Merge pull request #395 from mapswipe/dev

Team Manage and Projects for teams

Author: Hagellach37

.travis.yml

@@ -29,24 +29,18 @@ services:
   - docker
 
 before_install:
-  - pip install --upgrade pip setuptools
-  - pip install flake8 black
+  - echo "$SERVICE_ACCOUNT_KEY" > mapswipe_workers/serviceAccountKey.json
+  - echo "MOCK_SERVICE_ACCOUNT_KEY" > postgres/serviceAccountKey.json
 
 install:
-  - pip install mapswipe_workers/
-  - mkdir --parents ~/.config/mapswipe_workers
-  - mkdir --parents ~/.local/share/mapswipe_workers
-  - echo "$SERVICE_ACCOUNT_KEY" > ~/.config/mapswipe_workers/serviceAccountKey.json
-  - docker build --tag mapswipe_postgres --file postgres/Dockerfile-dev postgres/
-
-before_script:
-  - docker run --detach --publish 5432:5432 --name mapswipe_postgres -e POSTGRES_DB="$POSTGRES_DB" -e POSTGRES_USER="$POSTGRES_USER" -e POSTGRES_PASSWORD="$POSTGRES_PASSWORD" mapswipe_postgres
-  - docker-compose up --build --detach firebase_deploy
+  - pip install --upgrade pip setuptools
+  - pip install flake8 black
 
 script:
+  - docker-compose up --build --detach firebase_deploy
+  - docker-compose run mapswipe_workers python -m unittest discover --verbose --start-directory tests/unittests/
+  #- docker-compose run mapswipe_workers python -m unittest discover --verbose --start-directory tests/integration/
   # - TODO: Run black and flake8
-  - python -m unittest -v tests.unittests.test_gdal
-  # - TODO: python -m unittest discover -v -s mapswipe_workers/tests/unittests/ -p 'test_*.py'
 
 # before_deploy:
 #   # SSH setup to deploy to server after build.

docker-compose.yaml

@@ -53,8 +53,8 @@ services:
             context: mapswipe_workers/
         environment:
             FIREBASE_DB: '${FIREBASE_DB}'
-            FIREBASE_API_KEY: '{FIREBASE_API_KEY}'
-            FIREBASE_TOKEN: '{FIREBASE_TOKEN}'
+            FIREBASE_API_KEY: '${FIREBASE_API_KEY}'
+            FIREBASE_TOKEN: '${FIREBASE_TOKEN}'
             GOOGLE_APPLICATION_CREDENTIALS: 'serviceAccountKey.json'
             POSTGRES_PASSWORD: '${POSTGRES_PASSWORD}'
             POSTGRES_USER: '${POSTGRES_USER}'

docs/source/dev_setup.md

@@ -134,6 +134,17 @@ On how to setup development environment and how to deploy functions to the Fireb
 For more information refer to the official [Reference on Cloud Function for Firebase](https://firebase.google.com/docs/reference/functions/). For example function take a look at this [GitHub repository](https://github.com/firebase/functions-samples).
 
 
+## Travis Setup
+
+Configuration for travis setup is utilizing environment variables.
+
+One difference to production or development setup is that the service account key as json is stored in the environment variables `FIREBASE_CONFIG` as text. To make this work special characters as to be escaped first. This command will simply escape every character:
+
+```bash
+sed -e 's/./\\&/g; 1{$s/^$/""/}; 1!s/^/"/; $!s/$/"/' serviceAccountKey.json
+```
+
+
 ## Database Backup
 
 ### Firebase

docs/source/index.rst

@@ -13,13 +13,15 @@ Welcome to MapSwipe Back-End's documentation!
 
    readme_link
    overview
+   contributing
 
 .. toctree::
    :maxdepth: 2
    :caption: Using:
 
    for_mapswipe_managers
-   cli
+   use_cases
+   tile_size
    data
 
 
@@ -30,33 +32,15 @@ Welcome to MapSwipe Back-End's documentation!
    deployment_overview
    configuration
    installation
-   tutorials
-   updating
-   testing
+   cli
+   dev_setup
+   testing_and_travis
    debugging
    backup
 
 
-.. toctree::
-   :maxdepth: 2
-   :caption: Project Types and Data Model:
-
-   project_type
-   project_type-buildArea
-   project_type-footprint
-   project_type-changeDetection
 
 
-.. toctree::
-   :maxdepth: 2
-   :caption: Miscellaneous:
-
-   dev_setup
-   contributing
-   diagrams
-   use_cases
-   tile_size
-
 
 Indices and tables
 ==================

docs/source/installation.md

@@ -146,12 +146,7 @@ To enable SSL for the API and MapSwipe Manager Dashboard use Certbot to issue st
 
 ### Certbot
 
-Install certbot:
-
-```bash
-apt-get install certbot
-```
-
+To install Certbot follow instructions on https://certbot.eff.org/lets-encrypt/ubuntubionic-other
 
 Create certificates:
 
@@ -167,7 +162,7 @@ certbot certonly \
 
 > Note: Certbot systemd timer for renewal of certificate will not work for standalone certificates because the service (docker nginx) which occupies port 80 has to be stopped before renewal.
 
