Issue 1199 add sharing permisions to sample types #1953
Conversation
kdp-cloud
commented
Jul 10, 2024
kdp-cloud
commented
- Users are now able to set policies with permissions.
- The current rules for viewing, editing and deleting should still remain the same.
- There is also a upgrade job that adds policies to the existing sample types.
Add extra constraints to being ISA-JSON compliant like must have a template id and must only be linked to ISA-JSON compliant investigations.
Since investigations can be associated through studies and assay. Better write a custom related_investigations method.
kdp-cloud
force-pushed
the
issue_1199_add_sharing_permisions_to_sample_types
branch
from
9c27d04
to
2a90c9b
Compare
| @@ -186,21 +215,22 @@ def find_sample_type | |||
| @sample_type = scope.find(params[:id]) | |||
| end | |||
|
|
|||
| #intercepts the standard 'find_and_authorize_requested_item' for additional special check for a referring_sample_id | |||
| # intercepts the standard 'find_and_authorize_requested_item' for additional special check for a referring_sample_id | |||
| def authorize_requested_sample_type | |||
There was a problem hiding this comment.
I feel this method is redundant now. If sharing permissions have been set explicitly I don't think we should be revealing hidden sample types based on linked sample any more.
|
|
||
| def can_download?(user = User.current_user) | ||
| can_view?(user) | ||
| end | ||
| def can_view?(user = User.current_user, referring_sample = nil, view_in_single_page = false) |
There was a problem hiding this comment.
this should left to the sharing permissions set now, rather than over-ruling them. I would confusing to users if they think they've set it to hidden but then find it is visible. Could also lead to mistrust that other items, such as data, they've set as private is magically being revealed without their knowledge.
I believe this was discussed in the samples working group and decided to leave it to the user to set sensible permissions
| end | ||
|
|
||
| def can_edit?(user = User.current_user) |
There was a problem hiding this comment.
again, it should down to the sharing permissions set rather than over-ruling to make more permissive
| @@ -5,7 +5,7 @@ module ContentBlobs | |||
| module ClassMethods | |||
| extend ActiveSupport::Concern | |||
| included do | |||
| after_destroy :mark_deleted_content_blobs | |||
| after_destroy :mark_deleted_content_blobs, unless: -> { self.class == SampleType } | |||
| st.update_column(:policy_id, st.assays.first.policy_id) if st.assays.any? | ||
| st.update_column(:policy_id, st.studies.first.policy_id) if st.studies.any? | ||
| else | ||
| project = st.projects.first |
| else | ||
| project = st.projects.first | ||
| if project.use_default_policy | ||
| st.update_column(:policy_id, project.default_policy_id) |
There was a problem hiding this comment.
this will create a reference to the default policy, which will then also be changed if the ST sharing permissions are changed. I'm also not sure it's right
| policy = Policy.new | ||
| policy.name = 'default policy' | ||
| policy.access_type = Policy::NO_ACCESS | ||
| policy.permissions << Permission.create(contributor_type: Permission::PERSON, contributor: st.contributor, |
There was a problem hiding this comment.
contributor will already have manage permissions by default
| policy.access_type = Policy::NO_ACCESS | ||
| policy.permissions << Permission.create(contributor_type: Permission::PERSON, contributor: st.contributor, | ||
| access_type: Policy::MANAGING) | ||
| project.people.each do |person| |
There was a problem hiding this comment.
should just add the permission for the project, not each person.
| @@ -235,6 +236,40 @@ namespace :seek do | |||
| end | |||
| end | |||
|
|
|||
| task(add_policies_to_existing_sample_types: [:environment]) do | |||
There was a problem hiding this comment.
I think generally this needs a rethink and currently doesn't reflect the original permissions.
Would need checking more closely, but generally:
- make visible if linked to public samples, otherwise hidden
- add visible permissions for each project
- give manage rights to the project administrators
