From 19f1dea4fa47b8cdf6a80405ecbb52234c8a6a1f Mon Sep 17 00:00:00 2001
From: Patrick Jentsch
Date: Tue, 12 Nov 2019 12:03:46 +0100
Subject: [PATCH 1/2] Use list comprehension instead of class methods.
---
app/events.py | 8 ++++----
app/models.py | 12 ------------
2 files changed, 4 insertions(+), 16 deletions(-)
diff --git a/app/events.py b/app/events.py
index aded211f..73022cc5 100644
--- a/app/events.py
+++ b/app/events.py
@@ -73,16 +73,16 @@ def user_ressource_subscription_handler(app, user_id, session_id,
with app.app_context():
# Gather current values from database.
user = User.query.filter_by(id=user_id).first()
- corpora = user.corpora_as_dict()
- jobs = user.jobs_as_dict()
+ corpora = {corpus.id: corpus.to_dict() for corpus in user.corpora}
+ jobs = {job.id: job.to_dict() for job in user.jobs}
# Send initial values to the user.
socketio.emit(init_events['corpora'], json.dumps(corpora),
room=session_id)
socketio.emit(init_events['jobs'], json.dumps(jobs), room=session_id)
while session_id in connected_sessions:
# Get new values from the database
- new_corpora = user.corpora_as_dict()
- new_jobs = user.jobs_as_dict()
+ new_corpora = {corpus.id: corpus.to_dict() for corpus in user.corpora}
+ new_jobs = {job.id: job.to_dict() for job in user.jobs}
# Compute JSON patches.
corpora_patch = jsonpatch.JsonPatch.from_diff(corpora, new_corpora)
jobs_patch = jsonpatch.JsonPatch.from_diff(jobs, new_jobs)
diff --git a/app/models.py b/app/models.py
index 058528ce..f2501bd3 100644
--- a/app/models.py
+++ b/app/models.py
@@ -208,18 +208,6 @@ class User(UserMixin, db.Model):
"""
return self.can(Permission.ADMIN)
- def corpora_as_dict(self):
- corpora = {}
- for corpus in self.corpora:
- corpora[str(corpus.id)] = corpus.to_dict()
- return corpora
-
- def jobs_as_dict(self):
- jobs = {}
- for job in self.jobs:
- jobs[str(job.id)] = job.to_dict()
- return jobs
-
def delete_user(self):
"""
Delete user from database. Also delete all associated jobs and corpora
From b0c6bb9c05b4c9ca9cddf74ed1ab15c3097836b4 Mon Sep 17 00:00:00 2001
From: Patrick Jentsch
Date: Tue, 12 Nov 2019 12:04:07 +0100
Subject: [PATCH 2/2] Add checks if the user is allowed to start an analysis.
---
app/corpora/events.py | 19 +++++++++++++------
1 file changed, 13 insertions(+), 6 deletions(-)
diff --git a/app/corpora/events.py b/app/corpora/events.py
index 932d24db..64120e31 100644
--- a/app/corpora/events.py
+++ b/app/corpora/events.py
@@ -2,19 +2,19 @@ from app import db, socketio
from app.events import connected_sessions
from app.models import Corpus
from flask import current_app, request
-from flask_login import login_required
+from flask_login import current_user, login_required
from .CQiWrapper.CQiWrapper import CQiWrapper
import logging
'''
-' A dictionary containing lists of with corpus ids associated Socket.IO session
-' ids (sid). {: [, ...], ...}
+' A dictionary containing lists of, with corpus ids associated, Socket.IO
+' session ids (sid). {: [, ...], ...}
'''
analysis_sessions = {}
'''
' A dictionary containing Socket.IO session id - CQi client pairs.
-' {: CQi client, ...}
+' {: CQiClient, ...}
'''
analysis_clients = {}
@@ -22,7 +22,13 @@ analysis_clients = {}
@socketio.on('init_corpus_analysis')
@login_required
def init_corpus_analysis(corpus_id):
- ''' TODO: Check if current_user is allowed to subscribe to this '''
+ corpus = Corpus.query.filter_by(id=corpus_id).first()
+ if corpus is None:
+ socketio.emit('init_corpus_analysis', '[ERROR 404]: Not Found',
+ room=request.sid)
+ if not (corpus.creator == current_user or current_user.is_administrator()):
+ socketio.emit('init_corpus_analysis', '[ERROR 403]: Forbidden',
+ room=request.sid)
if str(corpus_id) not in analysis_sessions:
analysis_sessions[str(corpus_id)] = [request.sid]
socketio.start_background_task(observe_corpus_analysis_connection,
@@ -31,6 +37,7 @@ def init_corpus_analysis(corpus_id):
@socketio.on('query_event')
+@login_required
def recv_query(message):
logger = logging.getLogger(__name__)
logger.warning(message)
@@ -72,4 +79,4 @@ def observe_corpus_analysis_connection(app, corpus_id, session_id):
if not analysis_sessions[str(corpus_id)]:
analysis_sessions.pop(str(corpus_id), None)
corpus.status = 'stop analysis'
- db.session.commit()
+ db.session.commit()