-For certificate renewal a cronjob is used:
+For certificate renewal a cronjob is used. This has to be run as root: `sudo crontab -e`
 
 ```bash
 SHELL=/bin/sh

docs/source/testing_and_travis.md

@@ -0,0 +1,20 @@
+# Testing and Travis
+
+## Tests
+* run tests locally during development
+
+```
+python -m unittest discover --verbose --start-directory mapswipe_workers/tests/unittests/
+python -m unittest discover --verbose --start-directory mapswipe_workers/tests/integration/
+```
+
+
+## Travis
+* set environment variables in travis
+* travis then sets up the docker containers
+* test are run inside the mapswipe_workers docker container
+
+```
+docker-compose run mapswipe_workers python -m unittest discover --verbose --start-directory tests/unittests/
+docker-compose run mapswipe_workers python -m unittest discover --verbose --start-directory tests/integration/
+```

firebase/database.rules.json

@@ -5,24 +5,38 @@
     "v2": {
       "announcement": {
         ".write": false,
-        ".read": true
+        ".read": "auth != null"
       },
       "projects": {
         ".write": false,
-        ".read": "auth != null",
+        ".read": "
+          // all users can query by status
+        	(auth != null  && query.orderByChild == 'status' && query.equalTo == 'active')
+          ||
+          // only team members can query by their own teamId
+          (auth != null && query.orderByChild == 'teamId' &&
+           query.equalTo == root.child('/v2/users/'+auth.uid+'/teamId').val())
+          ||
+          // project managers can read all
+          (auth.token.projectManager === true)
+        ",
         "$project_id": {
-          "status": {
-            ".write": "auth.token.projectManager === true"
-          },
-          "isFeatured": {
-            ".write": "auth.token.projectManager === true"
-          }
+         // project managers can read/write all attributes
+         ".write": "auth.token.projectManager === true",
+         ".read": "
+            // all users can read all public projects
+            (data.child('teamId').exists() == false)
+            ||
+            // team members can read their projects
+            (data.child('teamId').val() == root.child('/v2/users/'+auth.uid+'/teamId').val())
+          "
         },
         ".indexOn": [
-            "status", "isFeatured"
-          ]
+            "status", "isFeatured", "teamId"
+        ]
       },
       "projectDrafts": {
+        // only project managers can write projectDrafts
         ".read": false,
         ".write": "auth.token.projectManager === true",
         ".indexOn": [
@@ -31,89 +45,94 @@
       },
       "groups": {
         ".write": false,
-        ".read": true,
+        ".read": "auth.token.projectManager === true",
         "$project_id": {
-          ".indexOn": [
-            "finishedCount",
-            "requiredCount"
-          ]
-        }
+          ".read": "
+            // everyone can read groups for public projects
+          	(root.child('/v2/projects/'+$project_id).hasChild('teamId') === false)
+            ||
+            (root.child('/v2/projects/'+$project_id+'/teamId').val() ==
+             root.child('/v2/users/'+auth.uid+'/teamId').val())
+          "
+        },
+        ".indexOn": [
+          "finishedCount",
+          "requiredCount"
+        ]
       },
       "tasks": {
         ".write": false,
-        ".read": true
+        ".read": "auth.token.projectManager === true",
+        "$project_id": {
+          ".read": "
+            // everyone can read groups for public projects
+          	(root.child('/v2/projects/'+$project_id).hasChild('teamId') === false)
+            ||
+            (root.child('/v2/projects/'+$project_id+'/teamId').val() ==
+             root.child('/v2/users/'+auth.uid+'/teamId').val())
+          "
+        },
+      },
+      "teams": {
+        ".write": false,
+        // project managers can read all attributes
+        ".read": "auth.token.projectManager === true",
+        "$teamId": {
+          ".write": "auth.token.projectManager === true",
+          "teamName": {
+            // team members read teamName
+            ".read": "(root.child('/v2/users/'+auth.uid+'/teamId').val() === $teamId)"
+            //".read": "auth != null"
+          },
+          ".indexOn": [
+            "teamName"
+          ]
+        }
       },
       "results": {
         ".write": false,
         ".read": false,
         "$project_id": {
