[HWORKS-2078] python client login on serverless should exclude projects not owner by the user (#506) (#507)

robzor92 · web-flow · commit e704179f0a56 · 2025-03-13T10:56:06.000+01:00
diff --git a/python/hopsworks/__init__.py b/python/hopsworks/__init__.py
@@ -341,7 +341,12 @@ def _get_cached_api_key_path():
 
 def _prompt_project(valid_connection, project, is_app):
     if project is None:
-        saas_projects = valid_connection._project_api._get_projects()
+        if is_app:
+            # On Serverless we filter out projects owned by other users to make sure automatic login
+            # without a prompt still happens when users add showcase projects created by other users
+            saas_projects = valid_connection._project_api._get_owned_projects()
+        else:
+            saas_projects = valid_connection._project_api._get_projects()
         if len(saas_projects) == 0:
             if is_app:
                 raise ProjectException("Could not find any project")
diff --git a/python/hopsworks_common/core/project_api.py b/python/hopsworks_common/core/project_api.py
@@ -37,19 +37,50 @@ def _exists(self, name: str):
         except RestAPIError:
             return False
 
-    def _get_projects(self):
-        """Get all projects accessible by the user.
+    def _get_owned_projects(self):
+        """Get all projects owned by the current user
 
         # Returns
             `List[Project]`: List of Project objects
         # Raises
-            `hopsworks.client.exceptions.RestAPIError`: If unable to get the projects
+            `hopsworks.client.exceptions.RestAPIError`: If unable to get the project teams
+        """
+        project_team_json = self._get_project_teams()
+        projects = []
+        if project_team_json:
+            # This information can be retrieved calling the /users/profile endpoint but is avoided as that
+            # requires an API key to have the USER scope which is not guaranteed on serverless
+            # Until there is a better solution this code is used to get the current user_id to check project ownership
+            current_user_uid = project_team_json[0]['user']['uid']
+            for project_team in project_team_json:
+                if project_team["project"]["owner"]["uid"] == current_user_uid:
+                    projects.append(self._get_project(project_team["project"]["name"]))
+        return projects
+
+
+    def _get_project_teams(self):
+        """Get all project teams for this user.
+
+        # Returns
+            `str`: List of Project teams
+        # Raises
+            `hopsworks.client.exceptions.RestAPIError`: If unable to get the project teams
         """
         _client = client.get_instance()
         path_params = [
             "project",
         ]
-        project_team_json = _client._send_request("GET", path_params)
+        return _client._send_request("GET", path_params)
+
+    def _get_projects(self):
+        """Get all projects accessible by the user.
+
+        # Returns
+            `List[Project]`: List of Project objects
+        # Raises
+            `hopsworks.client.exceptions.RestAPIError`: If unable to get the projects
+        """
+        project_team_json = self._get_project_teams()
         projects = []
         for project_team in project_team_json:
             projects.append(self._get_project(project_team["project"]["name"]))
