Check wK write permission before organization creation

CHANGELOG.md

@@ -20,6 +20,7 @@ For upgrade instructions, please check the [migration guide](MIGRATIONS.md).
 - Users only get tasks of datasets that they can access. [#4488](https://github.com/scalableminds/webknossos/pull/4488)
 - Fixed the import of datasets which was temporarily broken. [#4497](https://github.com/scalableminds/webknossos/pull/4497)
 - Fixed the displayed segment ids in segmentation tab when "Render Missing Data Black" is turned off. [#4480](https://github.com/scalableminds/webknossos/pull/4480)
+- The datastore checks if a organization folder can be created before creating a new organization. [#4501](https://github.com/scalableminds/webknossos/pull/4501)
 
  ### Removed
 

app/controllers/Authentication.scala

@@ -438,22 +438,23 @@ class Authentication @Inject()(actorSystem: ActorSystem,
                     BadRequest(Json.obj("messages" -> Json.toJson(errors.map(t => Json.obj("error" -> t))))))
                 } else {
                   for {
+                    _ <- checkOrganizationFolder ?~> "organization.folderCreation.notPossible"
                     organization <- createOrganization(signUpData.organization) ?~> "organization.create.failed"
-                    user <- userService.insert(organization._id,
-                                               email,
-                                               firstName,
-                                               lastName,
-                                               isActive = true,
-                                               isOrgTeamManager = true,
-                                               loginInfo,
-                                               passwordHasher.hash(signUpData.password),
-                                               isAdmin = true) ?~> "user.creation.failed"
-                    _ <- createOrganizationFolder(organization.name, loginInfo)
+                    _ <- userService.insert(organization._id,
+                                            email,
+                                            firstName,
+                                            lastName,
+                                            isActive = true,
+                                            isOrgTeamManager = true,
+                                            loginInfo,
+                                            passwordHasher.hash(signUpData.password),
+                                            isAdmin = true) ?~> "user.creation.failed"
+                    _ <- createOrganizationFolder(organization.name, loginInfo) ?~> "organization.folderCreation.failed"
                   } yield {
                     Mailer ! Send(
                       defaultMails.newOrganizationMail(organization.displayName,
                                                        email.toLowerCase,
-                                                       request.headers.get("Host").headOption.getOrElse("")))
+                                                       request.headers.get("Host").getOrElse("")))
                     Ok
                   }
                 }
@@ -475,7 +476,7 @@ class Authentication @Inject()(actorSystem: ActorSystem,
 
   private def createOrganization(organizationDisplayName: String) =
     for {
-      organizationName <- normalizeName(organizationDisplayName).toFox ?~> "invalid organization name"
+      organizationName <- normalizeName(organizationDisplayName).toFox ?~> "organization.name.invalid"
       organization = Organization(ObjectId.generate,
                                   organizationName.replaceAll(" ", "_"),
                                   "",
@@ -500,10 +501,15 @@ class Authentication @Inject()(actorSystem: ActorSystem,
       token <- bearerTokenAuthenticatorService.createAndInit(loginInfo, TokenType.DataStore, deleteOld = false).toFox
       datastores <- dataStoreDAO.findAll(GlobalAccessContext)
       _ <- Fox.combined(datastores.map(sendRPCToDataStore(_, token)))
-    } yield Full(())
-
+    } yield ()
   }
 
+  private def checkOrganizationFolder(implicit request: RequestHeader) =
+    for {
+      datastores <- dataStoreDAO.findAll(GlobalAccessContext)
+      _ <- Fox.serialCombined(datastores)(d => rpc(s"${d.url}/data/triggers/checkNewOrganizationFolder").get)
+    } yield ()
+
   def getCookie(email: String)(implicit requestHeader: RequestHeader): Future[Cookie] = {
     val loginInfo = LoginInfo(CredentialsProvider.ID, email.toLowerCase)
     for {

conf/messages

@@ -43,6 +43,9 @@ organization.create.forbidden=You are not allowed to create a new organization
 organization.create.failed=Failed to create a new organization
 organization.notFound=Organization {0} couldn’t be found
 organization.list.failed=Failed to retrieve list of organizations.
+organization.name.invalid=The chosen organization name is invalid.
+organization.folderCreation.failed=Could not create a directory for your organization, although webKnossos has write permissions.
+organization.folderCreation.notPossible=webKnossos does not have the permissions to create a directory for your organization.
 
 user.activated={0} has been activated
 user.notFound=User not found

webknossos-datastore/app/com/scalableminds/webknossos/datastore/controllers/DataSourceController.scala

@@ -1,7 +1,7 @@
 package com.scalableminds.webknossos.datastore.controllers
 
 import java.io.File
-import java.nio.file.Paths
+import java.nio.file.{Files, Paths}
 
 import com.google.inject.Inject
 import com.scalableminds.util.tools.{Fox, FoxImplicits}
@@ -206,6 +206,15 @@ class DataSourceController @Inject()(
     }
   }
 
+  def checkNewOrganizationDirectory = Action { implicit request =>
+    AllowRemoteOrigin {
+      if (Files.isWritable(dataSourceService.dataBaseDir))
+        Ok
+      else
+        BadRequest
+    }
+  }
+
   def reload(organizationName: String, dataSetName: String, layerName: Option[String] = None) = Action.async {
     implicit request =>
       accessTokenService.validateAccess(UserAccessRequest.administrateDataSources) {

webknossos-datastore/conf/com.scalableminds.webknossos.datastore.routes

@@ -44,4 +44,5 @@ GET         /datasets/:organizationName/:dataSetName
 GET         /triggers/checkInbox                                                                                 @com.scalableminds.webknossos.datastore.controllers.DataSourceController.triggerInboxCheck()
 GET         /triggers/checkInboxBlocking                                                                         @com.scalableminds.webknossos.datastore.controllers.DataSourceController.triggerInboxCheckBlocking()
 GET         /triggers/newOrganizationFolder                                                                      @com.scalableminds.webknossos.datastore.controllers.DataSourceController.createOrganizationDirectory(organizationName: String)
+GET         /triggers/checkNewOrganizationFolder                                                                 @com.scalableminds.webknossos.datastore.controllers.DataSourceController.checkNewOrganizationDirectory()
 GET         /triggers/reload/:organizationName/:dataSetName                                                      @com.scalableminds.webknossos.datastore.controllers.DataSourceController.reload(organizationName: String, dataSetName: String, layerName: Option[String])