           "$group_id": {
             "$uid": {
-              ".write": "$uid === auth.uid"
+              ".write": "
+                // everyone can write results for public projects
+                (root.child('/v2/projects/'+$project_id).hasChild('teamId') === false &&
+                 auth.uid == $uid
+                )
+                ||
+                (root.child('/v2/projects/'+$project_id+'/teamId').val() ==
+                 root.child('/v2/users/'+auth.uid+'/teamId').val() &&
+                 auth.uid == $uid
+                )
+              "
             }
           }
         }
       },
       "users": {
         ".read": true,
+        ".write": false,
         "$uid": {
-          ".write": "auth != null && auth.uid == $uid"
-        },
-        ".indexOn": [
-          "created"
-        ]
-      }
-    },
-    "groups": {
-      ".write": false,
-      ".read": true,
-      "$project_id": {
-        "$group_id": {
-          ".indexOn": [
-            "distributedCount",
-            "completedCount"
-          ],
-          ".write": "auth != null",
-          "completedCount": {
-            ".write": "auth != null"
+          "teamId": {
+            ".write": false
+          },
+          "$other": {
+            ".write": "auth != null && auth.uid == $uid"
           }
         },
         ".indexOn": [
-          "distributedCount",
-          "completedCount"
+          "created",
+          "teamId"
         ]
       }
     },
-    "imports": {
-      ".read": false,
-      ".write": true,
-      ".indexOn": [
-        "complete"
-      ]
-    },
-    "projects": {
-      ".write": false,
-      ".read": true
-    },
-    "announcement": {
-      ".write": true,
-      ".read": true
-    },
-    "results": {
-      ".write": false,
-      ".read": true,
-      "$task_id": {
-        "$user_id": {
-          ".write": "auth != null && auth.uid == $user_id"
-        }
-      }
-    },
+    // leaving this here, since version before v2 pull data from there
     "users": {
       "$uid": {
         ".read": "auth != null && auth.uid == $uid",
         ".write": "auth != null && auth.uid == $uid"
-      },
-      ".read": true
+      }
     }
   }
 }

firebase/functions/index.js

@@ -18,10 +18,6 @@ exports.counter = functions.database.ref('/v2/results/{projectId}/{groupId}/{use
         console.log('no results attribute for /v2/results/'+context.params.projectId+'/'+context.params.groupId+'/'+context.params.userId )
         console.log('will not update counters')
         return null
-    } else if (!result.hasOwnProperty('timestamp')) {
-        console.log('no timestamp attribute for /v2/results/'+context.params.projectId+'/'+context.params.groupId+'/'+context.params.userId )
-        console.log('will not update counters')
-        return null
     } else if (!result.hasOwnProperty('endTime')) {
         console.log('no endTime attribute for /v2/results/'+context.params.projectId+'/'+context.params.groupId+'/'+context.params.userId )
         console.log('will not update counters')
@@ -47,7 +43,6 @@ exports.counter = functions.database.ref('/v2/results/{projectId}/{groupId}/{use
     const groupContributionsRef         = admin.database().ref('/v2/users/'+context.params.userId+'/contributions/'+context.params.projectId +'/'+context.params.groupId)
     const totalTimeSpentMappingRef      = admin.database().ref('/v2/users/'+context.params.userId+'/timeSpentMapping')
 
-    const timestampRef          = admin.database().ref('/v2/results/'+context.params.projectId+'/'+context.params.groupId+'/'+context.params.userId+'/timestamp')
     const startTimeRef          = admin.database().ref('/v2/results/'+context.params.projectId+'/'+context.params.groupId+'/'+context.params.userId+'/startTime')
     const endTimeRef            = admin.database().ref('/v2/results/'+context.params.projectId+'/'+context.params.groupId+'/'+context.params.userId+'/endTime')
     const timeSpentMappingRef   = admin.database().ref('/v2/results/'+context.params.projectId+'/'+context.params.groupId+'/'+context.params.userId+'/timeSpentMappingRef')
@@ -115,7 +110,6 @@ exports.counter = functions.database.ref('/v2/results/{projectId}/{groupId}/{use
             }
             else {
             const data = {
-                'timestamp': result['timestamp'],
                 'startTime': result['startTime'],
                 'endTime': result['endTime']
              }