2019-07-08 11:55:56 +00:00
|
|
|
|
from flask import current_app
|
2019-07-09 13:41:16 +00:00
|
|
|
|
from flask_login import UserMixin, AnonymousUserMixin
|
2019-08-22 07:35:23 +00:00
|
|
|
|
from itsdangerous import BadSignature, TimedJSONWebSignatureSerializer
|
2019-07-05 12:47:35 +00:00
|
|
|
|
from werkzeug.security import generate_password_hash, check_password_hash
|
|
|
|
|
from . import db
|
|
|
|
|
from . import login_manager
|
2019-08-06 12:26:22 +00:00
|
|
|
|
from datetime import datetime
|
2019-09-12 14:45:05 +00:00
|
|
|
|
import os
|
|
|
|
|
import shutil
|
|
|
|
|
import logging
|
2019-09-16 12:09:07 +00:00
|
|
|
|
import time
|
2019-07-05 12:47:35 +00:00
|
|
|
|
|
|
|
|
|
|
2019-07-09 13:41:16 +00:00
|
|
|
|
class Permission:
|
2019-07-11 13:33:48 +00:00
|
|
|
|
"""
|
|
|
|
|
Defines User permissions as integers by the power of 2. User permission
|
|
|
|
|
can be evaluated using the bitwise operator &. 3 equals to CREATE_JOB and
|
|
|
|
|
DELETE_JOB and so on.
|
|
|
|
|
"""
|
2019-07-09 13:41:16 +00:00
|
|
|
|
CREATE_JOB = 1
|
|
|
|
|
DELETE_JOB = 2
|
|
|
|
|
# WRITE = 4
|
|
|
|
|
# MODERATE = 8
|
|
|
|
|
ADMIN = 16
|
|
|
|
|
|
|
|
|
|
|
2019-07-05 12:47:35 +00:00
|
|
|
|
class Role(db.Model):
|
2019-07-11 13:33:48 +00:00
|
|
|
|
"""
|
2019-08-22 07:35:23 +00:00
|
|
|
|
Model for the different roles Users can have. Is a one-to-many
|
|
|
|
|
relationship. A Role can be associated with many User rows.
|
2019-07-11 13:33:48 +00:00
|
|
|
|
"""
|
2019-07-05 12:47:35 +00:00
|
|
|
|
__tablename__ = 'roles'
|
2019-08-06 09:47:04 +00:00
|
|
|
|
# Primary key
|
2019-07-05 12:47:35 +00:00
|
|
|
|
id = db.Column(db.Integer, primary_key=True)
|
2019-07-09 13:41:16 +00:00
|
|
|
|
default = db.Column(db.Boolean, default=False, index=True)
|
2019-08-06 09:47:04 +00:00
|
|
|
|
name = db.Column(db.String(64), unique=True)
|
2019-07-09 13:41:16 +00:00
|
|
|
|
permissions = db.Column(db.Integer)
|
2019-08-06 09:47:04 +00:00
|
|
|
|
# Relationships
|
2019-07-09 13:41:16 +00:00
|
|
|
|
users = db.relationship('User', backref='role', lazy='dynamic')
|
|
|
|
|
|
|
|
|
|
def __init__(self, **kwargs):
|
|
|
|
|
super(Role, self).__init__(**kwargs)
|
|
|
|
|
if self.permissions is None:
|
|
|
|
|
self.permissions = 0
|
2019-07-05 12:47:35 +00:00
|
|
|
|
|
|
|
|
|
def __repr__(self):
|
2019-07-11 13:33:48 +00:00
|
|
|
|
"""
|
|
|
|
|
String representation of the Role. For human readability.
|
|
|
|
|
"""
|
2019-07-05 12:47:35 +00:00
|
|
|
|
return '<Role %r>' % self.name
|
|
|
|
|
|
2019-07-09 13:41:16 +00:00
|
|
|
|
def add_permission(self, perm):
|
2019-07-11 13:33:48 +00:00
|
|
|
|
"""
|
|
|
|
|
Add new permission to Role. Input is a Permission.
