A&A implementation

9 files changed, 117 insertions, 10 deletions

diff --git a/application.rb b/application.rb
index fe9b8b4..ecb4b7e 100644
--- a/application.rb
+++ b/application.rb
@@ -10,8 +10,9 @@ require File.join(File.dirname(__FILE__),'model.rb')
 require File.join(File.dirname(__FILE__),'helper.rb')
 #require File.join(File.dirname(__FILE__),'parser.rb')
 
+use Rack::Session::Cookie, :expire_after => 28800, 
+                           :secret => "ui6vaiNi-change_me"
 use Rack::Flash
-set :sessions, true
 
 helpers do 
 
@@ -27,10 +28,23 @@ helpers do
 
 end
 
+before do
+  unless env['REQUEST_METHOD'] == "GET" or ( env['REQUEST_URI'] =~ /\/login$/ and env['REQUEST_METHOD'] == "POST" ) or !AA_SERVER
+    if !logged_in()
+      flash[:notice] = "You have to login first to do this."
+      redirect url_for('/login')
+    end
+  end
+end
+
 get '/?' do
   redirect url_for('/create')
 end
 
+get '/login' do
+  haml :login
+end
+
 get '/models/?' do
   @models = ToxCreateModel.all(:order => [ :created_at.desc ])
   #@models.each { |model| model.process }
@@ -93,18 +107,25 @@ get %r{/compound/(.*)} do |inchi|
 end
 
 post '/models' do # create a new model
-
   unless params[:file] and params[:file][:tempfile] #params[:endpoint] and 
     flash[:notice] = "Please upload a Excel or CSV file."
     redirect url_for('/create')
   end
 
-  @model = ToxCreateModel.create(:name => params[:file][:filename].sub(/\..*$/,""))
+  unless logged_in()
+    logout
+    flash[:notice] = "Please login to create a new model."
+    redirect url_for('/create')
+  end
+
+  @model = ToxCreateModel.create(:name => params[:file][:filename].sub(/\..*$/,""), :token_id => session[:token_id])
+  @model.update :web_uri => url_for("/model/#{@model.id}", :full)
+  @model.save
   task = OpenTox::Task.create("Uploading dataset and creating lazar model",url_for("/models",:full)) do
 
     @model.update :status => "Uploading and saving dataset"
     begin
-      @dataset = OpenTox::Dataset.create
+      @dataset = OpenTox::Dataset.create(nil, session[:token_id])
       # check format by extension - not all browsers provide correct content-type]) 
       case File.extname(params[:file][:filename])
       when ".csv"
@@ -119,6 +140,7 @@ post '/models' do # create a new model
     rescue => e
       error "Dataset creation failed with #{e.message}"
     end
+    @dataset.token_id = session[:token_id] if session[:token_id]
     @dataset.save
     if @dataset.compounds.size < 10
       error "Too few compounds to create a prediction model. Did you provide compounds in SMILES format and classification activities as described in the #{link_to "instructions", "/excel_format"}? As a rule of thumb you will need at least 100 training compounds for nongeneric datasets. A lower number could be sufficient for congeneric datasets."
@@ -136,7 +158,7 @@ post '/models' do # create a new model
 
