Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RFC83: Add admin call to make virtual study available for all users on their landing pages #10829

Merged
merged 28 commits into from
Jul 10, 2024
Merged
Changes from 1 commit
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
25b34ae
Implement endpoints for public virtual studies
forus Jun 7, 2024
23bba70
Add possibility to specify cancer type id and pmi for virt. study dur…
forus Jun 12, 2024
d3c2f3c
Filter out forbidden study ids from virtual studies
forus Jun 13, 2024
f102f61
Do not allow set * user for user virtual study
forus Jun 13, 2024
fc78963
Add integration tests for (un)publishing virtual study
forus Jun 19, 2024
7cc1c16
Assert fields fo published virtual studies
forus Jun 19, 2024
f231dd9
Use recommended ways to inject dependencies in spring
forus Jun 20, 2024
c247aa9
Add issue link to session service FIXMEs
forus Jun 20, 2024
522bd8a
Fix sonar reported NPE bugs
forus Jun 20, 2024
7e86b34
Remove unnecessary checks for null
forus Jun 26, 2024
7f23ad0
Remove obsolete TODO comment
forus Jun 26, 2024
d81832f
Throw AccessForbiddenException and use GlobalExceptionHadler instead
forus Jun 26, 2024
837435d
Throw IllegalStateException is downstream server return unsuccessful …
forus Jun 26, 2024
bde0e62
Remove raw use of ResponseEntity
forus Jun 26, 2024
1f2dc38
Throw bad request exception instead of returning ResponseEntity
forus Jun 26, 2024
8d70521
Do not filter out VS when user does not hava access to underlying stu…
forus Jun 26, 2024
cc3a7ee
Fix integration tests
haynescd Jun 27, 2024
faaf3fa
Extract http calls to the session service to the handler
forus Jun 27, 2024
0e3e59b
Remove todo comment
forus Jun 27, 2024
5793671
Fix sonarcloud issues
forus Jun 27, 2024
67dcf90
Deduplicate ensuring publisher api key is correct
forus Jun 27, 2024
a72884a
Remove usage of generic wildcard type
forus Jun 27, 2024
ca1b3a9
Extract logic to update VS metadata fields into a method
forus Jun 27, 2024
8616737
Document publishing virtual study feature
forus Jun 28, 2024
3347010
Update docs/Create-And-Publish-Virtual-Study.md
forus Jul 2, 2024
4cd40c4
Publish virtual study by modifying it instead of making copy
forus Jul 2, 2024
b99e106
Improve name and docs of method to retrieve VS for user
forus Jul 2, 2024
84249a3
Assign VM after un-publshing to the owner
forus Jul 2, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Use recommended ways to inject dependencies in spring
forus committed Jul 10, 2024
commit f231dd930dabb2e8e27c286c425e36cb39aa6b45
Original file line number Diff line number Diff line change
@@ -5,24 +5,28 @@
import org.cbioportal.web.parameter.VirtualStudy;
import org.cbioportal.web.parameter.VirtualStudyData;
import org.cbioportal.web.parameter.VirtualStudySamples;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import org.springframework.stereotype.Service;

import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;

@Component
@Service
public class VirtualStudyPermissionService {
@Autowired(required = false)
private CancerStudyPermissionEvaluator cancerStudyPermissionEvaluator;

private final Optional<CancerStudyPermissionEvaluator> cancerStudyPermissionEvaluator;

public VirtualStudyPermissionService(Optional<CancerStudyPermissionEvaluator> cancerStudyPermissionEvaluator) {
this.cancerStudyPermissionEvaluator = cancerStudyPermissionEvaluator;
}

public void filterOutForbiddenStudies(List<VirtualStudy> virtualStudies) {
forus marked this conversation as resolved.
Show resolved Hide resolved
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication == null || cancerStudyPermissionEvaluator == null) {
if (authentication == null || cancerStudyPermissionEvaluator.isEmpty()) {
return;
}
Iterator<VirtualStudy> virtualStudyIterator = virtualStudies.iterator();
@@ -32,7 +36,7 @@ public void filterOutForbiddenStudies(List<VirtualStudy> virtualStudies) {

