-
Notifications
You must be signed in to change notification settings - Fork 52
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issue 1199 add sharing permisions to sample types #1953
base: main
Are you sure you want to change the base?
Issue 1199 add sharing permisions to sample types #1953
Conversation
kdp-cloud
commented
Jul 10, 2024
- Users are now able to set policies with permissions.
- The current rules for viewing, editing and deleting should still remain the same.
- There is also a upgrade job that adds policies to the existing sample types.
Add extra constraints to being ISA-JSON compliant like must have a template id and must only be linked to ISA-JSON compliant investigations.
Since investigations can be associated through studies and assay. Better write a custom related_investigations method.
9c27d04
to
2a90c9b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the main problem is the mixing of explicit permissions then being over-ruled by the old implicit permissions
I've not checked the tests as these may be affected by changes
@@ -186,21 +215,22 @@ def find_sample_type | |||
@sample_type = scope.find(params[:id]) | |||
end | |||
|
|||
#intercepts the standard 'find_and_authorize_requested_item' for additional special check for a referring_sample_id | |||
# intercepts the standard 'find_and_authorize_requested_item' for additional special check for a referring_sample_id | |||
def authorize_requested_sample_type |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I feel this method is redundant now. If sharing permissions have been set explicitly I don't think we should be revealing hidden sample types based on linked sample any more.
|
||
def can_download?(user = User.current_user) | ||
can_view?(user) | ||
end | ||
def can_view?(user = User.current_user, referring_sample = nil, view_in_single_page = false) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this should left to the sharing permissions set now, rather than over-ruling them. I would confusing to users if they think they've set it to hidden but then find it is visible. Could also lead to mistrust that other items, such as data, they've set as private is magically being revealed without their knowledge.
I believe this was discussed in the samples working group and decided to leave it to the user to set sensible permissions
end | ||
|
||
def can_edit?(user = User.current_user) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
again, it should down to the sharing permissions set rather than over-ruling to make more permissive
@@ -5,7 +5,7 @@ module ContentBlobs | |||
module ClassMethods | |||
extend ActiveSupport::Concern | |||
included do | |||
after_destroy :mark_deleted_content_blobs | |||
after_destroy :mark_deleted_content_blobs, unless: -> { self.class == SampleType } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why not for sample types ?
st.update_column(:policy_id, st.assays.first.policy_id) if st.assays.any? | ||
st.update_column(:policy_id, st.studies.first.policy_id) if st.studies.any? | ||
else | ||
project = st.projects.first |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what about multiple projects ?
else | ||
project = st.projects.first | ||
if project.use_default_policy | ||
st.update_column(:policy_id, project.default_policy_id) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this will create a reference to the default policy, which will then also be changed if the ST sharing permissions are changed. I'm also not sure it's right
policy = Policy.new | ||
policy.name = 'default policy' | ||
policy.access_type = Policy::NO_ACCESS | ||
policy.permissions << Permission.create(contributor_type: Permission::PERSON, contributor: st.contributor, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
contributor will already have manage permissions by default
policy.access_type = Policy::NO_ACCESS | ||
policy.permissions << Permission.create(contributor_type: Permission::PERSON, contributor: st.contributor, | ||
access_type: Policy::MANAGING) | ||
project.people.each do |person| |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should just add the permission for the project, not each person.
@@ -235,6 +236,40 @@ namespace :seek do | |||
end | |||
end | |||
|
|||
task(add_policies_to_existing_sample_types: [:environment]) do |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think generally this needs a rethink and currently doesn't reflect the original permissions.
Would need checking more closely, but generally:
- make visible if linked to public samples, otherwise hidden
- add visible permissions for each project
- give manage rights to the project administrators