Merge remote-tracking branch 'openms/main'

Author: t0mdavid-m

.gitignore

@@ -11,3 +11,4 @@ python*
 **/__pycache__/
 gdpr_consent/node_modules/
 *~
+.streamlit/secrets.toml

.streamlit/secrets.toml.example

@@ -0,0 +1,8 @@
+# Streamlit Secrets Configuration
+# Copy this file to secrets.toml and fill in your values.
+# IMPORTANT: Never commit secrets.toml to version control!
+
+[admin]
+# Password required to save workspaces as demo workspaces (online mode only)
+# Set a strong, unique password here
+password = "your-secure-admin-password-here"

src/common/admin.py

@@ -0,0 +1,151 @@
+"""
+Admin utilities for the Streamlit template.
+
+Provides functionality for admin-only operations like saving workspaces as demos.
+"""
+
+import hmac
+import shutil
+from pathlib import Path
+
+import streamlit as st
+
+
+def is_admin_configured() -> bool:
+    """
+    Check if admin password is configured in Streamlit secrets.
+
+    Returns:
+        bool: True if admin password is configured, False otherwise.
+    """
+    try:
+        return bool(st.secrets.get("admin", {}).get("password"))
+    except (FileNotFoundError, KeyError):
+        return False
+
+
+def verify_admin_password(password: str) -> bool:
+    """
+    Verify the provided password against the configured admin password.
+
+    Uses constant-time comparison to prevent timing attacks.
+
+    Args:
+        password: The password to verify.
+
+    Returns:
+        bool: True if password matches, False otherwise.
+    """
+    if not is_admin_configured():
+        return False
+
+    try:
+        stored_password = st.secrets["admin"]["password"]
+        # Use constant-time comparison for security
+        return hmac.compare_digest(password, stored_password)
+    except (FileNotFoundError, KeyError):
+        return False
+
+
+def get_demo_target_dir() -> Path:
+    """
+    Get the directory where demo workspaces are stored.
+
+    Returns:
+        Path: The demo workspaces directory.
+    """
+    return Path("example-data/workspaces")
+
+
+def demo_exists(demo_name: str) -> bool:
+    """
+    Check if a demo workspace with the given name already exists.
+
+    Args:
+        demo_name: Name of the demo to check.
+
+    Returns:
+        bool: True if demo exists, False otherwise.
+    """
+    target_dir = get_demo_target_dir()
+    demo_path = target_dir / demo_name
+    return demo_path.exists()
+
+
+def _remove_directory_with_symlinks(path: Path) -> None:
+    """
+    Remove a directory that may contain symlinks.
+
+    Handles symlinks properly by removing them without following.
+
+    Args:
+        path: Path to the directory to remove.
+    """
+    if not path.exists():
+        return
+
+    for item in path.rglob("*"):
+        if item.is_symlink():
+            item.unlink()
+
+    # Now remove the rest normally
+    if path.exists():
+        shutil.rmtree(path)
+
+
+def save_workspace_as_demo(workspace_path: Path, demo_name: str) -> tuple[bool, str]:
+    """
+    Save the current workspace as a demo workspace.
+
+    Copies all files from the workspace to the demo directory, following symlinks
+    to copy actual file contents rather than symlink references.
+
+    Args:
+        workspace_path: Path to the source workspace.
+        demo_name: Name for the new demo workspace.
+
+    Returns:
+        tuple[bool, str]: (success, message) tuple indicating result.
+    """
+    # Deferred import to avoid circular dependency with common.py
+    from src.common.common import is_safe_workspace_name
+
+    # Validate demo name
+    if not demo_name:
+        return False, "Demo name cannot be empty."
+
+    if not is_safe_workspace_name(demo_name):
+        return False, "Invalid demo name. Avoid path separators and special characters."
+
+    # Validate source workspace exists
+    if not workspace_path.exists():
+        return False, "Source workspace does not exist."
+
+    # Get target directory
+    target_dir = get_demo_target_dir()
+    demo_path = target_dir / demo_name
+
+    try:
+        # Ensure parent directory exists
+        target_dir.mkdir(parents=True, exist_ok=True)
+
+        # Remove existing demo if it exists (handles symlinks properly)
+        if demo_path.exists():
+            _remove_directory_with_symlinks(demo_path)
+
+        # Copy workspace to demo directory, following symlinks to get actual files
+        shutil.copytree(
+            workspace_path,
+            demo_path,
+            symlinks=False,  # Follow symlinks, copy actual files
+            dirs_exist_ok=False
+        )
+
+        return True, f"Workspace saved as demo '{demo_name}' successfully."
+
+    except PermissionError:
+        return False, "Permission denied. Cannot write to demo directory."
+    except OSError as e:
+        return False, f"Failed to save demo: {str(e)}"
+    except Exception as e:
+        return False, f"Unexpected error: {str(e)}"

src/common/common.py

@@ -21,6 +21,12 @@
     TK_AVAILABLE = False
 
 from src.common.captcha_ import captcha_control
+from src.common.admin import (
+    is_admin_configured,
+    verify_admin_password,
+    demo_exists,
+    save_workspace_as_demo,
+)
 
 # Detect system platform
 OS_PLATFORM = sys.platform
@@ -122,6 +128,8 @@ def _symlink_tree(source: Path, target: Path) -> None:
 
     Creates real directories but symlinks individual files, allowing users to
     add new files to workspace directories without affecting the original.
+    params.json and .ini files are copied instead of symlinked so they can be
+    modified independently.
 