     @model.update :status => "Creating prediction model"
     begin
-      lazar = OpenTox::Model::Lazar.create(:dataset_uri => @dataset.uri)
+      lazar = OpenTox::Model::Lazar.create(:dataset_uri => @dataset.uri, :token_id => session[:token_id])
     rescue => e
       error "Model creation failed with '#{e.message}'. Please check if the input file is in a valid #{link_to "Excel", "/excel_format"} or #{link_to "CSV", "/csv_format"} format."
     end
@@ -159,6 +181,7 @@ post '/models' do # create a new model
         validation = OpenTox::Validation.create_crossvalidation(
           :algorithm_uri => OpenTox::Algorithm::Lazar.uri,
           :dataset_uri => lazar.parameter("dataset_uri"),
+          :token_id => session[:token_id],
           :prediction_feature => lazar.parameter("prediction_feature"),
           :algorithm_params => "feature_generation_uri=#{lazar.parameter("feature_generation_uri")}"
         )
@@ -231,7 +254,7 @@ post '/predict/?' do # post chemical name to model
     title = nil
     db_activities = []
     lazar = OpenTox::Model::Lazar.new model.uri
-    prediction_dataset_uri = lazar.run(:compound_uri => @compound.uri)
+    prediction_dataset_uri = lazar.run(:compound_uri => @compound.uri, :token_id => session[:token_id])
     prediction_dataset = OpenTox::LazarPrediction.find(prediction_dataset_uri)
     if prediction_dataset.metadata[OT.hasSource].match(/dataset/)
       @predictions << {
@@ -298,7 +321,7 @@ post "/lazar/?" do # get detailed prediction
   @page = params[:page].to_i if params[:page]
   @model_uri = params[:model_uri]
   lazar = OpenTox::Model::Lazar.new @model_uri
-  prediction_dataset_uri = lazar.run(:compound_uri => params[:compound_uri])
+  prediction_dataset_uri = lazar.run(:compound_uri => params[:compound_uri], :token_id => params[:token_id])
   @prediction = OpenTox::LazarPrediction.find(prediction_dataset_uri)
   @compound = OpenTox::Compound.new(params[:compound_uri])
   #@title = prediction.metadata[DC.title]
@@ -328,12 +351,42 @@ post "/lazar/?" do # get detailed prediction
   haml :lazar
 end
 
+post '/login' do
+  if session[:token_id] != nil
+    flash[:notice] = "You are already logged in as user: #{session[:username]}. Please log out first."
+    redirect url_for('/login')
+  end
+  if params[:username] == '' || params[:password] == ''
+    flash[:notice] = "Please enter username and password."
+    redirect url_for('/login')
+  end
+  if login(params[:username], params[:password])
+    flash[:notice] = "Login successful."
+  else
+    flash[:notice] = "Login failed."
+  end
+  haml :login
+end
+
+post '/logout' do
+  logout
+  redirect url_for('/login')
+end
+
 delete '/model/:id/?' do
   model = ToxCreateModel.get(params[:id])
   begin
-    RestClient.delete model.uri if model.uri
+    RestClient.delete(model.uri, :token_id => session[:token_id]) if model.uri
     RestClient.delete model.task_uri if model.task_uri
     model.destroy
+    unless ToxCreateModel.get(params[:id])
+      begin
+        aa = OpenTox::Authorization.delete_policies_from_uri(model.web_uri, session[:token_id])
+        LOGGER.debug "Policy deleted for Dataset URI: #{uri} with result: #{aa}"
+      rescue
+        LOGGER.warn "Policy delete error for Dataset URI: #{uri}"
+      end
+    end
     flash[:notice] = "#{model.name} model deleted."
   rescue
     flash[:notice] = "#{model.name} model delete error."
diff --git a/helper.rb b/helper.rb
index d691103..a660cc2 100644
--- a/helper.rb
+++ b/helper.rb
@@ -1,5 +1,41 @@
 helpers do
 
+  def login(username, password)
+    session[:token_id] = OpenTox::Authorization.authenticate(username, password)
+    LOGGER.debug "ToxCreate login user #{username} with token_id: " + session[:token_id].to_s
+    if session[:token_id] != nil
+      session[:username] = username
+      return true
+    else
+      session[:username] = ""
+      return false
+    end
+  end
+
+  def logout
+    if session[:token_id] != nil
+      session[:token_id] = nil
+      session[:username] = ""
+      return true
+    end
+    return false
+  end
+
+  def logged_in()
+    return true if !AA_SERVER
+    if session[:token_id] != nil
+      return OpenTox::Authorization.is_token_valid(session[:token_id])
+    end
+    return false
+  end
+
+  def is_authorized(uri, action)
+    if session[:token_id] != nil
+      return OpenTox::Authorization.authorize(uri, action, session[:token_id])
+    end
+    return false
+  end
+
   def hide_link(destination)
     @link_id = 0 unless @link_id
     @link_id += 1
diff --git a/model.rb b/model.rb
index 9929ab0..0a08eeb 100644
--- a/model.rb
+++ b/model.rb
@@ -38,6 +38,11 @@ class ToxCreateModel
 	property :root_mean_squared_error, Float
 	property :mean_absolute_error, Float
 
