Added permissions to Omics

data-dot-all · Jan 25, 2024 · 6149e35 · 6149e35
1 parent 1d8c672
commit 6149e35
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 36 deletions.
diff --git a/backend/dataall/modules/omics/services/omics_permissions.py b/backend/dataall/modules/omics/services/omics_permissions.py
@@ -3,7 +3,6 @@
 Contains permissions for Omics RUNs
 """
 
-# TODO: THIS HAS NOT BEEN IMPLEMENTED AT ALL AND NEEDS TO BE IMPLEMENTED
 from dataall.core.permissions.permissions import (
     ENVIRONMENT_ALL,
     ENVIRONMENT_INVITED,
@@ -44,7 +43,6 @@
 RESOURCES_ALL.append(LIST_ENVIRONMENT_OMICS_RUNS)
 
 RESOURCES_ALL_WITH_DESC[CREATE_OMICS_RUN] = "Create Omics workflow runs on this environment"
-RESOURCES_ALL_WITH_DESC[LIST_ENVIRONMENT_OMICS_RUNS] = "List Omics workflow runs on this environment"
-RESOURCES_ALL_WITH_DESC[GET_OMICS_RUN] = "General permission to list Omics workflow runs"
+RESOURCES_ALL_WITH_DESC[GET_OMICS_RUN] = "Permission to get Omics workflow runs"
 RESOURCES_ALL_WITH_DESC[DELETE_OMICS_RUN] = "Permission to delete Omics workflow runs"
 RESOURCES_ALL_WITH_DESC[UPDATE_OMICS_RUN] = "Permission to edit Omics workflow runs"
diff --git a/backend/dataall/modules/omics/services/omics_service.py b/backend/dataall/modules/omics/services/omics_service.py
@@ -61,9 +61,9 @@ class OmicsService:
     """
 
     @staticmethod
-    # @has_tenant_permission(MANAGE_OMICS_RUNS)
-    # @has_resource_permission(CREATE_OMICS_RUN)
-    # @has_group_permission(CREATE_OMICS_RUN)
+    @has_tenant_permission(MANAGE_OMICS_RUNS)
+    @has_resource_permission(CREATE_OMICS_RUN)
+    @has_group_permission(CREATE_OMICS_RUN)
     def create_omics_run(*, uri: str, admin_group: str, data: dict) -> OmicsRun:
         """
         Creates an omics_run and attach policies to it
@@ -73,13 +73,13 @@ def create_omics_run(*, uri: str, admin_group: str, data: dict) -> OmicsRun:
         with _session() as session:
             environment = EnvironmentService.get_environment_by_uri(session, uri)
             dataset = DatasetRepository.get_dataset_by_uri(session, data['destination'])
-            # enabled = EnvironmentService.get_boolean_env_param(session, environment, "omicsEnabled")
+            enabled = EnvironmentService.get_boolean_env_param(session, environment, "omicsEnabled")
 
-            # if not enabled and enabled.lower() != "true":
-            #     raise exceptions.UnauthorizedOperation(
-            #         action=CREATE_OMICS_RUN,
-            #         message=f'OMICS_RUN feature is disabled for the environment {environment.label}',
-            #     )
+            if not enabled and enabled.lower() != "true":
+                raise exceptions.UnauthorizedOperation(
+                    action=CREATE_OMICS_RUN,
+                    message=f'OMICS_RUN feature is disabled for the environment {environment.label}',
+                )
 
             omics_run = OmicsRun(
                 owner=get_context().username,
@@ -95,44 +95,39 @@ def create_omics_run(*, uri: str, admin_group: str, data: dict) -> OmicsRun:
             )
 
             OmicsRepository(session).save_omics_run(omics_run)
+            ResourcePolicy.attach_resource_policy(
+                session=session,
+                group=omics_run.SamlAdminGroupName,
+                permissions=OMICS_RUN_ALL,
+                resource_uri=omics_run.runUri,
+                resource_type=OmicsRun.__name__,
+            )
 
             response = OmicsClient.run_omics_workflow(omics_run, session)
-            print(response)
+
             if response:
                 omics_run.runUri = response['id']
                 OmicsRepository(session).save_omics_run(omics_run)
-                # ResourcePolicy.attach_resource_policy(
-                #     session=session,
-                #     group=request.SamlAdminGroupName,
-                #     permissions=OMICS_RUN_ALL,
-                #     resource_uri=omics_run.runUri,
-                #     resource_type=OmicsRun.__name__,
-                # )
-
-                # if environment.SamlGroupName != admin_group:
-                #     ResourcePolicy.attach_resource_policy(
-                #         session=session,
-                #         group=environment.SamlGroupName,
-                #         permissions=OMICS_RUN_ALL,
-                #         resource_uri=omics_run.runUri,
-                #         resource_type=OmicsRun.__name__,
-                #     )
+
                 return True
+            # TODO: in case of failure do we want to delete the object or do we want to show it in UI?
             OmicsRepository(session).delete_omics_run(omics_run)
             return False
 
     @staticmethod
-    #@has_resource_permission(GET_OMICS_RUN)
+    @has_resource_permission(GET_OMICS_RUN)
     def get_omics_run(*, uri: str):
         with _session() as session:
             return OmicsRepository.get_omics_run(session, uri)
 
     @staticmethod
+    @has_resource_permission(GET_OMICS_RUN)
     def get_omics_run_from_aws(uri: str):
         with _session() as session:
             return OmicsClient.get_omics_run(session, uri)
 
     @staticmethod
+    @has_tenant_permission(MANAGE_OMICS_RUNS)
     def get_omics_workflow(workflowId: str) -> dict:
         """List Omics workflows."""
         with _session() as session:
@@ -142,13 +137,15 @@ def get_omics_workflow(workflowId: str) -> dict:
         return response
 
     @staticmethod
+    @has_tenant_permission(MANAGE_OMICS_RUNS)
     def run_omics_workflow(workflowId: str, workflowType: str, roleArn: str, parameters: str) -> dict:
         """List Omics workflows."""
         with _session() as session:
             response = OmicsClient.run_omics_workflow(workflowId,workflowType, roleArn, parameters, session)
         return response
 
     @staticmethod
+    @has_tenant_permission(MANAGE_OMICS_RUNS)
     def list_user_omics_runs(filter: dict) -> dict:
         """List existed user Omics pipelines. Filters only required omics_runs by the filter param"""
         with _session() as session:
@@ -159,6 +156,7 @@ def list_user_omics_runs(filter: dict) -> dict:
             )
 
     @staticmethod
+    @has_tenant_permission(MANAGE_OMICS_RUNS)
     def list_omics_workflows(filter: dict) -> dict:
         """List Omics workflows."""
         with _session() as session:
@@ -167,9 +165,9 @@ def list_omics_workflows(filter: dict) -> dict:
             )
 
     @staticmethod
-    #@has_resource_permission(DELETE_OMICS_RUN)
-    def delete_omics_run(*, uri: str):
-        ##T TODO: IMPLEMENT IN omics_repository
+    @has_resource_permission(DELETE_OMICS_RUN)
+    def delete_omics_run(uri: str):
+        ## TODO: IMPLEMENT IN omics_repository
         """Deletes Omics project from the database and if delete_from_aws is True from AWS as well"""
         with _session() as session:
             omics_run = OmicsService._get_omics_run(session, uri)
@@ -183,8 +181,5 @@ def delete_omics_run(*, uri: str):
                 group=omics_run.SamlAdminGroupName,
             )
 
-
-
-
 def _session():
     return get_context().db_engine.scoped_session()