6 files changed, 90 insertions, 56 deletions
diff --git a/wqflask/base/trait.py b/wqflask/base/trait.py
index 7700ecd5..c2b8b910 100644
--- a/wqflask/base/trait.py
+++ b/wqflask/base/trait.py
@@ -42,11 +42,11 @@ def create_trait(**kw):
 
         if kw.get('dataset_name') != "Temp":
             if dataset.type == 'Publish':
-                permitted = check_resource_availability(dataset, kw.get('name'))
+                permissions = check_resource_availability(dataset, kw.get('name'))
             else:
-                permitted = check_resource_availability(dataset)
+                permissions = check_resource_availability(dataset)
 
-    if permitted != "no-access":
+    if "view" in permissions['data']:
         the_trait = GeneralTrait(**kw)
         if the_trait.dataset.type != "Temp":
 
@@ -382,9 +382,16 @@ def retrieve_trait_info(trait, dataset, get_qtl_info=False):
 
     resource_id = get_resource_id(dataset, trait.name)
     if dataset.type == 'Publish':
-        the_url = "http://localhost:8080/run-action?resource={}&user={}&branch=data&action=view".format(resource_id, g.user_session.user_id)
+        the_url = "http://localhost:8081/run-action?resource={}&user={}&branch=data&action=view".format(resource_id, g.user_session.user_id)
     else:
-        the_url = "http://localhost:8080/run-action?resource={}&user={}&branch=data&action=view&trait={}".format(resource_id, g.user_session.user_id, trait.name)
+        the_url = "http://localhost:8081/run-action?resource={}&user={}&branch=data&action=view&trait={}".format(resource_id, g.user_session.user_id, trait.name)
+
+    response = requests.get(the_url).content
+    if response.strip() == "no-access":
+        trait.view = False
+        return trait
+    else:
+        trait_info = json.loads(response)
 
     try:
         response = requests.get(the_url).content
diff --git a/wqflask/base/webqtlConfig.py b/wqflask/base/webqtlConfig.py
index 55407123..3d86bc22 100644
--- a/wqflask/base/webqtlConfig.py
+++ b/wqflask/base/webqtlConfig.py
@@ -17,6 +17,10 @@ DEBUG = 1
 #USER privilege
 USERDICT = {'guest':1,'user':2, 'admin':3, 'root':4}
 
+#Set privileges
+SUPER_PRIVILEGES = {'data': ['no-access', 'view', 'edit'], 'metadata': ['no-access', 'view', 'edit'], 'admin': ['not-admin', 'edit-access', 'edit-admins']}
+DEFAULT_PRIVILEGES = {'data': ['no-access', 'view'], 'metadata': ['no-access', 'view'], 'admin': ['not-admin']}
+
 #minimum number of informative strains
 KMININFORMATIVE = 5
 
diff --git a/wqflask/maintenance/set_resource_defaults.py b/wqflask/maintenance/set_resource_defaults.py
index 0c221bbf..ddb3b17b 100644
--- a/wqflask/maintenance/set_resource_defaults.py
+++ b/wqflask/maintenance/set_resource_defaults.py
@@ -68,9 +68,13 @@ def insert_probeset_resources(default_owner_id):
         resource_ob['data'] = { "dataset" : str(resource[0])}
         resource_ob['type'] = "dataset-probeset"
         if resource[2] < 1 and resource[3] > 0:
-            resource_ob['default_mask'] = { "data": "view" }
+            resource_ob['default_mask'] = { "data": "view",
+                                            "metadata": "view",
+                                            "admin": "not-admin"}
         else:
-            resource_ob['default_mask'] = { "data": "no-access" }
+            resource_ob['default_mask'] = { "data": "no-access",
+                                            "metadata": "no-access",
+                                            "admin": "not-admin"}
         resource_ob['group_masks'] = {}
 
         add_resource(resource_ob)
@@ -98,7 +102,9 @@ def insert_publish_resources(default_owner_id):
             resource_ob['data'] = { "dataset" : str(resource[1]) ,
                                     "trait"   : str(resource[0])}
             resource_ob['type'] = "dataset-publish"
-            resource_ob['default_mask'] = { "data": "view" }
+            resource_ob['default_mask'] = { "data": "view",
+                                            "metadata": "view",
+                                            "admin": "not-admin"}
 
