diff --git a/epdb/legacy_api.py b/epdb/legacy_api.py index ddf3b802..9339328c 100644 --- a/epdb/legacy_api.py +++ b/epdb/legacy_api.py @@ -37,6 +37,13 @@ from .models import ( Package = s.GET_PACKAGE_MODEL() +def get_package_for_write(user, package_uuid): + p = PackageManager.get_package_by_id(user, package_uuid) + if not PackageManager.writable(user, p): + raise ValueError("You do not have the rights to write to this Package!") + return p + + def _anonymous_or_real(request): if request.user.is_authenticated and not request.user.is_anonymous: return request.user @@ -455,7 +462,7 @@ class UpdatePackage(Schema): @router.post("/package/{uuid:package_uuid}", response={200: PackageSchema | Any, 400: Error}) def update_package(request, package_uuid, pack: Form[UpdatePackage]): try: - p = PackageManager.get_package_by_id(request.user, package_uuid) + p = get_package_for_write(request.user, package_uuid) if pack.hiddenMethod: if pack.hiddenMethod == "DELETE": @@ -717,7 +724,7 @@ def create_package_compound( c: Form[CreateCompound], ): try: - p = PackageManager.get_package_by_id(request.user, package_uuid) + p = get_package_for_write(request.user, package_uuid) # inchi is not used atm c = Compound.create( p, c.compoundSmiles, c.compoundName, c.compoundDescription, inchi=c.inchi @@ -730,14 +737,10 @@ def create_package_compound( @router.delete("/package/{uuid:package_uuid}/compound/{uuid:compound_uuid}") def delete_compound(request, package_uuid, compound_uuid): try: - p = PackageManager.get_package_by_id(request.user, package_uuid) - - if PackageManager.writable(request.user, p): - c = Compound.objects.get(package=p, uuid=compound_uuid) - c.delete() - return redirect(f"{p.url}/compound") - else: - raise ValueError("You do not have the rights to delete this Compound!") + p = get_package_for_write(request.user, package_uuid) + c = Compound.objects.get(package=p, uuid=compound_uuid) + c.delete() + return redirect(f"{p.url}/compound") except ValueError: return 403, { "message": f"Deleting Compound with id {compound_uuid} failed due to insufficient rights!" @@ -749,31 +752,29 @@ def delete_compound(request, package_uuid, compound_uuid): ) def delete_compound_structure(request, package_uuid, compound_uuid, structure_uuid): try: - p = PackageManager.get_package_by_id(request.user, package_uuid) + p = get_package_for_write(request.user, package_uuid) - if PackageManager.writable(request.user, p): - c = Compound.objects.get(package=p, uuid=compound_uuid) - cs = CompoundStructure.objects.get(compound=c, uuid=structure_uuid) + c = Compound.objects.get(package=p, uuid=compound_uuid) + cs = CompoundStructure.objects.get(compound=c, uuid=structure_uuid) - # Check if we have to delete the compound as no structure is left - if len(cs.compound.structures.all()) == 1: - # This will delete the structure as well + # Check if we have to delete the compound as no structure is left + if len(cs.compound.structures.all()) == 1: + # This will delete the structure as well + c.delete() + return redirect(p.url + "/compound") + else: + if cs.normalized_structure: c.delete() return redirect(p.url + "/compound") else: - if cs.normalized_structure: - c.delete() - return redirect(p.url + "/compound") + if c.default_structure == cs: + cs.delete() + c.default_structure = c.structures.all().first() + return redirect(c.url + "/structure") else: - if c.default_structure == cs: - cs.delete() - c.default_structure = c.structures.all().first() - return redirect(c.url + "/structure") - else: - cs.delete() - return redirect(c.url + "/structure") - else: - raise ValueError("You do not have the rights to delete this CompoundStructure!") + cs.delete() + return redirect(c.url + "/structure") + except ValueError: return 403, { "message": f"Deleting CompoundStructure with id {compound_uuid} failed due to insufficient rights!" @@ -960,7 +961,7 @@ def create_package_simple_rule( r: Form[CreateSimpleRule], ): try: - p = PackageManager.get_package_by_id(request.user, package_uuid) + p = get_package_for_write(request.user, package_uuid) if r.rdkitrule and r.rdkitrule.strip() == "true": raise ValueError("Not yet implemented!") @@ -996,7 +997,7 @@ def create_package_parallel_rule( r: Form[CreateParallelRule], ): try: - p = PackageManager.get_package_by_id(request.user, package_uuid) + p = get_package_for_write(request.user, package_uuid) srs = SimpleRule.objects.filter(package=p, url__in=r.simpleRules) @@ -1040,7 +1041,7 @@ def post_package_parallel_rule(request, package_uuid, rule_uuid, compound: Form[ def _post_package_rule(request, package_uuid, rule_uuid, compound: Form[str]): try: - p = PackageManager.get_package_by_id(request.user, package_uuid) + p = get_package_for_write(request.user, package_uuid) r = Rule.objects.get(package=p, uuid=rule_uuid) if compound is not None: @@ -1085,14 +1086,11 @@ def delete_parallel_rule(request, package_uuid, rule_uuid): def _delete_rule(request, package_uuid, rule_uuid): try: - p = PackageManager.get_package_by_id(request.user, package_uuid) + p = get_package_for_write(request.user, package_uuid) + r = Rule.objects.get(package=p, uuid=rule_uuid) + r.delete() + return redirect(f"{p.url}/rule") - if PackageManager.writable(request.user, p): - r = Rule.objects.get(package=p, uuid=rule_uuid) - r.delete() - return redirect(f"{p.url}/rule") - else: - raise ValueError("You do not have the rights to delete this Rule!") except ValueError: return 403, { "message": f"Deleting Rule with id {rule_uuid} failed due to insufficient rights!" @@ -1207,7 +1205,7 @@ def create_package_reaction( r: Form[CreateReaction], ): try: - p = PackageManager.get_package_by_id(request.user, package_uuid) + p = get_package_for_write(request.user, package_uuid) if r.smirks is None and (r.educt is None or r.product is None): raise ValueError("Either SMIRKS or educt/product must be provided") @@ -1253,14 +1251,11 @@ def create_package_reaction( @router.delete("/package/{uuid:package_uuid}/reaction/{uuid:reaction_uuid}") def delete_reaction(request, package_uuid, reaction_uuid): try: - p = PackageManager.get_package_by_id(request.user, package_uuid) + p = get_package_for_write(request.user, package_uuid) - if PackageManager.writable(request.user, p): - r = Reaction.objects.get(package=p, uuid=reaction_uuid) - r.delete() - return redirect(f"{p.url}/reaction") - else: - raise ValueError("You do not have the rights to delete this Reaction!") + r = Reaction.objects.get(package=p, uuid=reaction_uuid) + r.delete() + return redirect(f"{p.url}/reaction") except ValueError: return 403, { "message": f"Deleting Reaction with id {reaction_uuid} failed due to insufficient rights!" @@ -1340,14 +1335,12 @@ def create_package_scenario(request, package_uuid): @router.delete("/package/{uuid:package_uuid}/scenario") def delete_scenarios(request, package_uuid): try: - p = PackageManager.get_package_by_id(request.user, package_uuid) + p = get_package_for_write(request.user, package_uuid) + + scens = Scenario.objects.filter(package=p) + scens.delete() + return redirect(f"{p.url}/scenario") - if PackageManager.writable(request.user, p): - scens = Scenario.objects.filter(package=p) - scens.delete() - return redirect(f"{p.url}/scenario") - else: - raise ValueError("You do not have the rights to delete Scenarios!") except ValueError: return 403, {"message": "Deleting Scenarios failed due to insufficient rights!"} @@ -1355,14 +1348,12 @@ def delete_scenarios(request, package_uuid): @router.delete("/package/{uuid:package_uuid}/scenario/{uuid:scenario_uuid}") def delete_scenario(request, package_uuid, scenario_uuid): try: - p = PackageManager.get_package_by_id(request.user, package_uuid) + p = get_package_for_write(request.user, package_uuid) + + scen = Scenario.objects.get(package=p, uuid=scenario_uuid) + scen.delete() + return redirect(f"{p.url}/scenario") - if PackageManager.writable(request.user, p): - scen = Scenario.objects.get(package=p, uuid=scenario_uuid) - scen.delete() - return redirect(f"{p.url}/scenario") - else: - raise ValueError("You do not have the rights to delete this Scenario!") except ValueError: return 403, { "message": f"Deleting Scenario with id {scenario_uuid} failed due to insufficient rights!" @@ -1523,7 +1514,10 @@ def create_pathway( pw: Form[CreatePathway], ): try: - p = PackageManager.get_package_by_id(request.user, package_uuid) + p = get_package_for_write(request.user, package_uuid) + + if not PackageManager.writable(request.user, p): + raise ValueError("You do not have the rights to create a Pathway!") stand_smiles = FormatConverter.standardize(pw.smilesinput.strip(), remove_stereo=True) @@ -1558,14 +1552,12 @@ def create_pathway( @router.delete("/package/{uuid:package_uuid}/pathway/{uuid:pathway_uuid}") def delete_pathway(request, package_uuid, pathway_uuid): try: - p = PackageManager.get_package_by_id(request.user, package_uuid) + p = get_package_for_write(request.user, package_uuid) + + pw = Pathway.objects.get(package=p, uuid=pathway_uuid) + pw.delete() + return redirect(f"{p.url}/pathway") - if PackageManager.writable(request.user, p): - pw = Pathway.objects.get(package=p, uuid=pathway_uuid) - pw.delete() - return redirect(f"{p.url}/pathway") - else: - raise ValueError("You do not have the rights to delete this pathway!") except ValueError: return 403, { "message": f"Deleting Pathway with id {pathway_uuid} failed due to insufficient rights!" @@ -1673,7 +1665,7 @@ class CreateNode(Schema): ) def add_pathway_node(request, package_uuid, pathway_uuid, n: Form[CreateNode]): try: - p = PackageManager.get_package_by_id(request.user, package_uuid) + p = get_package_for_write(request.user, package_uuid) pw = Pathway.objects.get(package=p, uuid=pathway_uuid) if n.nodeDepth is not None and n.nodeDepth.strip() != "": @@ -1691,15 +1683,13 @@ def add_pathway_node(request, package_uuid, pathway_uuid, n: Form[CreateNode]): @router.delete("/package/{uuid:package_uuid}/pathway/{uuid:pathway_uuid}/node/{uuid:node_uuid}") def delete_node(request, package_uuid, pathway_uuid, node_uuid): try: - p = PackageManager.get_package_by_id(request.user, package_uuid) + p = get_package_for_write(request.user, package_uuid) + + pw = Pathway.objects.get(package=p, uuid=pathway_uuid) + n = Node.objects.get(pathway=pw, uuid=node_uuid) + n.delete() + return redirect(f"{pw.url}/node") - if PackageManager.writable(request.user, p): - pw = Pathway.objects.get(package=p, uuid=pathway_uuid) - n = Node.objects.get(pathway=pw, uuid=node_uuid) - n.delete() - return redirect(f"{pw.url}/node") - else: - raise ValueError("You do not have the rights to delete this Node!") except ValueError: return 403, { "message": f"Deleting Node with id {node_uuid} failed due to insufficient rights!" @@ -1783,7 +1773,7 @@ class CreateEdge(Schema): ) def add_pathway_edge(request, package_uuid, pathway_uuid, e: Form[CreateEdge]): try: - p = PackageManager.get_package_by_id(request.user, package_uuid) + p = get_package_for_write(request.user, package_uuid) pw = Pathway.objects.get(package=p, uuid=pathway_uuid) if e.edgeAsSmirks is None and (e.educts is None or e.products is None): @@ -1841,15 +1831,13 @@ def add_pathway_edge(request, package_uuid, pathway_uuid, e: Form[CreateEdge]): @router.delete("/package/{uuid:package_uuid}/pathway/{uuid:pathway_uuid}/edge/{uuid:edge_uuid}") def delete_edge(request, package_uuid, pathway_uuid, edge_uuid): try: - p = PackageManager.get_package_by_id(request.user, package_uuid) + p = get_package_for_write(request.user, package_uuid) + + pw = Pathway.objects.get(package=p, uuid=pathway_uuid) + e = Edge.objects.get(pathway=pw, uuid=edge_uuid) + e.delete() + return redirect(f"{pw.url}/edge") - if PackageManager.writable(request.user, p): - pw = Pathway.objects.get(package=p, uuid=pathway_uuid) - e = Edge.objects.get(pathway=pw, uuid=edge_uuid) - e.delete() - return redirect(f"{pw.url}/edge") - else: - raise ValueError("You do not have the rights to delete this Edge!") except ValueError: return 403, { "message": f"Deleting Edge with id {edge_uuid} failed due to insufficient rights!" @@ -1985,14 +1973,11 @@ def get_model(request, package_uuid, model_uuid, c: Query[Classify]): @router.delete("/package/{uuid:package_uuid}/model/{uuid:model_uuid}") def delete_model(request, package_uuid, model_uuid): try: - p = PackageManager.get_package_by_id(request.user, package_uuid) + p = get_package_for_write(request.user, package_uuid) - if PackageManager.writable(request.user, p): - m = EPModel.objects.get(package=p, uuid=model_uuid) - m.delete() - return redirect(f"{p.url}/model") - else: - raise ValueError("You do not have the rights to delete this Model!") + m = EPModel.objects.get(package=p, uuid=model_uuid) + m.delete() + return redirect(f"{p.url}/model") except ValueError: return 403, { "message": f"Deleting Model with id {model_uuid} failed due to insufficient rights!"