From 55ec6afaf7fd8efefa9eb272b22e2f295ce95c25 Mon Sep 17 00:00:00 2001 From: Jun Aishima Date: Thu, 30 Nov 2023 11:38:22 -0500 Subject: [PATCH 1/5] remove createPerson() and associated functions * createPerson(), createProposal(), and addPersonToProposal() are being removed to ensure that malicious actors could not run these functions even given access to the LSDC terminal --- daq_macros.py | 15 --------------- ispybLib.py | 44 +------------------------------------------- 2 files changed, 1 insertion(+), 58 deletions(-) diff --git a/daq_macros.py b/daq_macros.py index 58be0967..7ca2ae35 100644 --- a/daq_macros.py +++ b/daq_macros.py @@ -3871,18 +3871,6 @@ def emptyQueue(): reqList = list(db_lib.getQueue(daq_utils.beamline)) for i in range (0,len(reqList)): db_lib.deleteRequest(reqList[i]["uid"]) - -def addPersonToProposal(personLogin,propNum): - """addPersonToProposal(personLogin,propNum) : add person to ISPyB proposal - personLogin must be quoted, proposal number is a number (not quoted)""" - ispybLib.addPersonToProposal(personLogin,propNum) - -def createPerson(firstName,lastName,loginName): - """createPerson(firstName,lastName,loginName) : create person for ISPyB - be sure to quote all arguments""" - ispybLib.createPerson(firstName,lastName,loginName) - -def createProposal(propNum,PI_login="boaty"): - """createProposal(propNum,PI_login) : create proposal for ISPyB - be sure to quote the login name, Proposal number is a number (not quoted)""" - ispybLib.createProposal(propNum,PI_login) def topViewCheckOn(): @@ -3961,9 +3949,6 @@ def lsdcHelp(): print(newVisit.__doc__) print(emptyQueue.__doc__) print(logMe.__doc__) - print(addPersonToProposal.__doc__) - print(createPerson.__doc__) - print(createProposal.__doc__) print(setAttenBCU.__doc__) print(setAttenRI.__doc__) print(unlockGUI.__doc__) diff --git a/ispybLib.py b/ispybLib.py index d852be0c..f6f4cf82 100644 --- a/ispybLib.py +++ b/ispybLib.py @@ -54,32 +54,7 @@ def maxVisitNumfromProposal(propNum): propID = proposalIdFromProposal(propNum) q = ("select max(visit_number) from BLSession where proposalId = " + str(propID)) return (queryOneFromDB(q)) - -def createPerson(firstName,lastName,loginName): - return - params = core.get_person_params() - params['given_name'] = firstName - params['family_name'] = lastName - params['login'] = loginName - pid = core.upsert_person(list(params.values())) - cnx.commit() - - -def createProposal(propNum,PI_login="boaty"): - return - pid = personIdFromLogin(PI_login) - if (pid == 0): - createPerson("Not","Sure",PI_login) - pid = personIdFromLogin(PI_login) - params = core.get_proposal_params() - params['proposal_code'] = 'mx' - params['proposal_number'] = int(propNum) - params['proposal_type'] = 'mx' - params['person_id'] = pid - params['title'] = 'SynchWeb Dev Proposal' - proposal_id = core.upsert_proposal(list(params.values())) - cnx.commit() #not sure why I needed to do this. Maybe mistake in stored proc? def createVisitName(propNum): # this is for the GUI to know what a datapath would be in row_clicked return @@ -164,24 +139,7 @@ def createVisit(propNum): # phpid = core.upsert_proposal_has_person(list(params.values())) # assert phpid is not None # assert phpid > 0 - return visitName - -def addPersonToProposal(personLogin,propNum): - return - personID = personIdFromLogin(personLogin) - if (personID == 0): - createPerson("Not","Sure",personLogin) - personID = personIdFromLogin(personLogin) - propID = proposalIdFromProposal(propNum) - if (propID == 0): - createProposal(propNum,personLogin) - propID = proposalIdFromProposal(propNum) - params = core.get_proposal_has_person_params() - params['proposal_id'] = propID - params['role'] = 'Co-Investigator' - params['personid'] = personID - phpid = core.upsert_proposal_has_person(list(params.values())) - cnx.commit() + return visitName def insertPlotResult(dc_id,imageNumber,spotTotal,goodBraggCandidates,method2Res,totalIntegratedSignal): From a3a3ff9c4f1b911a531630824a0262b73a919e0b Mon Sep 17 00:00:00 2001 From: Jun Aishima Date: Thu, 30 Nov 2023 11:40:59 -0500 Subject: [PATCH 2/5] remove createVisitName() * only