     Args:
         source: Source directory path.
@@ -132,6 +140,9 @@ def _symlink_tree(source: Path, target: Path) -> None:
         target_item = target / item.name
         if item.is_dir():
             _symlink_tree(item, target_item)
+        elif item.name == "params.json" or item.suffix == ".ini":
+            # Copy config files so they can be modified independently
+            shutil.copy2(item, target_item)
         else:
             # Create symlink to the source file
             target_item.symlink_to(item.resolve())
@@ -610,14 +621,83 @@ def change_workspace():
                                     else:
                                         if target.exists():
                                             target.unlink()
-                                        if OS_PLATFORM == "linux":
+                                        # Copy config files so they can be modified independently
+                                        if OS_PLATFORM == "linux" and item.name != "params.json" and item.suffix != ".ini":
                                             target.symlink_to(item.resolve())
                                         else:
                                             shutil.copy2(item, target)
                                 st.success(f"Demo data '{selected_demo}' loaded!")
                                 time.sleep(1)
                                 st.rerun()
 
+                # Save as Demo section (online mode only)
+                with st.expander("💾 **Save as Demo**"):
+                    st.caption("Save current workspace as a demo for others to use")
+
+                    demo_name_input = st.text_input(
+                        "Demo name",
+                        key="save-demo-name",
+                        placeholder="e.g., workshop-2024",
+                        help="Name for the demo workspace (no spaces or special characters)"
+                    )
+
+                    # Check if demo already exists
+                    demo_name_clean = demo_name_input.strip() if demo_name_input else ""
+                    existing_demo = demo_exists(demo_name_clean) if demo_name_clean else False
+
+                    if existing_demo:
+                        st.warning(f"Demo '{demo_name_clean}' already exists and will be overwritten.")
+                        confirm_overwrite = st.checkbox(
+                            "Confirm overwrite",
+                            key="confirm-demo-overwrite"
+                        )
+                    else:
+                        confirm_overwrite = True  # No confirmation needed for new demos
+
+                    if st.button("Save as Demo", key="save-demo-btn", disabled=not demo_name_clean):
+                        if not is_admin_configured():
+                            st.error(
+                                "Admin not configured. Create `.streamlit/secrets.toml` with "
+                                "an `[admin]` section containing `password = \"your-password\"`"
+                            )
+                        elif existing_demo and not confirm_overwrite:
+                            st.error("Please confirm overwrite to continue.")
+                        else:
+                            # Show password dialog
+                            st.session_state["show_admin_password_dialog"] = True
+
+                    # Password dialog (shown after clicking Save as Demo)
+                    if st.session_state.get("show_admin_password_dialog", False):
+                        admin_password = st.text_input(
+                            "Admin password",
+                            type="password",
+                            key="admin-password-input",
+                            help="Enter the admin password to save this workspace as a demo"
+                        )
+
+                        col1, col2 = st.columns(2)
+                        with col1:
+                            if st.button("Confirm", key="confirm-save-demo"):
+                                if verify_admin_password(admin_password):
+                                    success, message = save_workspace_as_demo(
+                                        st.session_state.workspace,
+                                        demo_name_clean
+                                    )
+                                    if success:
+                                        st.success(message)
+                                        st.session_state["show_admin_password_dialog"] = False
+                                        time.sleep(1)
+                                        st.rerun()
+                                    else:
+                                        st.error(message)
+                                else:
+                                    st.error("Invalid admin password.")
+
+                        with col2:
+                            if st.button("Cancel", key="cancel-save-demo"):
+                                st.session_state["show_admin_password_dialog"] = False
+                                st.rerun()
+
         # All pages have settings, workflow indicator and logo
         with st.expander("⚙️ **Settings**"):
             img_formats = ["svg", "png", "jpeg", "webp"]

src/workflow/CommandExecutor.py

@@ -153,7 +153,7 @@ def read_stderr():
             try:
                 for line in iter(process.stderr.readline, ''):
                     if line:
-                        self.logger.log(f"STDERR: {line.rstrip()}", 2)
+                        self.logger.log(f"STDERR: {line.rstrip()}", 0)
                     if process.poll() is not None:
                         break
             except Exception as e: