Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add incomplete upload dialog to DLP when unembargo is blocked #2082

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
+291 −22
Open

Add incomplete upload dialog to DLP when unembargo is blocked #2082

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
4afd687
Add API endpoints for listing/clearing active uploads
jjnesbitt Nov 19, 2024
e2f5237
Add dialog to manage uploads for embargoed dandisets
jjnesbitt Nov 20, 2024
f1078bb
Paginate dandiset upload response
jjnesbitt Nov 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
83 changes: 83 additions & 0 deletions dandiapi/api/tests/test_dandiset.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1116,3 +1116,86 @@ def test_dandiset_contact_person_malformed_contributors(api_client, draft_versio
)

assert results.data['draft_version']['dandiset']['contact_person'] == ''


@pytest.mark.django_db
@pytest.mark.parametrize('embargoed', [False, True])
def test_dandiset_rest_list_active_uploads_not_owner(api_client, user, dandiset_factory, embargoed):
ds = dandiset_factory(
embargo_status=Dandiset.EmbargoStatus.EMBARGOED
if embargoed
else Dandiset.EmbargoStatus.OPEN
)

# Test unauthenticated
response = api_client.get(f'/api/dandisets/{ds.identifier}/uploads/')
assert response.status_code == 401

# Test unauthorized
api_client.force_authenticate(user=user)
response = api_client.get(f'/api/dandisets/{ds.identifier}/uploads/')
assert response.status_code == 403


@pytest.mark.django_db
def test_dandiset_rest_list_active_uploads(
authenticated_api_client, user, draft_version, upload_factory
):
ds = draft_version.dandiset

assign_perm('owner', user, ds)
upload = upload_factory(dandiset=ds)

response = authenticated_api_client.get(f'/api/dandisets/{ds.identifier}/uploads/')
assert response.status_code == 200
data = response.json()
assert data['count'] == 1
assert len(data['results']) == 1
assert data['results'][0]['upload_id'] == upload.upload_id


@pytest.mark.django_db
@pytest.mark.parametrize('embargoed', [False, True])
def test_dandiset_rest_clear_active_uploads_not_owner(
api_client, user, dandiset_factory, upload_factory, embargoed
):
ds = dandiset_factory(
embargo_status=Dandiset.EmbargoStatus.EMBARGOED
if embargoed
else Dandiset.EmbargoStatus.OPEN
)

upload_factory(dandiset=ds)

# Test unauthenticated
response = api_client.delete(f'/api/dandisets/{ds.identifier}/uploads/')
assert response.status_code == 401

# Test unauthorized
api_client.force_authenticate(user=user)
response = api_client.delete(f'/api/dandisets/{ds.identifier}/uploads/')
assert response.status_code == 403

assert ds.uploads.count() == 1


@pytest.mark.django_db
def test_dandiset_rest_clear_active_uploads(
authenticated_api_client, user, draft_version, upload_factory
):
ds = draft_version.dandiset

assign_perm('owner', user, ds)
upload_factory(dandiset=ds)

response = authenticated_api_client.get(f'/api/dandisets/{ds.identifier}/uploads/').json()
assert response['count'] == 1
assert len(response['results']) == 1

response = authenticated_api_client.delete(f'/api/dandisets/{ds.identifier}/uploads/')
assert response.status_code == 204

assert ds.uploads.count() == 0
response = authenticated_api_client.get(f'/api/dandisets/{ds.identifier}/uploads/').json()
assert response['count'] == 0
assert len(response['results']) == 0
63 changes: 56 additions & 7 deletions dandiapi/api/views/dandiset.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,12 @@
from __future__ import annotations

import typing
from typing import TYPE_CHECKING

from allauth.socialaccount.models import SocialAccount
from django.contrib.auth.models import User
from django.db import transaction
from django.db.models import Count, Max, OuterRef, Subquery, Sum
from django.db.models import Count, Max, OuterRef, QuerySet, Subquery, Sum
from django.db.models.functions import Coalesce
from django.db.models.query_utils import Q
from django.http import Http404
Expand Down Expand Up @@ -41,6 +42,8 @@
DandisetQueryParameterSerializer,
DandisetSearchQueryParameterSerializer,
DandisetSearchResultListSerializer,
DandisetUploadSerializer,
PaginationQuerySerializer,
UserSerializer,
VersionMetadataSerializer,
)
Expand All @@ -49,6 +52,8 @@
if TYPE_CHECKING:
from rest_framework.request import Request

from dandiapi.api.models.upload import Upload


class DandisetFilterBackend(filters.OrderingFilter):
ordering_fields = ['id', 'name', 'modified', 'size']
Expand Down Expand Up @@ -155,6 +160,16 @@ def get_queryset(self):
queryset = queryset.filter(embargo_status='OPEN')
return queryset

def require_owner_perm(self, dandiset: Dandiset):
# Raise 401 if unauthenticated
if not self.request.user.is_authenticated:
raise NotAuthenticated

