Add option to lock explorative annotations

CHANGELOG.unreleased.md

@@ -12,6 +12,7 @@ For upgrade instructions, please check the [migration guide](MIGRATIONS.released
 
 ### Added
 - Within the proofreading tool, the user can now interact with the super voxels of a mesh in the 3D viewport. For example, this allows to merge or cut super voxels from another. As before, the proofreading tool requires an agglomerate file. [#7742](https://github.com/scalableminds/webknossos/pull/7742)
+- Added the option to lock an explorative anntations for the owner. Locked annotation cannot be annotated by any user. [#7801](https://github.com/scalableminds/webknossos/pull/7801)
 - Minor improvements for the timetracking overview (faster data loading, styling). [#7789](https://github.com/scalableminds/webknossos/pull/7789)
 - Updated several backend dependencies for optimized stability and performance. [#7782](https://github.com/scalableminds/webknossos/pull/7782)
 - Voxelytics workflows can be searched by name and hash. [#7790](https://github.com/scalableminds/webknossos/pull/7790)

MIGRATIONS.unreleased.md

@@ -8,4 +8,7 @@ User-facing changes are documented in the [changelog](CHANGELOG.released.md).
 ## Unreleased
 [Commits](https://github.com/scalableminds/webknossos/compare/24.05.0...HEAD)
 
+- Edited the annotations table to add the option to locked explorative annotations. Migration 114 needs to be executed to update the database schema.
+
 ### Postgres Evolutions:
+- [114-annotation-locked-by-user.sql](conf/evolutions/114-annotation-locked-by-user.sql)

app/controllers/AnnotationController.scala

@@ -180,10 +180,26 @@ class AnnotationController @Inject()(
     } yield JsonOk(json, Messages("annotation.reopened"))
   }
 
+  def editLockedState(typ: String, id: String, isLockedByUser: Boolean): Action[AnyContent] = sil.SecuredAction.async {
+    implicit request =>
+      for {
+        annotation <- provider.provideAnnotation(typ, id, request.identity)
+        _ <- bool2Fox(annotation._user == request.identity._id) ?~> "annotation.isLockedByUser.notAllowed"
+        _ <- bool2Fox(annotation.typ == AnnotationType.Explorational) ?~> "annotation.isLockedByUser.explorationalsOnly"
+        _ = logger.info(
+          s"Locking annotation $id, new locked state will be ${isLockedByUser.toString}, access context: ${request.identity.toStringAnonymous}")
+        _ <- annotationDAO.updateLockedState(annotation._id, isLockedByUser) ?~> "annotation.invalid"
+        updatedAnnotation <- provider.provideAnnotation(typ, id, request.identity) ~> NOT_FOUND
+        json <- annotationService.publicWrites(updatedAnnotation, Some(request.identity)) ?~> "annotation.write.failed"
+      } yield JsonOk(json, Messages("annotation.IsLockedByUser.success"))
+  }
+
   def addAnnotationLayer(typ: String, id: String): Action[AnnotationLayerParameters] =
     sil.SecuredAction.async(validateJson[AnnotationLayerParameters]) { implicit request =>
       for {
         _ <- bool2Fox(AnnotationType.Explorational.toString == typ) ?~> "annotation.addLayer.explorationalsOnly"
+        restrictions <- provider.restrictionsFor(typ, id) ?~> "restrictions.notFound" ~> NOT_FOUND
+        _ <- restrictions.allowUpdate(request.identity) ?~> "notAllowed" ~> FORBIDDEN
         annotation <- provider.provideAnnotation(typ, id, request.identity)
         newLayerName = request.body.name.getOrElse(AnnotationLayer.defaultNameForType(request.body.typ))
         _ <- bool2Fox(!annotation.annotationLayers.exists(_.name == newLayerName)) ?~> "annotation.addLayer.nameInUse"
@@ -281,6 +297,8 @@ class AnnotationController @Inject()(
     sil.SecuredAction.async { implicit request =>
       for {
         _ <- bool2Fox(AnnotationType.Explorational.toString == typ) ?~> "annotation.addLayer.explorationalsOnly"
+        restrictions <- provider.restrictionsFor(typ, id) ?~> "restrictions.notFound" ~> NOT_FOUND
+        _ <- restrictions.allowUpdate(request.identity) ?~> "notAllowed" ~> FORBIDDEN
         annotation <- provider.provideAnnotation(typ, id, request.identity)
         organization <- organizationDAO.findOne(request.identity._organization)
         _ <- annotationService.makeAnnotationHybrid(annotation, organization.name, fallbackLayerName) ?~> "annotation.makeHybrid.failed"
@@ -301,6 +319,8 @@ class AnnotationController @Inject()(
     implicit request =>
       for {
         _ <- bool2Fox(AnnotationType.Explorational.toString == typ) ?~> "annotation.downsample.explorationalsOnly"
+        restrictions <- provider.restrictionsFor(typ, id) ?~> "restrictions.notFound" ~> NOT_FOUND
+        _ <- restrictions.allowUpdate(request.identity) ?~> "notAllowed" ~> FORBIDDEN
         annotation <- provider.provideAnnotation(typ, id, request.identity)
         annotationLayer <- annotation.annotationLayers
           .find(_.tracingId == tracingId)
@@ -319,19 +339,6 @@ class AnnotationController @Inject()(
       } yield result
   }
 
