Feature/project ownership

.github/config/.wordlist.txt

@@ -463,6 +463,8 @@ primaryid
 probeset
 processedreads
 processingtype
+projectId
+projectNumber
 promethion
 proteinclusters
 protfam
@@ -533,6 +535,7 @@ schemeuri
 scientificname
 sda
 sdev
+sdSubmitProjects
 se
 secondaryid
 sectionname
@@ -589,6 +592,7 @@ taxonomicreferenceset
 taxonomysystem
 taxonomysystemversion
 telephonenumber
+templateId
 tigrinya
 tls
 toctree

CHANGELOG.md

@@ -35,7 +35,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - enum are sorted alphabetically, with the exception of other and unspecified values which are left at the end of the list
   - allow for accession key in `referenceAlignment` & `process sequence` as array, previously all accession keys were converted to `accessionId` which is not correct
   - add default `gender` as `unknown`
-
+- Project ownership #346
+  - added new collection `project`
+  - added new key `projects` to `user`
+  - added new key `projectId` to `folder` and `template-*` collections
+  - new mandatory `/userinfo` value from AAI at login time `sdSubmitProjects`
+    - user is redirected to an info page by AAI if key is missing
+  - new mandatory query parameter `projectId` in `GET /folders`
+  - new mandatory JSON key `projectId` in `POST /folders` and `POST /templates`
+  - new endpoint `GET /templates` to replace `GET /users/current` `{"templates":[...]}`
+  - new JSON keys `index` and `tags` to `PATCH /templates/schema/templateId`, same values as were previously used in `PATCH /user` which is now removed
+  - WARNING: breaking change that requires fresh database, because "project" is new information that did not exist before, and it can't be migrated to existing user-owned hierarchy
 
 ### Changed
 
@@ -68,6 +78,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Removed
 
 - Removed `Authlib` dependency #315
+- Project ownership #346
+  - deprecated `folders` and `templates` keys from `GET /users/current`
+    - as a side effect, deprecated `items` query parameter from the same endpoint
+  - deprecated `PATCH /user`
 
 ### Deprecated
 

docs/specification.yml

@@ -293,6 +293,11 @@ paths:
         - Submission
       summary: Submit data to a specific schema
       parameters:
+        - in: query
+          name: folder
+          schema:
+            type: string
+          description: The folder ID where object belongs to.
         - name: schema
           in: path
           description: Name of the Metadata schema.
@@ -765,6 +770,37 @@ paths:
             application/json:
               schema:
                 $ref: "#/components/schemas/403Forbidden"
+  /templates:
+    get:
+      tags:
+        - Query
+      summary: Get templates from selected project
+      parameters:
+        - name: projectId
+          in: query
+          description: project internal ID
+          schema:
+            type: string
+          required: true
+      responses:
+        200:
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Templates"
+        401:
+          description: Unauthorized
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/401Unauthorized"
+        403:
+          description: Forbidden
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/403Forbidden"
   /templates/{schema}:
     post:
       tags:
@@ -899,6 +935,12 @@ paths:
         - Query
       summary: List of folders available for the user.
       parameters:
+        - in: query
+          name: projectId
+          schema:
+            type: string
+          description: ID of the project the folder belongs to
+          required: true
         - in: query
           name: page
           schema:
@@ -968,11 +1010,14 @@ paths:
               required:
                 - name
                 - description
+                - projectId
               properties:
                 name:
                   type: string
                 description:
                   type: string
+                projectId:
+                  type: string
       responses:
         201:
           description: OK
@@ -1167,11 +1212,6 @@ paths:
           schema:
             type: string
           description: Results per page
-        - in: query
-          name: items
-          schema:
-            type: string
-          description: Item type name
       responses:
         200:
           description: OK
@@ -1344,6 +1384,20 @@ components:
             type: string
             description: URL pointing to the schema source
             example: https://github.com/enasequence/schema/blob/master/src/main/resources/uk/ac/ebi/ena/sra/schema/SRA.sample.xsd
+    Templates:
+      type: array
+      items:
+        type: object
+        properties:
+          accessionId:
+            type: string
+            description: internal ID of template
+          displayTitle:
+            type: string
+            description: name of template to be displayed in UI
+          schema:
+            type: string
+            description: database collection name template belongs to
     Object:
       type: object
       required:
@@ -1452,6 +1506,7 @@ components:
       type: object
       required:
         - folderId
+        - projectId
         - name
         - description
         - published
@@ -1464,6 +1519,9 @@ components:
         folderId:
           type: string
           description: Folder id
+        projectId:
+          type: string
+          description: Project ID this folder belongs to
         name:
           type: string
           description: Folder name
@@ -1631,8 +1689,7 @@ components:
       required:
         - userId
         - name
-        - drafts
-        - folders
+        - projects
       additionalProperties: false
       properties:
         userId:
@@ -1641,35 +1698,21 @@ components:
         name:
           type: string
           description: User's Name
-        drafts:
+        projects:
           type: array
           items:
             type: object
             required:
-              - accessionId
-              - schema
+              - projectId
+              - projectNumber
             additionalProperties: false
             properties:
-              accessionId:
+              projectId:
                 type: string
-                description: Accession id generated to identify an object
-              schema:
+                description: Internal accession ID for project
+              projectNumber:
                 type: string
-                description: type of schema this Accession ID relates to and was added in submit
-              tags:
-                type: object
-                description: Different tags to describe the object.
-                additionalProperties: true
-                properties:
-                  submissionType:
-                    type: string
-                    description: Type of submission
-                    enum: ["XML", "Form"]
-        folders:
-          type: array
-          items:
-            type: string
-            description: Folder Id
+                description: Human friendly project number received from AAI
     UserUpdated:
       type: object
       required:

metadata_backend/api/auth.py

@@ -1,7 +1,7 @@
 """Handle Access for request and OIDC workflow."""
 