+  property :token_id, String, :length => 255
+  property :web_uri, String, :length => 255
+
+  after :save, :check_policy
+
 =begin
 def status
 		#begin
@@ -181,6 +186,11 @@ def status
   end
 =end
 
+  private
+  def check_policy
+    OpenTox::Authorization.check_policy(web_uri, token_id)
+  end
+
 end
 
 DataMapper.auto_upgrade!
diff --git a/views/create.haml b/views/create.haml
index 6563494..d83d2b9 100644
--- a/views/create.haml
+++ b/views/create.haml
@@ -30,6 +30,7 @@
         = link_to "CSV", '/help'
         format:
       %input{:type => 'file', :name => 'file', :id => 'file', :size => '41'}
+      %input{:type => 'hidden', :name => 'token_id', :id => 'token_id', :value => session[:token_id]}
     %input{ :type => "submit", :value => "Create model"}
     = link_to "Cancel", '/create'
 
diff --git a/views/fragment.haml b/views/fragment.haml
index fa7495d..eae786c 100644
--- a/views/fragment.haml
+++ b/views/fragment.haml
@@ -2,6 +2,7 @@
   %input{:type => :hidden, :name => :compound_uri, :value => compound_uri}
   %input{:type => :hidden, :name => :model_uri, :value => model_uri}
   %input{:type => :hidden, :name => :highlight, :value => smarts}
+  %input{:type => :hidden, :name => :token_id, :value => session[:token_id]}
   - if smarts.nil?
     %input{ :type => "submit", :value => "Reset"}
   - else
diff --git a/views/layout.haml b/views/layout.haml
index a3db5e9..f1b63e9 100644
--- a/views/layout.haml
+++ b/views/layout.haml
@@ -11,7 +11,8 @@
   %body
     .logo
       = image_tag "/ToxCreate_rgb_72.png", :alt => 'ToxCreate', :align => 'right'
-      %br Create and evaluate models to predict toxicity
+      %br
+      Create and evaluate models to predict toxicity
     .index
       %ul
         %li{:class => ("selected" if /\/create/ =~ request.path )}
@@ -20,6 +21,9 @@
           = link_to "Inspect", "/models"
         %li{:class => ("selected" if /predict|lazar/ =~ request.path )}
           = link_to "Predict", "/predict"
+        - if AA_SERVER
+          %li{:class => ("selected" if /login/ =~ request.path )}
+            = link_to "Login", "/login"
         %li{:class => ("selected" if /help/ =~ request.path )}
           = link_to "Help", "/help"
 
diff --git a/views/models.haml b/views/models.haml
index 17d9c8a..f018c08 100644
--- a/views/models.haml
+++ b/views/models.haml
@@ -3,7 +3,7 @@
 :javascript
   $(function() {
     if(#{stati != 0}) { 
-      setTimeout('checkStati("#{stati_to_check}")',1500);
+      setTimeout('checkStati("#{stati_to_check}")',5000);
     }
     var reload_validation = true;
     if(reload_validation) setTimeout('checkValidation()',15000);
diff --git a/views/predict.haml b/views/predict.haml
index 26c8094..6337a5b 100644
--- a/views/predict.haml
+++ b/views/predict.haml
@@ -29,6 +29,7 @@
           %input{:type => 'checkbox', :name => "selection[#{model.id}]", :value => true, :id => model.id} 
           %br
 
+      %input{:type => 'hidden', :name => 'token_id', :id => 'token_id', :value => session[:token_id]}
       %input{ :type => "submit", :value => "Predict", :onclick => "getsmiles();"}
       = link_to 'Cancel', '/predict' 
 
diff --git a/views/prediction.haml b/views/prediction.haml
index 8498abc..f0b48e8 100644
--- a/views/prediction.haml
+++ b/views/prediction.haml
@@ -44,6 +44,7 @@
               %form{:name => "form", :action => url_for('/lazar'), :method => "post", :enctype => "multipart/form-data" }
                 %input{:type => :hidden, :name => :compound_uri, :value => @compound.uri}
                 %input{:type => :hidden, :name => :model_uri, :value => p[:model_uri]}
+                %input{:type => :hidden, :name => :token_id, :value => session[:token_id]}
                 %input{ :type => "submit", :value => "Details"}
 
 = haml :confidence, :layout => false