-  def addSegmentIndex(id: String, tracingId: String): Action[AnyContent] = sil.SecuredAction.async { implicit request =>
-    for {
-      annotation <- provider.provideAnnotation(id, request.identity)
-      _ <- bool2Fox(AnnotationType.Explorational == annotation.typ) ?~> "annotation.addSegmentIndex.explorationalsOnly"
-      annotationLayer <- annotation.annotationLayers
-        .find(_.tracingId == tracingId)
-        .toFox ?~> "annotation.addSegmentIndex.layerNotFound"
-      _ <- annotationService.addSegmentIndex(annotation, annotationLayer) ?~> "annotation.addSegmentIndex.failed"
-      updated <- provider.provideAnnotation(id, request.identity)
-      json <- annotationService.publicWrites(updated, Some(request.identity)) ?~> "annotation.write.failed"
-    } yield JsonOk(json)
-  }
-
   def addSegmentIndicesToAll(parallelBatchCount: Int,
                              dryRun: Boolean,
                              skipTracings: Option[String]): Action[AnyContent] =

app/models/annotation/Annotation.scala

@@ -11,6 +11,7 @@ import models.annotation.AnnotationType.AnnotationType
 import play.api.libs.json._
 import slick.jdbc.GetResult._
 import slick.jdbc.PostgresProfile.api._
+import slick.jdbc.GetResult
 import slick.jdbc.TransactionIsolation.Serializable
 import slick.lifted.Rep
 import slick.sql.SqlAction
@@ -33,6 +34,7 @@ case class Annotation(
     name: String = "",
     viewConfiguration: Option[JsObject] = None,
     state: AnnotationState.Value = Active,
+    isLockedByUser: Boolean = false,
     tags: Set[String] = Set.empty,
     tracingTime: Option[Long] = None,
     typ: AnnotationType.Value = AnnotationType.Explorational,
@@ -84,6 +86,7 @@ case class AnnotationCompactInfo(id: ObjectId,
                                  modified: Instant,
                                  tags: Set[String],
                                  state: AnnotationState.Value = Active,
+                                 isLockedByUser: Boolean,
                                  dataSetName: String,
                                  visibility: AnnotationVisibility.Value = AnnotationVisibility.Internal,
                                  tracingTime: Option[Long] = None,
@@ -93,10 +96,6 @@ case class AnnotationCompactInfo(id: ObjectId,
                                  annotationLayerTypes: Seq[String],
                                  annotationLayerStatistics: Seq[JsObject])
 
-object AnnotationCompactInfo {
-  implicit val jsonFormat: Format[AnnotationCompactInfo] = Json.format[AnnotationCompactInfo]
-}
-
 class AnnotationLayerDAO @Inject()(SQLClient: SqlClient)(implicit ec: ExecutionContext)
     extends SimpleSQLDAO(SQLClient) {
 