|
|
|
|
|
"""
|
2019-07-09 13:41:16 +00:00
|
|
|
|
if not self.has_permission(perm):
|
|
|
|
|
self.permissions += perm
|
|
|
|
|
|
|
|
|
|
def remove_permission(self, perm):
|
2019-07-11 13:33:48 +00:00
|
|
|
|
"""
|
|
|
|
|
Removes permission from a Role. Input a Permission.
|
|
|
|
|
"""
|
2019-07-09 13:41:16 +00:00
|
|
|
|
if self.has_permission(perm):
|
|
|
|
|
self.permissions -= perm
|
|
|
|
|
|
|
|
|
|
def reset_permissions(self):
|
2019-07-11 13:33:48 +00:00
|
|
|
|
"""
|
|
|
|
|
Resets permissions to zero. Zero equals no permissions at all.
|
|
|
|
|
"""
|
2019-07-09 13:41:16 +00:00
|
|
|
|
self.permissions = 0
|
|
|
|
|
|
|
|
|
|
def has_permission(self, perm):
|
2019-07-11 13:33:48 +00:00
|
|
|
|
"""
|
2019-09-10 11:49:01 +00:00
|
|
|
|
Checks if a Role has a specific Permission. Does this with the bitwise
|
2019-07-11 13:33:48 +00:00
|
|
|
|
operator.
|
|
|
|
|
"""
|
2019-07-09 13:41:16 +00:00
|
|
|
|
return self.permissions & perm == perm
|
|
|
|
|
|
|
|
|
|
@staticmethod
|
|
|
|
|
def insert_roles():
|
2019-07-11 13:33:48 +00:00
|
|
|
|
"""
|
|
|
|
|
Inserts roles into the databes. This has to be executed befor Users are
|
|
|
|
|
added to the database. Otherwiese Users will not have a Role assigned
|
|
|
|
|
to them. Order of the roles dictionary determines the ID of each role.
|
|
|
|
|
User hast the ID 1 and Administrator has the ID 2.
|
|
|
|
|
"""
|
2019-07-09 13:41:16 +00:00
|
|
|
|
roles = {
|
|
|
|
|
'User': [Permission.CREATE_JOB],
|
|
|
|
|
'Administrator': [Permission.ADMIN,
|
|
|
|
|
Permission.CREATE_JOB,
|
|
|
|
|
Permission.DELETE_JOB]
|
|
|
|
|
}
|
|
|
|
|
default_role = 'User'
|
|
|
|
|
for r in roles:
|
|
|
|
|
role = Role.query.filter_by(name=r).first()
|
|
|
|
|
if role is None:
|
|
|
|
|
role = Role(name=r)
|
|
|
|
|
role.reset_permissions()
|
|
|
|
|
for perm in roles[r]:
|
|
|
|
|
role.add_permission(perm)
|
|
|
|
|
role.default = (role.name == default_role)
|
|
|
|
|
db.session.add(role)
|
|
|
|
|
db.session.commit()
|
|
|
|
|
|
2019-07-05 12:47:35 +00:00
|
|
|
|
|
|
|
|
|
class User(UserMixin, db.Model):
|
2019-07-11 13:33:48 +00:00
|
|
|
|
"""
|
|
|
|
|
Model for Users that are registered to Opaque.
|
|
|
|
|
"""
|
2019-07-05 12:47:35 +00:00
|
|
|
|
__tablename__ = 'users'
|
2019-08-06 09:47:04 +00:00
|
|
|
|
# Primary key
|
2019-07-05 12:47:35 +00:00
|
|
|
|
id = db.Column(db.Integer, primary_key=True)
|
2019-08-06 09:47:04 +00:00
|
|
|
|
confirmed = db.Column(db.Boolean, default=False)
|
2019-09-12 12:24:43 +00:00
|
|
|
|
email = db.Column(db.String(254), unique=True, index=True)
|
2019-07-05 12:47:35 +00:00
|
|
|
|
password_hash = db.Column(db.String(128))
|
2019-08-06 13:39:09 +00:00
|
|
|
|
registration_date = db.Column(db.DateTime(), default=datetime.utcnow)
|
2019-07-05 12:47:35 +00:00
|
|
|
|
role_id = db.Column(db.Integer, db.ForeignKey('roles.id'))
|
2019-08-06 09:47:04 +00:00
|
|
|
|
username = db.Column(db.String(64), unique=True, index=True)
|
|
|
|
|
# Relationships
|
2019-08-15 13:57:27 +00:00
|
|
|
|
corpora = db.relationship('Corpus', backref='creator', lazy='dynamic',
|
|
|
|
|
cascade='save-update, merge, delete')
|
|
|
|
|
jobs = db.relationship('Job', backref='creator', lazy='dynamic',
|
|
|
|
|
cascade='save-update, merge, delete')
|
2019-07-05 12:47:35 +00:00
|
|
|
|
|
|
|
|
|
def __repr__(self):
|
2019-07-11 13:33:48 +00:00
|
|
|
|
"""
|
|
|
|
|
String representation of the User. For human readability.
|
|
|
|
|
"""
|
2019-07-05 12:47:35 +00:00
|
|
|
|
return '<User %r>' % self.username
|
|
|
|
|
|
2019-07-09 13:41:16 +00:00
|
|
|
|
def __init__(self, **kwargs):
|
|
|
|
|
super(User, self).__init__(**kwargs)
|
|
|
|
|
if self.role is None:
|
|
|
|
|
if self.email == current_app.config['OPAQUE_ADMIN']:
|
|
|
|
|
self.role = Role.query.filter_by(name='Administrator').first()
|
|
|
|
|
if self.role is None:
|
|
|
|
|
self.role = Role.query.filter_by(default=True).first()
|
|
|
|
|
|
2019-07-08 13:59:15 +00:00
|
|
|
|
def generate_confirmation_token(self, expiration=3600):
|
2019-07-11 13:33:48 +00:00
|
|
|
|
"""
|
|
|
|
|
Generates a confirmation token for user confirmation via email.
|
|
|
|
|
"""
|
2019-08-22 07:35:23 +00:00
|
|
|
|
s = TimedJSONWebSignatureSerializer(current_app.config['SECRET_KEY'],
|
|
|
|
|
expiration)
|
2019-07-08 13:59:15 +00:00
|
|
|
|
return s.dumps({'confirm': self.id}).decode('utf-8')
|
2019-07-05 12:47:35 +00:00
|
|
|
|
|
2019-07-08 11:55:56 +00:00
|
|
|
|
def generate_reset_token(self, expiration=3600):
|
2019-07-11 13:33:48 +00:00
|
|
|
|
"""
|
|
|
|
|
Generates a reset token for password reset via email.
|
|
|
|
|
"""
|
2019-08-22 07:35:23 +00:00
|
|
|
|
s = TimedJSONWebSignatureSerializer(current_app.config['SECRET_KEY'],
|
|
|
|
|
expiration)
|
2019-07-08 11:55:56 +00:00
|
|
|
|
return s.dumps({'reset': self.id}).decode('utf-8')
|
|
|
|
|
|
2019-07-08 13:59:15 +00:00
|
|
|
|
def confirm(self, token):
|
2019-07-11 13:33:48 +00:00
|
|
|
|
"""
|
|
|
|
|
Confirms User if the given token is valid and not expired.
|
|
|
|
|
"""
|
2019-08-22 07:35:23 +00:00
|
|
|
|
s = TimedJSONWebSignatureSerializer(current_app.config['SECRET_KEY'])
|
2019-07-08 13:59:15 +00:00
|
|
|
|
try:
|
|
|
|
|
data = s.loads(token.encode('utf-8'))
|
2019-08-22 07:35:23 +00:00
|
|
|
|
except BadSignature:
|
2019-07-08 13:59:15 +00:00
|
|
|
|
return False
|
|
|
|
|
if data.get('confirm') != self.id:
|
|
|
|
|
return False
|
|
|
|
|
self.confirmed = True
|
|
|
|
|
db.session.add(self)
|
|
|
|
|
return True
|
|
|
|
|
|
2019-07-08 13:13:32 +00:00
|
|
|
|
@staticmethod
|
|
|
|
|
def reset_password(token, new_password):
|
2019-07-11 13:33:48 +00:00
|
|
|
|
"""
|
|
|
|
|
Resets password for User if the given token is valid and not expired.
|
|
|
|
|
"""
|
2019-08-22 07:35:23 +00:00
|
|
|
|
s = TimedJSONWebSignatureSerializer(current_app.config['SECRET_KEY'])
|
2019-07-08 13:13:32 +00:00
|
|
|
|
try:
|
|
|
|
|
data = s.loads(token.encode('utf-8'))
|
2019-08-22 07:35:23 +00:00
|
|
|
|
except BadSignature:
|
2019-07-08 13:13:32 +00:00
|
|
|
|
return False
|
|
|
|
|
user = User.query.get(data.get('reset'))
|
|
|
|
|
if user is None:
|
|
|
|
|
return False
|
|
|
|
|
user.password = new_password
|
|
|
|
|
db.session.add(user)
|
|
|
|
|
return True
|
|
|
|
|
|
2019-07-05 12:47:35 +00:00
|
|
|
|
@property
|
|
|
|
|
def password(self):
|
|
|
|
|
raise AttributeError('password is not a readable attribute')
|
|
|
|
|
|
|
|
|
|
@password.setter
|
|
|
|
|
def password(self, password):
|
|
|
|
|
self.password_hash = generate_password_hash(password)
|
|
|
|
|
|
|
|
|
|
def verify_password(self, password):
|
|
|
|
|
return check_password_hash(self.password_hash, password)
|
|
|
|
|
|
2019-07-09 13:41:16 +00:00
|
|
|
|
def can(self, perm):
|
2019-07-11 13:33:48 +00:00
|
|
|
|
"""
|
|
|
|
|
Checks if a User with its current role can doe something. Checks if the
|
|
|
|
|
associated role actually has the needed Permission.
|
|
|
|
|
"""
|
2019-07-09 13:41:16 +00:00
|
|
|
|
return self.role is not None and self.role.has_permission(perm)
|
|
|
|
|
|
|
|
|
|
def is_administrator(self):
|
2019-07-11 13:33:48 +00:00
|
|
|
|
"""
|
|
|
|
|
Checks if User has Admin permissions.
|
|
|
|
|
"""
|
2019-07-09 13:41:16 +00:00
|
|
|
|
return self.can(Permission.ADMIN)
|
|
|
|
|
|
2019-08-30 11:31:00 +00:00
|
|
|
|
def corpora_as_dict(self):
|
|
|
|
|
corpora = {}
|
|
|
|
|
for corpus in self.corpora:
|
|
|
|
|
corpora[str(corpus.id)] = corpus.to_dict()
|
|
|
|
|
return corpora
|
|
|
|
|
|
|
|
|
|
def jobs_as_dict(self):
|
|
|
|
|
jobs = {}
|
|
|
|
|
for job in self.jobs:
|
|
|
|
|
jobs[str(job.id)] = job.to_dict()
|
|
|
|
|
return jobs
|
2019-07-09 13:41:16 +00:00
|
|
|
|
|
2019-09-11 12:51:59 +00:00
|
|
|
|
def delete_user(self, user_id):
|
|
|
|
|
"""
|
|
|
|
|
Delete user from database. Also delete all associated jobs and corpora
|
|
|
|
|
files.
|
|
|
|
|
"""
|
|
|
|
|
user = User.query.filter_by(user_id=user_id)
|
|
|
|
|
db.session.delete(user)
|
|
|
|
|
db.session.commit()
|
|
|
|
|
|
2019-09-09 14:17:59 +00:00
|
|
|
|
|
2019-07-09 13:41:16 +00:00
|
|
|
|
class AnonymousUser(AnonymousUserMixin):
|
2019-07-11 13:33:48 +00:00
|
|
|
|
"""
|
|
|
|
|
Model replaces the default AnonymousUser.
|
|
|
|
|
"""
|
2019-08-06 12:26:22 +00:00
|
|
|
|
|
2019-07-09 13:41:16 +00:00
|
|
|
|
def can(self, permissions):
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
def is_administrator(self):
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
|
2019-08-06 09:47:04 +00:00
|
|
|
|
class Job(db.Model):
|
2019-08-05 14:45:38 +00:00
|
|
|
|
"""
|
|
|
|
|
Class to define Jobs.