used in createVisit() when that function is allowed to run --- ispybLib.py | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/ispybLib.py b/ispybLib.py index f6f4cf82..95c93226 100644 --- a/ispybLib.py +++ b/ispybLib.py @@ -56,22 +56,6 @@ def maxVisitNumfromProposal(propNum): return (queryOneFromDB(q)) -def createVisitName(propNum): # this is for the GUI to know what a datapath would be in row_clicked - return - logger.info("creating visit Name for propnum " + str(propNum)) - propID = proposalIdFromProposal(propNum) - if (propID == 0): #proposal doesn't exist, just create and assign to boaty - createProposal(propNum) - maxVis = maxVisitNumfromProposal(propNum) - if (maxVis == None): #1st visit - newVisitNum = 1 - else: - newVisitNum = 1 + maxVis - logger.info('new visit number: %s' % newVisitNum) - visitName = "mx"+str(propNum)+"-"+str(newVisitNum) - return visitName, newVisitNum - - def createVisit(propNum): return visitName, newVisitNum = createVisitName(propNum) From d8008ebd6adf8588d5987f9343d385d3337bf3ab Mon Sep 17 00:00:00 2001 From: Jun Aishima Date: Thu, 30 Nov 2023 12:05:02 -0500 Subject: [PATCH 3/5] remove createVisit() * start removing code that sets proposal number, visit number, and so on, and reflect that in exceptions/error messages as well --- ispybLib.py | 76 +++-------------------------------------------------- 1 file changed, 3 insertions(+), 73 deletions(-) diff --git a/ispybLib.py b/ispybLib.py index 95c93226..fc93fcee 100644 --- a/ispybLib.py +++ b/ispybLib.py @@ -54,76 +54,6 @@ def maxVisitNumfromProposal(propNum): propID = proposalIdFromProposal(propNum) q = ("select max(visit_number) from BLSession where proposalId = " + str(propID)) return (queryOneFromDB(q)) - - -def createVisit(propNum): - return - visitName, newVisitNum = createVisitName(propNum) - personID = personIdFromProposal(propNum) - params = core.get_session_for_proposal_code_number_params() - params['proposal_code'] = 'mx' - params['proposal_number'] = propNum - params['visit_number'] = newVisitNum - params['beamline_name'] = daq_utils.beamline.upper() - params['startdate'] = datetime.fromtimestamp(time.time()).strftime('%Y-%m-%d %H:%M:%S') - params['enddate'] = datetime.fromtimestamp(time.time()).strftime('%Y-%m-%d %H:%M:%S') - - params['comments'] = 'For software testing' - sid = core.upsert_session_for_proposal_code_number(list(params.values())) - cnx.commit() - assert sid is not None - assert sid > 0 - # Test upsert_person: -# params = core.get_person_params() -# params['given_name'] = 'Baldur' -# params['family_name'] = 'Odinsson' -# params['login'] = 'bo%s' % str(time.time()) # login must be unique -# pid = core.upsert_person(list(params.values())) -# assert pid is not None -# assert pid > 0 - -# params = core.get_person_params() -# params['id'] = pid -# params['email_address'] = 'baldur.odinsson@asgard.org' -# pid2 = core.upsert_person(list(params.values())) -# assert pid2 is not None -# assert pid2 == pid - - # Test upsert_session_has_person: - params = core.get_session_has_person_params() - params['session_id'] = sid - params['person_id'] = personID - params['role'] = 'Co-Investigator' - params['remote'] = True - core.upsert_session_has_person(list(params.values())) - cnx.commit() - try: - personsOnProposalList = core.retrieve_persons_for_proposal("mx",propNum) - logger.debug(f'list of all persons: {personsOnProposalList}') - except: - logger.error(f'exception when retrieving persons for proposal {propNum}') - return visitName - for i in range (0,len(personsOnProposalList)): - personLogin = personsOnProposalList[i]["login"] - personID = personIdFromLogin(personLogin) - params = core.get_session_has_person_params() - params['session_id'] = sid - params['person_id'] = personID - params['role'] = 'Co-Investigator' - params['remote'] = True - core.upsert_session_has_person(list(params.values())) - cnx.commit() - - - # Test upsert_proposal_has_person: -# params = core.get_proposal_has_person_params() -# params['proposal_id'] = 141666 -# params['person_id'] = pid -# params['role'] = 'Principal Investigator' -# phpid = core.upsert_proposal_has_person(list(params.values())) -# assert phpid is not None -# assert phpid > 0 - return visitName def insertPlotResult(dc_id,imageNumber,spotTotal,goodBraggCandidates,method2Res,totalIntegratedSignal): @@ -145,9 +75,9 @@ def insertResult(result,resultType,request,visitName,dc_id=None,xmlFileName=None try: sessionid = core.retrieve_visit_id(visitName) except ISPyBNoResultException as e: - logger.error("insert result - caught ISPyBNoResultException: '%s'. make sure visit name is in the format mx999999-1234. NOT HAVING MX IN FRONT IS A SIGN OF PROBLEMS - try newVisit() in that case." % e) - propNum = visitName.split('-')[0] - sessionid = createVisit(propNum) + message = f"insert result - caught ISPyBNoResultException: '{e}'." + logger.exception(message) + raise e request_type = request['request_type'] if request_type in('standard', 'vector') : sample = request['sample'] # this needs to be created and linked to a DC group From b0ef8ee49d51f655a58d50bbbcffd4ec14839aec Mon Sep 17 00:00:00 2001 From: Jun Aishima Date: Thu, 30 Nov 2023 12:09:02 -0500 Subject: [PATCH 4/5] remove newVisit() and references in log messages * proposal and visit number will be determined external to LSDC, using NSLS2 API information --- daq_macros.py | 5 ----- ispybLib.py | 5 +++-- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/daq_macros.py b/daq_macros.py index 7ca2ae35..9f2e3870 100644 --- a/daq_macros.py +++ b/daq_macros.py @@ -3843,10 +3843,6 @@ def vertRasterOff(): """vertRasterOff() : only raster vertically for single-column (line) rasters""" setBlConfig("vertRasterOn",0) -def newVisit(): - """newVisit() : Trick LSDC into creating a new visit on the next request creation""" - setBlConfig("proposal",987654) #a kludge to cause the next collection to generate a new visit - def logMe(): """logMe() : Edwin asked for this""" @@ -3946,7 +3942,6 @@ def lsdcHelp(): print(enableMount.__doc__) print(vertRasterOn.__doc__) print(vertRasterOff.__doc__) - print(newVisit.__doc__) print(emptyQueue.__doc__) print(logMe.__doc__) print(setAttenBCU.__doc__) diff --git a/ispybLib.py b/ispybLib.py index fc93fcee..b6c35400 100644 --- a/ispybLib.py +++ b/ispybLib.py @@ -269,8 +269,9 @@ def insertRasterResult(request,visitName): try: sessionid = core.retrieve_visit_id(visitName) except ISPyBNoResultException as e: - logger.error("insertRasterResult - caught ISPyBNoResultException: '%s'. make sure visit name is in the format mx999999-1234. NOT HAVING MX IN FRONT IS A SIGN OF PROBLEMS - try newVisit() in that case." % e) - return + message = f"insertRasterResult - caught ISPyBNoResultException: '{e}'." + logger.error(message) + raise e request = db_lib.getRequestByID(request_id) sample = request['sample'] # this needs to be created and linked to a DC group #result_obj = result['result_obj'] this doesn't appear to be used -DK From 40a34c82bf0dbeb14720fcff1b2061294f98ded9 Mon Sep 17 00:00:00 2001 From: Jun Aishima Date: Thu, 30 Nov 2023 12:12:59 -0500 Subject: [PATCH 5/5] remove functions that are no longer required * these functions have been used within each other and previously removed functions --- ispybLib.py | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/ispybLib.py b/ispybLib.py index b6c35400..456f9906 100644 --- a/ispybLib.py +++ b/ispybLib.py @@ -38,23 +38,6 @@ def queryOneFromDB(q): except TypeError: return 0 -def personIdFromLogin(loginName): - q = ("select personId from Person where login = \""+ loginName + "\"") - return (queryOneFromDB(q)) - -def personIdFromProposal(propNum): - q = ("select personId from Proposal where proposalNumber = " + str(propNum)) - return (queryOneFromDB(q)) - -def proposalIdFromProposal(propNum): - q = ("select proposalId from Proposal where proposalNumber = " + str(propNum)) - return (queryOneFromDB(q)) - -def maxVisitNumfromProposal(propNum): - propID = proposalIdFromProposal(propNum) - q = ("select max(visit_number) from BLSession where proposalId = " + str(propID)) - return (queryOneFromDB(q)) - def insertPlotResult(dc_id,imageNumber,spotTotal,goodBraggCandidates,method2Res,totalIntegratedSignal): return