@@ -218,6 +217,7 @@ class AnnotationDAO @Inject()(sqlClient: SqlClient, annotationLayerDAO: Annotati
         r.name,
         viewconfigurationOpt,
         state,
+        r.islockedbyuser,
         parseArrayLiteral(r.tags).toSet,
         r.tracingtime,
         typ,
@@ -322,6 +322,43 @@ class AnnotationDAO @Inject()(sqlClient: SqlClient, annotationLayerDAO: Annotati
     } yield parsed
   }
 
+  // Necessary since a tuple can only have 22 elements
+  implicit def GetResultAnnotationCompactInfo: GetResult[AnnotationCompactInfo] = GetResult { prs =>
+    import prs._
+
+    val id = <<[ObjectId]
+    val name = <<[String]
+    val description = <<[String]
+    val ownerId = <<[ObjectId]
+    val ownerFirstName = <<[String]
+    val ownerLastName = <<[String]
+    val othersMayEdit = <<[Boolean]
+    val teamIds = parseArrayLiteral(<<[String]).map(ObjectId(_))
+    val teamNames = parseArrayLiteral(<<[String])
+    val teamOrganizationIds = parseArrayLiteral(<<[String]).map(ObjectId(_))
+    val modified = <<[Instant]
+    val tags = parseArrayLiteral(<<[String]).toSet
+    val state = AnnotationState.fromString(<<[String]).getOrElse(AnnotationState.Active)
+    val isLockedByUser = <<[Boolean]
+    val dataSetName = <<[String]
+    val typ = AnnotationType.fromString(<<[String]).getOrElse(AnnotationType.Explorational)
+    val visibility = AnnotationVisibility.fromString(<<[String]).getOrElse(AnnotationVisibility.Internal)
+    val tracingTime = Option(<<[Long])
+    val organizationName = <<[String]
+    val tracingIds = parseArrayLiteral(<<[String])
+    val annotationLayerNames = parseArrayLiteral(<<[String])
+    val annotationLayerTypes = parseArrayLiteral(<<[String])
+    val annotationLayerStatistics =
+      parseArrayLiteral(<<[String]).map(layerStats => Json.parse(layerStats).validate[JsObject].getOrElse(Json.obj()))
+
+    // format: off
+    AnnotationCompactInfo(id, typ, name,description,ownerId,ownerFirstName,ownerLastName, othersMayEdit,teamIds,
+      teamNames,teamOrganizationIds,modified,tags,state,isLockedByUser,dataSetName,visibility,tracingTime,
+      organizationName,tracingIds,annotationLayerNames,annotationLayerTypes,annotationLayerStatistics
+    )
+    // format: on
+  }
+
   def findAllListableExplorationals(
       isFinished: Option[Boolean],
       forUser: Option[ObjectId],
@@ -366,6 +403,7 @@ class AnnotationDAO @Inject()(sqlClient: SqlClient, annotationLayerDAO: Annotati
                     a.modified,
                     a.tags,
                     a.state,
+                    a.isLockedByUser,
                     d.name,
                     a.typ,
                     a.visibility,
@@ -384,67 +422,15 @@ class AnnotationDAO @Inject()(sqlClient: SqlClient, annotationLayerDAO: Annotati
                   WHERE $stateQuery AND $accessQuery AND $userQuery AND $typQuery
                   GROUP BY
                     a._id, a.name, a.description, a._user, a.othersmayedit, a.modified,
-                    a.tags, a.state, a.typ, a.visibility, a.tracingtime,
+                    a.tags, a.state,  a.islockedbyuser, a.typ, a.visibility, a.tracingtime,
                     u.firstname, u.lastname,
                     teams_agg.team_ids, teams_agg.team_names, teams_agg.team_organization_ids,
                     d.name, o.name
                   ORDER BY a._id DESC
                   LIMIT $limit
                   OFFSET ${pageNumber * limit}"""
-      rows <- run(
-        query.as[
-          (ObjectId,
-           String,
-           String,
-           ObjectId,
-           String,
-           String,
-           Boolean,
-           String,
-           String,
-           String,
-           Instant,
-           String,
-           String,
-           String,
-           String,
-           String,
-           Long,
-           String,
-           String,
-           String,
-           String,
-           String)])
-    } yield
-      rows.toList.map(
-        r => {
-          AnnotationCompactInfo(
-            id = r._1,
-            name = r._2,
-            description = r._3,
-            ownerId = r._4,
-            ownerFirstName = r._5,
-            ownerLastName = r._6,
-            othersMayEdit = r._7,
-            teamIds = parseArrayLiteral(r._8).map(ObjectId(_)),
-            teamNames = parseArrayLiteral(r._9),
-            teamOrganizationIds = parseArrayLiteral(r._10).map(ObjectId(_)),
-            modified = r._11,
-            tags = parseArrayLiteral(r._12).toSet,
-            state = AnnotationState.fromString(r._13).getOrElse(AnnotationState.Active),
-            dataSetName = r._14,
-            typ = AnnotationType.fromString(r._15).getOrElse(AnnotationType.Explorational),
-            visibility = AnnotationVisibility.fromString(r._16).getOrElse(AnnotationVisibility.Internal),
-            tracingTime = Option(r._17),
-            organizationName = r._18,
-            tracingIds = parseArrayLiteral(r._19),
-            annotationLayerNames = parseArrayLiteral(r._20),
-            annotationLayerTypes = parseArrayLiteral(r._21),
-            annotationLayerStatistics = parseArrayLiteral(r._22).map(layerStats =>
-              Json.parse(layerStats).validate[JsObject].getOrElse(Json.obj()))
-          )
-        }
-      )
+      rows <- run(query.as[AnnotationCompactInfo])
+    } yield rows.toList
 