|
|
|
|
|
"""
|
|
|
|
|
__tablename__ = 'jobs'
|
2019-08-06 09:47:04 +00:00
|
|
|
|
# Primary key
|
2019-08-05 14:45:38 +00:00
|
|
|
|
id = db.Column(db.Integer, primary_key=True)
|
2019-08-06 12:26:22 +00:00
|
|
|
|
creation_date = db.Column(db.DateTime(), default=datetime.utcnow)
|
2019-08-09 09:48:43 +00:00
|
|
|
|
description = db.Column(db.String(255))
|
2019-08-09 13:59:53 +00:00
|
|
|
|
end_date = db.Column(db.DateTime())
|
2019-08-09 09:48:43 +00:00
|
|
|
|
mem_mb = db.Column(db.Integer)
|
|
|
|
|
n_cores = db.Column(db.Integer)
|
2019-08-06 09:47:04 +00:00
|
|
|
|
service = db.Column(db.String(64))
|
|
|
|
|
'''
|
2019-08-09 09:48:43 +00:00
|
|
|
|
' Service specific arguments as string list.
|
|
|
|
|
' Example: ["-l eng", "--keep-intermediates", "--skip-binarization"]
|
2019-08-06 09:47:04 +00:00
|
|
|
|
'''
|
|
|
|
|
service_args = db.Column(db.String(255))
|
2019-08-09 09:48:43 +00:00
|
|
|
|
service_version = db.Column(db.String(16))
|
|
|
|
|
status = db.Column(db.String(16))
|
2019-08-06 09:47:04 +00:00
|
|
|
|
title = db.Column(db.String(32))
|
|
|
|
|
user_id = db.Column(db.Integer, db.ForeignKey('users.id'))
|
2019-08-05 14:45:38 +00:00
|
|
|
|
|
|
|
|
|
def __init__(self, **kwargs):
|
|
|
|
|
super(Job, self).__init__(**kwargs)
|
|
|
|
|
|
|
|
|
|
def __repr__(self):
|
|
|
|
|
"""
|
|
|
|
|
String representation of the Job. For human readability.
|
|
|
|
|
"""
|
|
|
|
|
return '<Job %r>' % self.title
|
|
|
|
|
|
2019-08-16 12:53:59 +00:00
|
|
|
|
def to_dict(self):
|
2019-08-16 07:49:27 +00:00
|
|
|
|
return {'id': self.id,
|
|
|
|
|
'creation_date': self.creation_date.timestamp(),
|
|
|
|
|
'description': self.description,
|
|
|
|
|
'end_date': (self.end_date.timestamp() if self.end_date else
|
|
|
|
|
None),
|
|
|
|
|
'mem_mb': self.mem_mb,
|
|
|
|
|
'n_cores': self.n_cores,
|
|
|
|
|
'service': self.service,
|
|
|
|
|
'service_args': self.service_args,
|
|
|
|
|
'service_version': self.service_version,
|
|
|
|
|
'status': self.status,
|
|
|
|
|
'title': self.title,
|
|
|
|
|
'user_id': self.user_id}
|
|
|
|
|
|
2019-09-11 12:51:59 +00:00
|
|
|
|
def flag_for_stop(self):
|
|
|
|
|
"""
|
|
|
|
|
Flag running or failed job (anything that is not completed) with
|
|
|
|
|
stopping. Opaque daemon will end services flaged with 'stopping'.
|
|
|
|
|
"""
|
|
|
|
|
self.status = 'stopping'
|
|
|
|
|
db.session.commit()
|
|
|
|
|
|
2019-09-12 14:45:05 +00:00
|
|
|
|
def delete_job(self):
|
2019-09-11 12:51:59 +00:00
|
|
|
|
"""
|
|
|
|
|
Delete job with given job id from database. Also delete associated job
|
2019-09-17 12:36:15 +00:00
|
|
|
|
files. Contianers are still running for a few seconds after
|
|
|
|
|
the associated service has been removed. This is the reason for the
|
|
|
|
|
while loop. The loop checks if the file path to all the job files still
|
|
|
|
|
exists and removes it again and again till the container did shutdown
|
|
|
|
|
for good.
