Fix permisson error in listGrouped in list datasets route

[MichaelBuessemeyer]

This pr fixes permission errors for listing datasets without compact=true. The error results from the access query including all public datasets and the code that groups the datasets by organization before serialization to json requesting the organization without a global access context. This causes the code not to find organizations that are included in the list due to public DS in their organizations. This makes the code crash.
For reference: Here the DSes are retrieved (including public DS):

webknossos/app/controllers/DatasetController.scala

Lines 189 to 199 in 24e4981

	datasetInfos <- datasetDAO.findAllCompactWithSearch(
	isActive,
	isUnreported,
	organizationIdOpt,
	folderIdValidated,
	uploaderIdValidated,
	searchQuery,
	request.identity.map(_._id),
	recursive.getOrElse(false),
	limitOpt = limit
	)

And here the orga of each DS (they are grouped by orga id at this point) is accessed:

webknossos/app/controllers/DatasetController.scala

Lines 239 to 241 in 24e4981

	_ = logger.info(s"byOrgaTuple orga: ${byOrgaTuple._1}, datasets: ${byOrgaTuple._2}")
	organization <- organizationDAO.findOne(byOrgaTuple._1) ?~> s"Could not find organization ${byOrgaTuple._1}"
	groupedByDataStore = byOrgaTuple._2.groupBy(_._dataStore).toList

=> This request fails if the previous ds listing includes datasets which are public and of an organization the user has no access to.

To fix this, I suggest making this request in a GlobalAccessContext as the previous DS listing takes care of only loading DS the user is allowed to see and the serialization of the DS does not include any sensitive information of the organization.

URL of deployed dev instance (used for testing):

• https://___.webknossos.xyz

Steps to test:

• Well ...
• Spin up 2 organizations
• For 1 have a public dataset
• log in as a user of the other organization
• test whether the <wk-url>/api/datasetsroute works

Issues:

• fixes https://scm.slack.com/archives/C5AKLAV0B/p1732725487545929?thread_ts=1732717609.114699&cid=C5AKLAV0B

---

(Please delete unneeded items, merge only when none are left open)

• Updated changelog

[coderabbitai]

📝 Walkthrough

📝 Walkthrough

Walkthrough

The changes in this pull request focus on the DatasetController class within the app/controllers/DatasetController.scala file. The modifications enhance the retrieval of organizations and data stores by integrating GlobalAccessContext into the listGrouped, read, and segmentAnythingMask methods. This ensures consistent access control during data retrieval operations. Additionally, the CHANGELOG.unreleased.md has been updated to reflect various unreleased user-facing changes, including enhancements in dataset management, error handling, and bug fixes.

Changes

File	Change Summary
app/controllers/DatasetController.scala	Updated method signatures for listGrouped, read, and segmentAnythingMask to use GlobalAccessContext internally.
CHANGELOG.unreleased.md	Updated to reflect unreleased changes including dataset management enhancements and bug fixes.

Possibly related PRs

• Fix accessing public datasets #8242: Modifies the read and segmentAnythingMask methods in the DatasetController, incorporating GlobalAccessContext.
• Add further debug logging for ds listing #8247: Adds logging and error handling improvements to the listGrouped method in the DatasetController.
• Add debug logging for dataset list route #8246: Enhances logging in the list method of the DatasetController, related to dataset retrieval processes.
• Remove logging to debug list dataset routes #8248: Undoes logging changes in the list and listGrouped methods of the DatasetController, indicating a direct relationship in context.

Suggested labels

urgent

Suggested reviewers

• normanrz

Poem

🐰 In the code where datasets play,
A context global leads the way.
With access clear, we fetch with glee,
Data flows like a hopping spree!
So let’s rejoice, and sing out loud,
For robust access makes us proud! 🎉

Warning

Rate limit exceeded

@MichaelBuessemeyer has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 4 minutes and 42 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 9a8227b and e400fa3.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (1)

app/controllers/DatasetController.scala (1)

239-241: Document the access control pattern

Consider adding documentation to explain the access control pattern, particularly why GlobalAccessContext is used for organization lookup while maintaining regular access control for datasets.

Add a comment like:

  private def listGrouped(datasets: List[Dataset], requestingUser: Option[User])(
      implicit ctx: DBAccessContext,
      m: MessagesProvider): Fox[List[JsObject]] =
+   // Note: GlobalAccessContext is used for organization lookup as we need to access
+   // organization information for public datasets, even when the user doesn't have
+   // direct access to the organization. Dataset access is still controlled via the
+   // regular context.
    for {

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 24e4981 and 15c940c.

📒 Files selected for processing (1)

• app/controllers/DatasetController.scala (1 hunks)

🔇 Additional comments (3)

app/controllers/DatasetController.scala (3)

240-240: LGTM! Using GlobalAccessContext for organization lookup

The change to use GlobalAccessContext for organization lookup is correct and addresses the permission error when accessing organizations associated with public datasets.

---

Line range hint 312-313: LGTM! Consistent use of GlobalAccessContext

The use of GlobalAccessContext for both organization and dataStore lookups is consistent with the fix pattern and maintains proper access control at the dataset level.

---

Line range hint 240-313: Verify consistent usage of GlobalAccessContext

Let's verify that the GlobalAccessContext pattern is consistently applied across the codebase for organization and datastore access.

✅ Verification successful

GlobalAccessContext usage is consistent across organization and datastore access

The verification results show that GlobalAccessContext is consistently used across the codebase for both organizationDAO.findOne and dataStoreDAO.findOne operations. The pattern in the reviewed code matches the global pattern, where:

• All organization lookups use organizationDAO.findOne(...)(GlobalAccessContext)
• All datastore lookups use dataStoreDAO.findOne[ByName](...)(GlobalAccessContext)

This consistent usage indicates that the code under review follows the established pattern for accessing these resources.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for organization and datastore access patterns
echo "Checking organization access patterns..."
rg "organizationDAO\.findOne.*GlobalAccessContext" -A 2
echo "Checking datastore access patterns..."
rg "dataStoreDAO\.findOne.*GlobalAccessContext" -A 2

Length of output: 13376

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (2)

app/controllers/DatasetController.scala (2)

Line range hint 15-17: Fix indentation in elif block.

The indentation is incorrect and inconsistent with Scala style guidelines. The elif block should be aligned with the if statement.

Apply this diff to fix the indentation:

    if loyalty_years >= 5:
      discount = 0.15
-    elif loyalty_years >= 3:
-      discount = 0.1
+    elif loyalty_years >= 3:
+      discount = 0.1

---

Line range hint 12-24: Review the discount and fee structure.

The current implementation could result in customers paying more after a discount due to the flat $20 fee. For example:

• Purchase of $100 with 10% discount = $90
• After $20 fee = $110 (more than original price)

Consider one of these alternatives:

1. Apply the fee before the discount
2. Scale the fee based on the purchase amount
3. Only apply the fee above a certain purchase threshold

Would you like me to propose a revised implementation that addresses these concerns?

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 9a8227b and e400fa3.

📒 Files selected for processing (1)

• app/controllers/DatasetController.scala (1 hunks)

🔇 Additional comments (2)

app/controllers/DatasetController.scala (2)

226-226: LGTM! This change correctly fixes the permission error.

The use of GlobalAccessContext here is appropriate as it allows fetching organization metadata for public datasets without requiring organization-level permissions, preventing the crash described in the PR objectives.

---

226-226: Consistent use of GlobalAccessContext across methods.

The same fix has been correctly applied to both listGrouped and read methods, ensuring consistent handling of organization metadata access throughout the codebase.

Also applies to: 264-264