             resource_ob['group_masks'] = {}
 
@@ -124,9 +130,13 @@ def insert_geno_resources(default_owner_id):
         resource_ob['data'] = { "dataset" : str(resource[0]) }
         resource_ob['type'] = "dataset-geno"
         if resource[2] < 1:
-            resource_ob['default_mask'] = { "data": "view" }
+            resource_ob['default_mask'] = { "data": "view",
+                                            "metadata": "view",
+                                            "admin": "not-admin"}
         else:
-            resource_ob['default_mask'] = { "data": "no-access" }
+            resource_ob['default_mask'] = { "data": "no-access",
+                                            "metadata": "no-access",
+                                            "admin": "not-admin"}
         resource_ob['group_masks'] = {}
 
         add_resource(resource_ob)
diff --git a/wqflask/utility/authentication_tools.py b/wqflask/utility/authentication_tools.py
index dfa0e2d9..6c88949b 100644
--- a/wqflask/utility/authentication_tools.py
+++ b/wqflask/utility/authentication_tools.py
@@ -3,7 +3,7 @@ from __future__ import absolute_import, print_function, division
 import json
 import requests
 
-from base import data_set
+from base import data_set, webqtlConfig
 
 from utility import hmac
 from utility.redis_tools import get_redis_conn, get_resource_info, get_resource_id
@@ -18,45 +18,47 @@ def check_resource_availability(dataset, trait_id=None):
 
     #ZS: Check if super-user - we should probably come up with some way to integrate this into the proxy
     if g.user_session.user_id in Redis.smembers("super_users"):
-        return "edit"
+       return webqtlConfig.SUPER_PRIVILEGES
 
-    resource_id = get_resource_id(dataset, trait_id)
     response = None
-    if resource_id:
-        resource_info = get_resource_info(resource_id)
-
-        the_url = "http://localhost:8080/available?resource={}&user={}".format(resource_id, g.user_session.user_id)
-        try:
-            response = json.loads(requests.get(the_url).content)['data']
-        except:
-            response = resource_info['default_mask']['data']
 
-        if 'edit' in response:
-            return "edit"
-        elif 'view' in response:
-            return "view"
-        else:
-            return "no-access"
+    #At least for now assume temporary entered traits are accessible#At least for now assume temporary entered traits are accessible
+    if type(dataset) == str:
+        return webqtlConfig.DEFAULT_PRIVILEGES
+    if dataset.type == "Temp":
+        return webqtlConfig.DEFAULT_PRIVILEGES
 
-    return False
+    resource_id = get_resource_id(dataset, trait_id)
 
-def check_admin(resource_id=None):
+    if resource_id:
+        resource_info = get_resource_info(resource_id)
+    else:
+        return response #ZS: Need to substitute in something that creates the resource in Redis later
 
-    return "not-admin"
+    the_url = "http://localhost:8081/available?resource={}&user={}".format(resource_id, g.user_session.user_id)
+    try:
+        response = json.loads(requests.get(the_url).content)
+    except:
+        response = resource_info['default_mask']
 
-    # ZS: commented out until proxy can return this
-    # the_url = "http://localhost:8080/available?resource={}&user={}".format(resource_id, g.user_session.user_id)
-    # try:
-    #     response = json.loads(requests.get(the_url).content)
-    # except:
-    #     response = resource_info['default_mask']['admin']
+    if response:
+        return response
+    else: #ZS: No idea how this would happen, but just in case
+        return False
 
