Merge pull request #1550 from codalab/develop

Rebase "shell_plus" branch

Author: Didayolo

Dockerfile.flower

@@ -1,8 +1,12 @@
-FROM python:3.9-alpine
+FROM python:3.9
+
+# PYTHONUNBUFFERED: Force stdin, stdout and stderr to be totally unbuffered. (equivalent to `python -u`)
+# PYTHONHASHSEED: Enable hash randomization (equivalent to `python -R`)
+# PYTHONDONTWRITEBYTECODE: Do not write byte files to disk, since we maintain it as readonly. (equivalent to `python -B`)
+ENV PYTHONUNBUFFERED=1 PYTHONHASHSEED=random PYTHONDONTWRITEBYTECODE=1
 
 # Get latest root certificates
-RUN apk add --no-cache ca-certificates && update-ca-certificates curl
-RUN apk add curl
+RUN apt-get update && apt-get install -y ca-certificates && update-ca-certificates
 
 # # Install the required packages
 RUN curl -sSL https://install.python-poetry.org | python3 -
@@ -18,13 +22,6 @@ RUN poetry add redis=3.0.1
 RUN poetry add flower=0.9.3
 RUN poetry add celery="<5.0.0"
 
-# PYTHONUNBUFFERED: Force stdin, stdout and stderr to be totally unbuffered. (equivalent to `python -u`)
-# PYTHONHASHSEED: Enable hash randomization (equivalent to `python -R`)
-# PYTHONDONTWRITEBYTECODE: Do not write byte files to disk, since we maintain it as readonly. (equivalent to `python -B`)
-
-
-ENV PYTHONUNBUFFERED=1 PYTHONHASHSEED=random PYTHONDONTWRITEBYTECODE=1
-
 # Default port
 EXPOSE 5555
 

src/apps/api/serializers/datasets.py

@@ -3,6 +3,7 @@
 
 from api.mixins import DefaultUserCreateMixin
 from datasets.models import Data, DataGroup
+from competitions.models import CompetitionCreationTaskStatus, CompetitionDump
 
 
 class DataSerializer(DefaultUserCreateMixin, serializers.ModelSerializer):
@@ -101,13 +102,32 @@ class Meta:
         )
 
     def get_competition(self, obj):
-
-        # return competition dict with id and title if available
         if obj.competition:
+            # Submission
             return {
                 "id": obj.competition.id,
                 "title": obj.competition.title,
             }
+        else:
+            competition = None
+            try:
+                # Check if it is a bundle
+                competition = CompetitionCreationTaskStatus.objects.get(dataset=obj).resulting_competition
+            except CompetitionCreationTaskStatus.DoesNotExist:
+                competition = None
+            if not competition:
+                # Check if it is a dump
+                try:
+                    competition = CompetitionDump.objects.get(dataset=obj).competition
+                except CompetitionDump.DoesNotExist:
+                    competition = None
+
+            if competition:
+                return {
+                    "id": competition.id,
+                    "title": competition.title
+                }
+
         return None
 
     def get_owner_display_name(self, instance):

src/apps/api/tests/test_submissions.py

@@ -26,9 +26,17 @@ def setUp(self):
         # Extra dummy user to test permissions, they shouldn't have access to many things
         self.other_user = UserFactory(username='other_user', password='other')
 
-        # Make a participant and submission into competition
-        self.participant = UserFactory(username='participant', password='other')
-        CompetitionParticipantFactory(user=self.participant, competition=self.comp)
+        # Make participants
+        self.participant = UserFactory(username='participant_approved', password='other')
+        self.pending_participant = UserFactory(username='participant_pending', password='other')
+        self.denied_participant = UserFactory(username='participant_denied', password='other')
+
+        # Add user as participants in a competition with different statuses
+        CompetitionParticipantFactory(user=self.participant, competition=self.comp, status=CompetitionParticipant.APPROVED)
+        CompetitionParticipantFactory(user=self.pending_participant, competition=self.comp, status=CompetitionParticipant.PENDING)
+        CompetitionParticipantFactory(user=self.denied_participant, competition=self.comp, status=CompetitionParticipant.DENIED)
+
+        # add submission with owner = approved participant
         self.existing_submission = SubmissionFactory(
             phase=self.phase,
             owner=self.participant,
@@ -232,11 +240,21 @@ def test_who_can_see_detailed_result_when_visualization_is_true(self):
         resp = self.client.get(url)
         assert resp.status_code == 200
 
-        # Actual user can see their submission detail result
+        # approved user can see submission detail result
         self.client.force_login(self.participant)
         resp = self.client.get(url)
         assert resp.status_code == 200
 
+        # pending user cannot see submission detail result
+        self.client.force_login(self.pending_participant)
+        resp = self.client.get(url)
+        assert resp.status_code == 403
+
+        # denied user cannot see submission detail result
+        self.client.force_login(self.denied_participant)
+        resp = self.client.get(url)
+        assert resp.status_code == 403
+
         # Regular user cannot see submission detail result
         self.client.force_login(self.other_user)
         resp = self.client.get(url)

src/apps/api/views/datasets.py

@@ -40,6 +40,9 @@ def get_queryset(self):
             # _type = dataset if called from datasets and programs tab to filter datasets and programs
             is_dataset = self.request.query_params.get('_type', '') == 'dataset'
 
+            # _type = dataset if called from datasets and programs tab to filter datasets and programs
+            is_bundle = self.request.query_params.get('_type', '') == 'bundle'
+
             # get queryset
             qs = self.queryset
 
@@ -50,6 +53,11 @@ def get_queryset(self):
             # filter datasets and programs
             if is_dataset:
                 qs = qs.filter(~Q(type=Data.SUBMISSION))
+                qs = qs.exclude(Q(type=Data.COMPETITION_BUNDLE))
+
+            # filter bundles
+            if is_bundle:
+                qs = qs.filter(Q(type=Data.COMPETITION_BUNDLE))
 
             # public filter check
             if is_public:
@@ -58,15 +66,15 @@ def get_queryset(self):
                 qs = qs.filter(Q(created_by=self.request.user))
 
             # if GET is called but provided no filters, fall back to default behaviour
-            if (not is_submission) and (not is_dataset) and (not is_public):
+            if (not is_submission) and (not is_dataset) and (not is_bundle) and (not is_public):
                 qs = self.queryset
                 qs = qs.filter(Q(is_public=True) | Q(created_by=self.request.user))
 
         else:
             qs = self.queryset
             qs = qs.filter(Q(is_public=True) | Q(created_by=self.request.user))
 
-        qs = qs.exclude(Q(type=Data.COMPETITION_BUNDLE) | Q(name__isnull=True))
+        qs = qs.exclude(Q(name__isnull=True))
 
         qs = qs.select_related('created_by').order_by('-created_when')
 

src/apps/api/views/leaderboards.py

@@ -1,7 +1,7 @@
-from rest_framework.permissions import IsAuthenticated
 from rest_framework.viewsets import ModelViewSet
 from rest_framework.response import Response
-from api.permissions import LeaderboardNotHidden, LeaderboardIsOrganizerOrCollaborator
+from rest_framework.status import HTTP_405_METHOD_NOT_ALLOWED
+from api.permissions import LeaderboardNotHidden
 from api.serializers.leaderboards import LeaderboardEntriesSerializer
 from api.serializers.submissions import SubmissionScoreSerializer
 from leaderboards.models import Leaderboard, SubmissionScore
@@ -10,24 +10,32 @@
 class LeaderboardViewSet(ModelViewSet):
     queryset = Leaderboard.objects.all()
     serializer_class = LeaderboardEntriesSerializer
+    http_method_names = ['get']  # Only allow GET requests
 
-    # TODO: The retrieve and list actions are the only ones used, apparently. Delete other permission checks soon!
-    def get_permissions(self):
-        if self.action in ['update', 'partial_update', 'destroy']:
-            raise Exception('Unexpected code branch execution.')
-            self.permission_classes = [LeaderboardIsOrganizerOrCollaborator]
-        elif self.action in ['create']:
-            raise Exception('Unexpected code branch execution.')
-            self.permission_classes = [IsAuthenticated]
-        elif self.action in ['retrieve', 'list']:
-            self.permission_classes = [LeaderboardNotHidden]
+    def create(self, request, *args, **kwargs):
+        return Response({'detail': 'Method not allowed.'}, status=HTTP_405_METHOD_NOT_ALLOWED)
 
-        return [permission() for permission in self.permission_classes]
+    def update(self, request, *args, **kwargs):
+        return Response({'detail': 'Method not allowed.'}, status=HTTP_405_METHOD_NOT_ALLOWED)
+
+    def partial_update(self, request, *args, **kwargs):
+        return Response({'detail': 'Method not allowed.'}, status=HTTP_405_METHOD_NOT_ALLOWED)
+
+    def destroy(self, request, *args, **kwargs):
+        return Response({'detail': 'Method not allowed.'}, status=HTTP_405_METHOD_NOT_ALLOWED)
 
     def list(self, request, *args, **kwargs):
         # Return an empty list for the leaderboard-list endpoint
         return Response([])
 
+    def get_permissions(self):
+        if self.action in ['create', 'update', 'partial_update', 'destroy']:
+            return []  # No permissions, effectively disables the action
+        elif self.action in ['retrieve', 'list']:
+            self.permission_classes = [LeaderboardNotHidden]
+
+        return [permission() for permission in self.permission_classes]
+
 
 class SubmissionScoreViewSet(ModelViewSet):
     queryset = SubmissionScore.objects.all()

src/apps/api/views/submissions.py

@@ -325,14 +325,14 @@ def get_detail_result(self, request, pk):
         submission = Submission.objects.get(pk=pk)
         # Check if competition show visualization is true
         if submission.phase.competition.enable_detailed_results:
-            # get submission's competition participants
-            participants = submission.phase.competition.participants.all()
-            participant_usernames = [participant.user.username for participant in participants]
+            # get submission's competition approved participants
+            approved_participants = submission.phase.competition.participants.filter(status=CompetitionParticipant.APPROVED)
+            participant_usernames = [participant.user.username for participant in approved_participants]
 
             # check if in this competition
             # user is collaborator
             # or
-            # user is participant
+            # user is approved participant
             # or
             # user is creator
             # or

src/apps/competitions/tasks.py

@@ -410,6 +410,8 @@ def _get_error_string(error_dict):
             # call again, to make sure phases get sent to chahub
             competition.save()
             logger.info("Competition saved!")
+            status.dataset.name += f" - {competition.title}"
+            status.dataset.save()
 
     except CompetitionUnpackingException as e:
         # We want to catch well handled exceptions and display them to the user