE
+from .const import API_PREFIX, ENV_CONFIG_FILE, TREE_MULTI
 from .dbmanager import WebDbManager
 from .util.celery import create_celery
 
@@ -107,8 +107,16 @@ def create_app(config: Optional[Dict[str, Any]] = None):
         if not app.config.get(option):
             raise ValueError(f"{option} must be specified")
 
-    # create database if missing
-    WebDbManager(name=app.config["TREE"], create_if_missing=True)
+    if app.config["TREE"] != TREE_MULTI:
+        # create database if missing (only in single-tree mode)
+        WebDbManager(name=app.config["TREE"], create_if_missing=True)
+
+    if app.config["TREE"] == TREE_MULTI and not app.config["MEDIA_PREFIX_TREE"]:
+        warnings.warn(
+            "You have enabled multi-tree support, but `MEDIA_PREFIX_TREE` is "
+            "set to `False`. This is strongly discouraged as it exposes media "
+            "files to users belonging to different trees!"
+        )
 
     # load JWT default settings
     app.config.from_object(DefaultConfigJWT)
 
@@ -37,6 +37,7 @@
 PERM_EDIT_OTHER_TREE_USER_ROLE = "EditOtherTreeUserRole"
 PERM_VIEW_OTHER_TREE_USER = "ViewOtherTreeUser"
 PERM_DEL_OTHER_TREE_USER = "DeleteOtherTreeUser"
+PERM_EDIT_USER_TREE = "EditUserTree"
 PERM_EDIT_OTHER_TREE = "EditOtherTree"
 PERM_ADD_TREE = "AddTree"
 
@@ -100,6 +101,7 @@
     PERM_VIEW_OTHER_TREE_USER,
     PERM_EDIT_OTHER_TREE_USER,
     PERM_EDIT_OTHER_TREE_USER_ROLE,
+    PERM_EDIT_USER_TREE,
     PERM_MAKE_ADMIN,
     PERM_DEL_OTHER_TREE_USER,
     PERM_VIEW_SETTINGS,
 
@@ -27,6 +27,9 @@
 
 from ._version import __version__ as VERSION
 
+# the value of the TREE config option that enables multi-tree support
+TREE_MULTI = "*"
+
 # files
 TEST_CONFIG = resource_filename("gramps_webapi", "data/test.cfg")
 TEST_AUTH_CONFIG = resource_filename("gramps_webapi", "data/test_auth.cfg")
 
@@ -1,4 +1,4 @@
-TREE="example_gramps"
+TREE="*"
 CORS_ORIGINS="*"
 SECRET_KEY="C2eAhXGrXVe-iljXTjnp4paeRT-m68pq"
 USER_DB_URI="sqlite://"
@@ -1,4 +1,4 @@
-TREE="Test Web API"
+TREE="*"
 CORS_ORIGINS="*"
 SECRET_KEY="C2eAhXGrXVe-iljXTjnp4paeRT-m68pq"
 USER_DB_URI="sqlite://"
@@ -81,16 +81,18 @@ def setUpModule():
     TEST_CLIENT = test_app.test_client()
     with test_app.app_context():
         user_db.create_all()
-        for role in TEST_USERS:
+        db_manager = WebDbManager(name=test_db.name, create_if_missing=False)
+        tree = db_manager.dirname
+
+        for role, user in TEST_USERS.items():
             add_user(
-                name=TEST_USERS[role]["name"],
-                password=TEST_USERS[role]["password"],
+                name=user["name"],
+                password=user["password"],
                 role=role,
+                tree=tree,
             )
-    db_manager = WebDbManager(name=test_db.name, create_if_missing=False)
-    db_state = db_manager.get_db()
-    with test_app.app_context():
-        tree = db_manager.dirname
+
+        db_state = db_manager.get_db()
         search_index = get_search_indexer(tree)
         db = db_state.db
         search_index.reindex_full(db)