# Raise 403 if unauthorized
self.request.user = typing.cast(User, self.request.user)
if not self.request.user.has_perm('owner', dandiset):
raise PermissionDenied

def get_object(self):
# Alternative to path converters, which DRF doesn't support
# https://docs.djangoproject.com/en/3.0/topics/http/urls/#registering-custom-path-converters
Expand All @@ -168,12 +183,8 @@ def get_object(self):

dandiset = super().get_object()
if dandiset.embargo_status != Dandiset.EmbargoStatus.OPEN:
if not self.request.user.is_authenticated:
# Clients must be authenticated to access it
raise NotAuthenticated
if not self.request.user.has_perm('owner', dandiset):
# The user does not have ownership permission
raise PermissionDenied
self.require_owner_perm(dandiset)

return dandiset

@staticmethod
Expand Down Expand Up @@ -453,3 +464,41 @@ def users(self, request, dandiset__pk): # noqa: C901
)

return Response(owners, status=status.HTTP_200_OK)

@swagger_auto_schema(
methods=['GET'],
manual_parameters=[DANDISET_PK_PARAM],
query_serializer=PaginationQuerySerializer,
request_body=no_body,
operation_summary='List active/incomplete uploads in this dandiset.',
)
@action(methods=['GET'], detail=True)
def uploads(self, request, dandiset__pk):
dandiset: Dandiset = self.get_object()

# Special case where a "safe" method is access restricted, due to the nature of uploads
self.require_owner_perm(dandiset)

uploads: QuerySet[Upload] = dandiset.uploads.all()

# Paginate and return
page = self.paginate_queryset(uploads)
if page is not None:
serializer = DandisetUploadSerializer(page, many=True)
return self.get_paginated_response(serializer.data)

serializer = DandisetUploadSerializer(uploads, many=True)
return Response(serializer.data)

@swagger_auto_schema(
manual_parameters=[DANDISET_PK_PARAM],
request_body=no_body,
operation_summary='Delete all active/incomplete uploads in this dandiset.',
)
@uploads.mapping.delete
def clear_uploads(self, request, dandiset__pk):
dandiset: Dandiset = self.get_object()
self.require_owner_perm(dandiset)

dandiset.uploads.all().delete()
return Response(status=status.HTTP_204_NO_CONTENT)
18 changes: 17 additions & 1 deletion dandiapi/api/views/serializers.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
from drf_yasg.utils import swagger_serializer_method
from rest_framework import serializers

from dandiapi.api.models import Asset, AssetBlob, AssetPath, Dandiset, Version
from dandiapi.api.models import Asset, AssetBlob, AssetPath, Dandiset, Upload, Version
from dandiapi.search.models import AssetSearch

if TYPE_CHECKING:
Expand Down Expand Up @@ -299,6 +299,17 @@ def get_contact_person(self, obj):
return extract_contact_person(obj)


class DandisetUploadSerializer(serializers.ModelSerializer):
class Meta:
model = Upload
exclude = [
'dandiset',
'embargoed',
'id',
'multipart_upload_id',
]


class AssetBlobSerializer(serializers.ModelSerializer):
class Meta:
model = AssetBlob
Expand Down Expand Up @@ -362,6 +373,11 @@ class AssetPathsQueryParameterSerializer(serializers.Serializer):
path_prefix = serializers.CharField(default='')


class PaginationQuerySerializer(serializers.Serializer):
page = serializers.IntegerField(default=1)
page_size = serializers.IntegerField(default=100)


class AssetFileSerializer(AssetSerializer):
class Meta(AssetSerializer.Meta):
fields = ['asset_id', 'url']
Expand Down
22 changes: 22 additions & 0 deletions web/src/rest.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import type {
AssetPath,
Zarr,
DandisetSearchResult,
IncompleteUpload,
} from '@/types';
import type {
Dandiset as DandisetMetadata,
Expand Down Expand Up @@ -106,6 +107,27 @@ const dandiRest = {
throw e;
}
},
async uploads(identifier: string): Promise<IncompleteUpload[]> {
const uploads = []
let page = 1;

// eslint-disable-next-line no-constant-condition
while (true) {
const res = await client.get(`dandisets/${identifier}/uploads/`, {params: { page }});

uploads.push(...res.data.results);
if (res.data.next === null) {
break;
}

page += 1;
}

return uploads;
},
async clearUploads(identifier: string) {
await client.delete(`dandisets/${identifier}/uploads/`);
},
async assets(
identifier: string,
version: string,
Expand Down
8 changes: 8 additions & 0 deletions web/src/types/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,3 +102,11 @@ export interface AssetPath {
aggregate_size: number;
asset: AssetFile | null;
}

export interface IncompleteUpload {
created: string;
blob: string;
upload_id: string;
etag: string;
size: number;
}
Loading
Loading