   def countAllListableExplorationals(isFinished: Option[Boolean])(implicit ctx: DBAccessContext): Fox[Long] = {
     val stateQuery = getStateQuery(isFinished)
@@ -692,6 +678,18 @@ class AnnotationDAO @Inject()(sqlClient: SqlClient, annotationLayerDAO: Annotati
       _ = logger.info(s"Updated state of Annotation $id to $state, access context: ${ctx.toStringAnonymous}")
     } yield ()
 
+  def updateLockedState(id: ObjectId, isLocked: Boolean)(implicit ctx: DBAccessContext): Fox[Unit] =
+    for {
+      _ <- assertUpdateAccess(id) ?~> "FAILED: AnnotationSQLDAO.assertUpdateAccess"
+      query = q"UPDATE webknossos.annotations SET isLockedByUser = $isLocked WHERE _id = $id".asUpdate
+      _ <- run(
+        query.withTransactionIsolation(Serializable),
+        retryCount = 50,
+        retryIfErrorContains = List(transactionSerializationError)) ?~> "FAILED: run in AnnotationSQLDAO.updateState"
+      _ = logger.info(
+        s"Updated isLockedByUser of Annotation $id to $isLocked, access context: ${ctx.toStringAnonymous}")
+    } yield ()
+
   def updateDescription(id: ObjectId, description: String)(implicit ctx: DBAccessContext): Fox[Unit] =
     for {
       _ <- assertUpdateAccess(id)

app/models/annotation/AnnotationRestrictions.scala

@@ -70,15 +70,15 @@ class AnnotationRestrictionDefaults @Inject()(userService: UserService)(implicit
           accessAllowed <- allowAccess(user)
         } yield
           user.exists { user =>
-            (annotation._user == user._id || accessAllowed && annotation.othersMayEdit) && !(annotation.state == Finished)
+            (annotation._user == user._id || accessAllowed && annotation.othersMayEdit) && !(annotation.state == Finished) && !annotation.isLockedByUser
           }
 
       override def allowFinish(userOption: Option[User]): Fox[Boolean] =
         (for {
           user <- option2Fox(userOption)
           isTeamManagerOrAdminOfTeam <- userService.isTeamManagerOrAdminOf(user, annotation._team)
         } yield {
-          (annotation._user == user._id || isTeamManagerOrAdminOfTeam) && !(annotation.state == Finished)
+          (annotation._user == user._id || isTeamManagerOrAdminOfTeam) && !(annotation.state == Finished) && !annotation.isLockedByUser
         }).orElse(Fox.successful(false))
 