|
2019-09-16 12:09:07 +00:00
|
|
|
|
See: https://docs.docker.com/engine/swarm/swarm-tutorial/delete-service/
|
2019-09-11 12:51:59 +00:00
|
|
|
|
"""
|
2019-09-12 14:45:05 +00:00
|
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
delete_path = os.path.join('/mnt/opaque/', str(self.user_id), 'jobs',
|
|
|
|
|
str(self.id))
|
|
|
|
|
logger.warning('Delete path is: {}'.format(delete_path))
|
2019-09-17 12:36:15 +00:00
|
|
|
|
while os.path.exists(delete_path):
|
|
|
|
|
try:
|
|
|
|
|
shutil.rmtree(delete_path, ignore_errors=True)
|
|
|
|
|
logger.warning('Path does still exist.')
|
|
|
|
|
except OSError:
|
|
|
|
|
pass
|
2019-09-12 14:45:05 +00:00
|
|
|
|
db.session.delete(self)
|
|
|
|
|
db.session.commit()
|
2019-09-11 12:51:59 +00:00
|
|
|
|
|
2019-08-05 14:45:38 +00:00
|
|
|
|
|
2019-08-06 10:06:41 +00:00
|
|
|
|
class Corpus(db.Model):
|
|
|
|
|
"""
|
|
|
|
|
Class to define a corpus.
|
|
|
|
|
"""
|
|
|
|
|
__tablename__ = 'corpora'
|
|
|
|
|
# Primary key
|
|
|
|
|
id = db.Column(db.Integer, primary_key=True)
|
2019-08-06 13:41:07 +00:00
|
|
|
|
creation_date = db.Column(db.DateTime(), default=datetime.utcnow)
|
2019-08-12 06:57:21 +00:00
|
|
|
|
description = db.Column(db.String(255))
|
2019-08-06 10:06:41 +00:00
|
|
|
|
title = db.Column(db.String(32))
|
|
|
|
|
user_id = db.Column(db.Integer, db.ForeignKey('users.id'))
|
|
|
|
|
|
|
|
|
|
def __init__(self, **kwargs):
|
2019-08-06 11:25:27 +00:00
|
|
|
|
super(Corpus, self).__init__(**kwargs)
|
2019-08-06 10:06:41 +00:00
|
|
|
|
|
|
|
|
|
def __repr__(self):
|
|
|
|
|
"""
|
|
|
|
|
String representation of the corpus. For human readability.
|
|
|
|
|
"""
|
|
|
|
|
return '<Corpus %r>' % self.title
|
|
|
|
|
|
2019-08-16 12:53:59 +00:00
|
|
|
|
def to_dict(self):
|
2019-08-16 07:49:27 +00:00
|
|
|
|
return {'id': self.id,
|
2019-08-23 13:05:01 +00:00
|
|
|
|
'creation_date': self.creation_date.timestamp(),
|
2019-08-16 07:49:27 +00:00
|
|
|
|
'description': self.description,
|
|
|
|
|
'title': self.title,
|
|
|
|
|
'user_id': self.user_id}
|
2019-08-06 10:06:41 +00:00
|
|
|
|
|
2019-08-22 07:35:23 +00:00
|
|
|
|
|
2019-08-06 09:47:04 +00:00
|
|
|
|
'''
|
|
|
|
|
' Flask-Login is told to use the application’s custom anonymous user by setting
|
|
|
|
|
' its class in the login_manager.anonymous_user attribute.
|
|
|
|
|
'''
|
|
|
|
|
login_manager.anonymous_user = AnonymousUser
|
2019-07-09 13:41:16 +00:00
|
|
|
|
|
2019-07-05 12:47:35 +00:00
|
|
|
|
|
|
|
|
|
@login_manager.user_loader
|
|
|
|
|
def load_user(user_id):
|
|
|
|
|
return User.query.get(int(user_id))
|