 import hashlib
-from typing import Dict, Tuple
+from typing import Dict, Union, List
 
 import ujson
 from aiohttp import web
@@ -11,7 +11,7 @@
 
 from ..helpers.logger import LOG
 from .middlewares import decrypt_cookie, generate_cookie
-from .operators import UserOperator
+from .operators import UserOperator, ProjectOperator
 
 
 class AccessHandler:
@@ -149,29 +149,30 @@ async def callback(self, req: Request) -> Response:
         req.app["Session"][session_id] = {"oidc_state": params["state"], "access_token": session["token"]}
         req.app["Cookies"].add(session_id)
 
-        user_data: Tuple[str, str]
+        # User data is read from AAI /userinfo and is used to create the user model in database
+        user_data = {
+            "user_id": "",
+            "real_name": f"{session['userinfo']['given_name']} {session['userinfo']['family_name']}",
+            # projects come from AAI in this form: "project1 project2 project3"
+            # if user is not affiliated to any projects the `sdSubmitProjects` key will be missing
+            "projects": session["userinfo"]["sdSubmitProjects"].split(" "),
+        }
         if "CSCUserName" in session["userinfo"]:
-            user_data = (
-                session["userinfo"]["CSCUserName"],
-                f"{session['userinfo']['given_name']} {session['userinfo']['family_name']}",
-            )
-        if "remoteUserIdentifier" in session["userinfo"]:
-            user_data = (
-                session["userinfo"]["remoteUserIdentifier"],
-                f"{session['userinfo']['given_name']} {session['userinfo']['family_name']}",
-            )
+            user_data["user_id"] = session["userinfo"]["CSCUserName"]
+        elif "remoteUserIdentifier" in session["userinfo"]:
+            user_data["user_id"] = session["userinfo"]["remoteUserIdentifier"]
         elif "sub" in session["userinfo"]:
-            user_data = (
-                session["userinfo"]["sub"],
-                f"{session['userinfo']['given_name']} {session['userinfo']['family_name']}",
-            )
+            user_data["user_id"] = session["userinfo"]["sub"]
         else:
             LOG.error(
                 "User was authenticated, but they are missing mandatory claim CSCUserName, remoteUserIdentifier or sub."
             )
             raise web.HTTPBadRequest(
                 reason="Could not set user, missing claim CSCUserName, remoteUserIdentifier or sub."
             )
+
+        # Process project external IDs into the database and return accession IDs back to user_data
+        user_data["projects"] = await self._process_projects(req, user_data["projects"])
         await self._set_user(req, session_id, user_data)
 
         # done like this otherwise it will not redirect properly
@@ -208,7 +209,33 @@ async def logout(self, req: Request) -> Response:
 
         raise response
 
-    async def _set_user(self, req: Request, session_id: str, user_data: Tuple[str, str]) -> None:
+    async def _process_projects(self, req: Request, projects: List[str]) -> List[Dict[str, str]]:
+        """Process project external IDs to internal accession IDs by getting IDs\
+            from database and creating projects that are missing.
+
+        :raises: HTTPBadRequest in failed to add project to database
+        :param req: A HTTP request instance
+        :param projects: A list of project external IDs
+        :returns: A list of objects containing project accession IDs and project numbers
+        """
+        projects.sort()  # sort project numbers to be increasing in order
+        new_project_ids: List[Dict[str, str]] = []
+
+        db_client = req.app["db_client"]
+        operator = ProjectOperator(db_client)
+        for project in projects:
+            project_id = await operator.create_project(project)
+            project_data = {
+                "projectId": project_id,  # internal ID
+                "projectNumber": project,  # human friendly
+            }
+            new_project_ids.append(project_data)
+
+        return new_project_ids
+
+    async def _set_user(
+        self, req: Request, session_id: str, user_data: Dict[str, Union[List[Dict[str, str]], str]]
+    ) -> None:
         """Set user in current session and return user id based on result of create_user.
 
         :raises: HTTPBadRequest in could not get user info from AAI OIDC
@@ -219,5 +246,20 @@ async def _set_user(self, req: Request, session_id: str, user_data: Tuple[str, s
 
         db_client = req.app["db_client"]
         operator = UserOperator(db_client)
+
+        # Create user
         user_id = await operator.create_user(user_data)
+
+        # Check if user's projects have changed
+        old_user = await operator.read_user(user_id)
+        if old_user["projects"] != user_data["projects"]:
+            update_operation = [
+                {
+                    "op": "replace",
+                    "path": "/projects",
+                    "value": user_data["projects"],
+                }
+            ]
+            user_id = await operator.update_user(user_id, update_operation)
+
         req.app["Session"][session_id]["user_info"] = user_id