       /* used in backend only to allow repeatable finish calls */
@@ -87,7 +87,7 @@ class AnnotationRestrictionDefaults @Inject()(userService: UserService)(implicit
           user <- option2Fox(userOption)
           isTeamManagerOrAdminOfTeam <- userService.isTeamManagerOrAdminOf(user, annotation._team)
         } yield {
-          annotation._user == user._id || isTeamManagerOrAdminOfTeam
+          (annotation._user == user._id || isTeamManagerOrAdminOfTeam) && !annotation.isLockedByUser
         }).orElse(Fox.successful(false))
     }
 

app/models/annotation/AnnotationService.scala

@@ -436,15 +436,6 @@ class AnnotationService @Inject()(
       _ <- annotationLayersDAO.replaceTracingId(annotation._id, volumeAnnotationLayer.tracingId, newVolumeTracingId)
     } yield ()
 
-  def addSegmentIndex(annotation: Annotation, volumeAnnotationLayer: AnnotationLayer)(
-      implicit ctx: DBAccessContext): Fox[Unit] =
-    for {
-      dataset <- datasetDAO.findOne(annotation._dataset) ?~> "dataset.notFoundForAnnotation"
-      _ <- bool2Fox(volumeAnnotationLayer.typ == AnnotationLayerType.Volume) ?~> "annotation.segmentIndex.volumeOnly"
-      rpcClient <- tracingStoreService.clientFor(dataset)
-      _ <- rpcClient.addSegmentIndex(volumeAnnotationLayer.tracingId, dryRun = false)
-    } yield ()
-
   // WARNING: needs to be repeatable, might be called multiple times for an annotation
   def finish(annotation: Annotation, user: User, restrictions: AnnotationRestrictions)(
       implicit ctx: DBAccessContext): Fox[String] = {
@@ -908,6 +899,7 @@ class AnnotationService @Inject()(
       Json.obj(
         "modified" -> annotation.modified,
         "state" -> annotation.state,
+        "isLockedByUser" -> annotation.isLockedByUser,
         "id" -> annotation.id,
         "name" -> annotation.name,
         "description" -> annotation.description,
@@ -1010,6 +1002,7 @@ class AnnotationService @Inject()(
       "description" -> annotationInfo.description,
       "typ" -> annotationInfo.typ,
       "stats" -> Json.obj(), // included for legacy parsers
+      "isLockedByUser" -> annotationInfo.isLockedByUser,
       "annotationLayers" -> annotationLayerJson,
       "dataSetName" -> annotationInfo.dataSetName,
       "organization" -> annotationInfo.organizationName,

conf/evolutions/114-annotation-locked-by-user.sql

@@ -0,0 +1,11 @@
+START TRANSACTION;
+
+do $$ begin ASSERT (select schemaVersion from webknossos.releaseInformation) = 113, 'Previous schema version mismatch'; end; $$ LANGUAGE plpgsql;
+
+DROP VIEW webknossos.annotations_;
+ALTER TABLE webknossos.annotations ADD isLockedByUser BOOLEAN NOT NULL DEFAULT FALSE;
+CREATE VIEW webknossos.annotations_ as SELECT * FROM webknossos.annotations WHERE NOT isDeleted;
+
+UPDATE webknossos.releaseInformation SET schemaVersion = 114;
+
+COMMIT TRANSACTION;

conf/messages

@@ -231,6 +231,11 @@ annotation.reopen.tooLate=The annotation cannot be reopened anymore, since it ha
 annotation.reopen.notAllowed=You are not allowed to reopen this annotation.
 annotation.reopen.notFinished=The requested annotation is not finished.
 annotation.reopen.failed=Failed to reopen the annotation.
+annotation.reopen.locked=This annotation is locked by the owner and therefore cannot be reopened.
+annotation.isLockedByUser.notAllowed=Only the owner of this annotation is allowed to change the locked state of an annotation.
+annotation.isLockedByUser.explorationalsOnly=Only explorational annotations can be locked.
+annotation.IsLockedByUser.failed=Changing the isLockedByUser state of the annotation failed.
+annotation.IsLockedByUser.success=The locking state of the annotation was successfully updated.
 annotation.sandbox.skeletonOnly=Sandbox annotations are currently available as skeleton only.
 annotation.multiLayers.skeleton.notImplemented=This feature is not implemented for annotations with more than one skeleton layer
 annotation.multiLayers.volume.notImplemented=This feature is not implemented for annotations with more than one volume layer