Set<VirtualStudySamples> filteredStudies = virtualStudyData.getStudies().stream()
.filter(study ->
cancerStudyPermissionEvaluator.hasPermission(authentication, study.getId(), "CancerStudyId", AccessLevel.READ))
cancerStudyPermissionEvaluator.get().hasPermission(authentication, study.getId(), "CancerStudyId", AccessLevel.READ))
.collect(Collectors.toSet());
if (filteredStudies.isEmpty()) {
virtualStudyIterator.remove();
@@ -43,7 +47,7 @@ public void filterOutForbiddenStudies(List<VirtualStudy> virtualStudies) {
StudyViewFilter studyViewFilter = virtualStudyData.getStudyViewFilter();
List<String> filteredStudyIds = studyViewFilter.getStudyIds().stream()
.filter(studyId ->
cancerStudyPermissionEvaluator.hasPermission(authentication, studyId, "CancerStudyId", AccessLevel.READ))
cancerStudyPermissionEvaluator.get().hasPermission(authentication, studyId, "CancerStudyId", AccessLevel.READ))
.toList();
virtualStudyData.getStudyViewFilter().setStudyIds(filteredStudyIds);
}
Original file line number Diff line number Diff line change
@@ -4,27 +4,21 @@
import io.swagger.v3.oas.annotations.media.Content;
import io.swagger.v3.oas.annotations.media.Schema;
import io.swagger.v3.oas.annotations.responses.ApiResponse;
import org.cbioportal.security.CancerStudyPermissionEvaluator;
import org.cbioportal.security.VirtualStudyPermissionService;
import org.cbioportal.service.CancerTypeService;
import org.cbioportal.service.exception.CancerTypeNotFoundException;
import org.cbioportal.service.util.SessionServiceRequestHandler;
import org.cbioportal.utils.security.AccessLevel;
import org.cbioportal.web.parameter.StudyViewFilter;
import org.cbioportal.web.parameter.VirtualStudy;
import org.cbioportal.web.parameter.VirtualStudyData;
import org.cbioportal.web.parameter.VirtualStudySamples;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.ParameterizedTypeReference;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.HttpStatusCode;
import org.springframework.http.ResponseEntity;
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
@@ -36,34 +30,41 @@
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.client.RestTemplate;

import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;

@Controller
@RequestMapping("/api/public_virtual_studies")
public class PublicVirtualStudiesController {

private static final Logger LOG = LoggerFactory.getLogger(PublicVirtualStudiesController.class);

@Value("${session.endpoint.publisher-api-key:}")
private String requiredPublisherApiKey;


public static final String ALL_USERS = "*";
@Autowired
SessionServiceRequestHandler sessionServiceRequestHandler;

@Value("${session.service.url:}")
private String sessionServiceURL;

@Autowired
private CancerTypeService cancerTypeService;

@Autowired
private VirtualStudyPermissionService virtualStudyPermissionService;

private final String requiredPublisherApiKey;

private final SessionServiceRequestHandler sessionServiceRequestHandler;

private final String sessionServiceURL;

private final CancerTypeService cancerTypeService;

private final VirtualStudyPermissionService virtualStudyPermissionService;

public PublicVirtualStudiesController(
@Value("${session.endpoint.publisher-api-key:}") String requiredPublisherApiKey,
SessionServiceRequestHandler sessionServiceRequestHandler,
@Value("${session.service.url:}") String sessionServiceURL,
CancerTypeService cancerTypeService,
VirtualStudyPermissionService virtualStudyPermissionService
) {
this.requiredPublisherApiKey = requiredPublisherApiKey;
this.sessionServiceRequestHandler = sessionServiceRequestHandler;
this.sessionServiceURL = sessionServiceURL;
this.cancerTypeService = cancerTypeService;
this.virtualStudyPermissionService = virtualStudyPermissionService;
}

@GetMapping
@ApiResponse(responseCode = "200", description = "OK", content = @Content(schema = @Schema(implementation = VirtualStudy.class)))
@@ -183,7 +184,7 @@ public ResponseEntity retractVirtualStudy(
" Replying with internal server error status code to the client.",
statusCode);
return new ResponseEntity<>(null, HttpStatus.INTERNAL_SERVER_ERROR);
}
}
VirtualStudy virtualStudy = responseEntity.getBody();
VirtualStudyData data = virtualStudy.getData();
data.setUsers(Collections.emptySet());