From 19f1dea4fa47b8cdf6a80405ecbb52234c8a6a1f Mon Sep 17 00:00:00 2001 From: Patrick Jentsch Date: Tue, 12 Nov 2019 12:03:46 +0100 Subject: [PATCH 1/2] Use list comprehension instead of class methods. --- app/events.py | 8 ++++---- app/models.py | 12 ------------ 2 files changed, 4 insertions(+), 16 deletions(-) diff --git a/app/events.py b/app/events.py index aded211f..73022cc5 100644 --- a/app/events.py +++ b/app/events.py @@ -73,16 +73,16 @@ def user_ressource_subscription_handler(app, user_id, session_id, with app.app_context(): # Gather current values from database. user = User.query.filter_by(id=user_id).first() - corpora = user.corpora_as_dict() - jobs = user.jobs_as_dict() + corpora = {corpus.id: corpus.to_dict() for corpus in user.corpora} + jobs = {job.id: job.to_dict() for job in user.jobs} # Send initial values to the user. socketio.emit(init_events['corpora'], json.dumps(corpora), room=session_id) socketio.emit(init_events['jobs'], json.dumps(jobs), room=session_id) while session_id in connected_sessions: # Get new values from the database - new_corpora = user.corpora_as_dict() - new_jobs = user.jobs_as_dict() + new_corpora = {corpus.id: corpus.to_dict() for corpus in user.corpora} + new_jobs = {job.id: job.to_dict() for job in user.jobs} # Compute JSON patches. corpora_patch = jsonpatch.JsonPatch.from_diff(corpora, new_corpora) jobs_patch = jsonpatch.JsonPatch.from_diff(jobs, new_jobs) diff --git a/app/models.py b/app/models.py index 058528ce..f2501bd3 100644 --- a/app/models.py +++ b/app/models.py @@ -208,18 +208,6 @@ class User(UserMixin, db.Model): """ return self.can(Permission.ADMIN) - def corpora_as_dict(self): - corpora = {} - for corpus in self.corpora: - corpora[str(corpus.id)] = corpus.to_dict() - return corpora - - def jobs_as_dict(self): - jobs = {} - for job in self.jobs: - jobs[str(job.id)] = job.to_dict() - return jobs - def delete_user(self): """ Delete user from database. Also delete all associated jobs and corpora From b0c6bb9c05b4c9ca9cddf74ed1ab15c3097836b4 Mon Sep 17 00:00:00 2001 From: Patrick Jentsch Date: Tue, 12 Nov 2019 12:04:07 +0100 Subject: [PATCH 2/2] Add checks if the user is allowed to start an analysis. --- app/corpora/events.py | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/app/corpora/events.py b/app/corpora/events.py index 932d24db..64120e31 100644 --- a/app/corpora/events.py +++ b/app/corpora/events.py @@ -2,19 +2,19 @@ from app import db, socketio from app.events import connected_sessions from app.models import Corpus from flask import current_app, request -from flask_login import login_required +from flask_login import current_user, login_required from .CQiWrapper.CQiWrapper import CQiWrapper import logging ''' -' A dictionary containing lists of with corpus ids associated Socket.IO session -' ids (sid). {: [, ...], ...} +' A dictionary containing lists of, with corpus ids associated, Socket.IO +' session ids (sid). {: [, ...], ...} ''' analysis_sessions = {} ''' ' A dictionary containing Socket.IO session id - CQi client pairs. -' {: CQi client, ...} +' {: CQiClient, ...} ''' analysis_clients = {} @@ -22,7 +22,13 @@ analysis_clients = {} @socketio.on('init_corpus_analysis') @login_required def init_corpus_analysis(corpus_id): - ''' TODO: Check if current_user is allowed to subscribe to this ''' + corpus = Corpus.query.filter_by(id=corpus_id).first() + if corpus is None: + socketio.emit('init_corpus_analysis', '[ERROR 404]: Not Found', + room=request.sid) + if not (corpus.creator == current_user or current_user.is_administrator()): + socketio.emit('init_corpus_analysis', '[ERROR 403]: Forbidden', + room=request.sid) if str(corpus_id) not in analysis_sessions: analysis_sessions[str(corpus_id)] = [request.sid] socketio.start_background_task(observe_corpus_analysis_connection, @@ -31,6 +37,7 @@ def init_corpus_analysis(corpus_id): @socketio.on('query_event') +@login_required def recv_query(message): logger = logging.getLogger(__name__) logger.warning(message) @@ -72,4 +79,4 @@ def observe_corpus_analysis_connection(app, corpus_id, session_id): if not analysis_sessions[str(corpus_id)]: analysis_sessions.pop(str(corpus_id), None) corpus.status = 'stop analysis' - db.session.commit() + db.session.commit()