-    # if 'edit-admins' in response:
-    #     return "edit-admins"
-    # elif 'edit-access' in response:
-    #     return "edit-access"
-    # else:
-    #     return "not-admin"
+def check_admin(resource_id=None):
+    the_url = "http://localhost:8081/available?resource={}&user={}".format(resource_id, g.user_session.user_id)
+    try:
+        response = json.loads(requests.get(the_url).content)['admin']
+    except:
+        response = resource_info['default_mask']['admin']
+
+    if 'edit-admins' in response:
+        return "edit-admins"
+    elif 'edit-access' in response:
+        return "edit-access"
+    else:
+        return "not-admin"
 
 def check_owner(dataset=None, trait_id=None, resource_id=None):
     if resource_id:
@@ -74,15 +76,18 @@ def check_owner(dataset=None, trait_id=None, resource_id=None):
 
 def check_owner_or_admin(dataset=None, trait_id=None, resource_id=None):
     if not resource_id:
-        resource_id = get_resource_id(dataset, trait_id)
+        if dataset.type == "Temp":
+            return "not-admin"
+        else:
+            resource_id = get_resource_id(dataset, trait_id)
 
     if g.user_session.user_id in Redis.smembers("super_users"):
-        return [resource_id, "owner"]
+        return "owner"
 
     resource_info = get_resource_info(resource_id)
     if g.user_session.user_id == resource_info['owner_id']:
-        return [resource_id, "owner"]
+        return "owner"
     else:
-        return [resource_id, check_admin(resource_id)]
+        return check_admin(resource_id)
 
-    return [resource_id, "not-admin"]
-\ No newline at end of file
+    return "not-admin"
+\ No newline at end of file
diff --git a/wqflask/wqflask/resource_manager.py b/wqflask/wqflask/resource_manager.py
index 0f9f5c9d..39a07310 100644
--- a/wqflask/wqflask/resource_manager.py
+++ b/wqflask/wqflask/resource_manager.py
@@ -18,7 +18,7 @@ def manage_resource():
     params = request.form if request.form else request.args
     if 'resource_id' in request.args:
         resource_id = request.args['resource_id']
-        admin_status = check_owner_or_admin(resource_id=resource_id)[1]
+        admin_status = check_owner_or_admin(resource_id=resource_id)
 
         resource_info = get_resource_info(resource_id)
         group_masks = resource_info['group_masks']
@@ -67,7 +67,7 @@ def search_for_groups():
 def change_owner():
     resource_id = request.form['resource_id']
     if 'new_owner' in request.form:
-        admin_status = check_owner_or_admin(resource_id=resource_id)[1]
+        admin_status = check_owner_or_admin(resource_id=resource_id)
         if admin_status == "owner":
             new_owner_id = request.form['new_owner']
             change_resource_owner(resource_id, new_owner_id)
@@ -100,7 +100,7 @@ def change_default_privileges():
 @app.route("/resources/add_group", methods=('POST',))
 def add_group_to_resource():
     resource_id = request.form['resource_id']
-    admin_status = check_owner_or_admin(resource_id=resource_id)[1]
+    admin_status = check_owner_or_admin(resource_id=resource_id)
     if admin_status == "owner" or admin_status == "edit-admins" or admin_status == "edit-access":
         if 'selected_group' in request.form:
             group_id = request.form['selected_group']
diff --git a/wqflask/wqflask/views.py b/wqflask/wqflask/views.py
index dc431aa9..bc01839b 100644
--- a/wqflask/wqflask/views.py
+++ b/wqflask/wqflask/views.py
@@ -96,13 +96,21 @@ def check_access_permissions():
             pass
     else:
         if 'dataset' in request.args:
-            dataset = create_dataset(request.args['dataset'])
-            if 'trait_id' in request.args:
-                available = check_resource_availability(dataset, request.args['trait_id'])
+            if request.args['dataset'] == "Temp":
+                permissions = check_resource_availability("Temp")
             else:
-                available = check_resource_availability(dataset)
-
-            if available == "no-access":
+                dataset = create_dataset(request.args['dataset'])
+
+                if dataset.type == "Temp":
+                    permissions = False
+                if 'trait_id' in request.args:
+                    permissions = check_resource_availability(dataset, request.args['trait_id'])
+                elif dataset.type != "Publish":
+                    permissions = check_resource_availability(dataset)
+                else:
+                    return None
+
+            if 'view' not in permissions['data']:
                 return redirect(url_for("no_access_page"))
 
 @app.teardown_appcontext