From 05628e484fb238cea6ac3267be959b2bb0702c61 Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Thu, 27 Oct 2022 12:20:35 +0300
Subject: Refactor: Pass user id to `check_resource_availability`

* Pass the user_id for the current user to the
  `check_resource_availability` function as an argument, rather than
  using the global `g.user_session.user_id` value.
---
 wqflask/base/trait.py                                   |  5 +++--
 wqflask/tests/unit/utility/test_authentication_tools.py | 12 +++++++-----
 wqflask/utility/authentication_tools.py                 |  9 +++------
 wqflask/wqflask/correlation/show_corr_results.py        |  1 -
 wqflask/wqflask/gsearch.py                              |  5 +++--
 wqflask/wqflask/search_results.py                       |  5 ++++-
 6 files changed, 20 insertions(+), 17 deletions(-)

diff --git a/wqflask/base/trait.py b/wqflask/base/trait.py
index dcd81085..4352c527 100644
--- a/wqflask/base/trait.py
+++ b/wqflask/base/trait.py
@@ -44,9 +44,10 @@ def create_trait(**kw):
 
     if dataset.type == 'Publish':
         permissions = check_resource_availability(
-            dataset, kw.get('name'))
+            dataset, g.user_session.user_id, kw.get('name'))
     else:
-        permissions = check_resource_availability(dataset)
+        permissions = check_resource_availability(
+            dataset, g.user_session.user_id)
 
 
     if permissions['data'] != "no-access":
diff --git a/wqflask/tests/unit/utility/test_authentication_tools.py b/wqflask/tests/unit/utility/test_authentication_tools.py
index 024ab43f..fb8de292 100644
--- a/wqflask/tests/unit/utility/test_authentication_tools.py
+++ b/wqflask/tests/unit/utility/test_authentication_tools.py
@@ -21,6 +21,8 @@ class TestUser:
         """Mockes user id. Used in Flask.g.user_session.user_id"""
         return b"Jane"
 
+user_id = b"Jane"
+
 
 class TestUserSession:
     """Mock user session"""
@@ -52,7 +54,7 @@ class TestCheckResourceAvailability(unittest.TestCase):
         test_dataset = mock.MagicMock()
         type(test_dataset).type = mock.PropertyMock(return_value="Test")
         add_new_resource_mock.return_value = {"default_mask": 2}
-        self.assertEqual(check_resource_availability(test_dataset), 2)
+        self.assertEqual(check_resource_availability(test_dataset, user_id), 2)
 
     @mock.patch('utility.authentication_tools.requests.get')
     @mock.patch('utility.authentication_tools.add_new_resource')
@@ -72,7 +74,7 @@ class TestCheckResourceAvailability(unittest.TestCase):
         requests_mock.return_value = TestResponse()
         test_dataset = mock.MagicMock()
         type(test_dataset).type = mock.PropertyMock(return_value="Test")
-        self.assertEqual(check_resource_availability(test_dataset),
+        self.assertEqual(check_resource_availability(test_dataset, user_id),
                          ['foo'])
 
     @mock.patch('utility.authentication_tools.webqtlConfig.SUPER_PRIVILEGES',
@@ -95,14 +97,14 @@ class TestCheckResourceAvailability(unittest.TestCase):
         requests_mock.return_value = TestResponse()
         test_dataset = mock.MagicMock()
         type(test_dataset).type = mock.PropertyMock(return_value="Test")
-        self.assertEqual(check_resource_availability(test_dataset),
+        self.assertEqual(check_resource_availability(test_dataset, user_id),
                          "SUPERUSER")
 
     @mock.patch('utility.authentication_tools.webqtlConfig.DEFAULT_PRIVILEGES',
                 "John Doe")
     def test_check_resource_availability_string_dataset(self):
         """Test the resource availability if the dataset is a string"""
-        self.assertEqual(check_resource_availability("Test"),
+        self.assertEqual(check_resource_availability("Test", user_id),
                          "John Doe")
 
     @mock.patch('utility.authentication_tools.webqtlConfig.DEFAULT_PRIVILEGES',
@@ -111,7 +113,7 @@ class TestCheckResourceAvailability(unittest.TestCase):
         """Test the resource availability if the dataset is a string"""
         test_dataset = mock.MagicMock()
         type(test_dataset).type = mock.PropertyMock(return_value="Temp")
-        self.assertEqual(check_resource_availability(test_dataset),
+        self.assertEqual(check_resource_availability(test_dataset, user_id),
                          "John Doe")
 
 
diff --git a/wqflask/utility/authentication_tools.py b/wqflask/utility/authentication_tools.py
index a8c03fe2..7d80b3fb 100644
--- a/wqflask/utility/authentication_tools.py
+++ b/wqflask/utility/authentication_tools.py
@@ -13,7 +13,7 @@ from utility.tools import GN_PROXY_URL
 
 Redis = get_redis_conn()
 
-def check_resource_availability(dataset, trait_id=None):
+def check_resource_availability(dataset, user_id, trait_id=None):
     # At least for now assume temporary entered traits are accessible
     if type(dataset) == str or dataset.type == "Temp":
         return webqtlConfig.DEFAULT_PRIVILEGES
@@ -33,14 +33,11 @@ def check_resource_availability(dataset, trait_id=None):
 
     # Check if super-user - we should probably come up with some
     # way to integrate this into the proxy
-    if g.user_session.user_id in Redis.smembers("super_users"):
+    if user_id in Redis.smembers("super_users"):
         return webqtlConfig.SUPER_PRIVILEGES
 
     response = None
-
-    the_url = GN_PROXY_URL + "available?resource={}&user={}".format(
-        resource_id, g.user_session.user_id)
-
+    the_url = f"{GN_PROXY_URL}available?resource={resource_id}&user={user_id}"
     try:
         response = json.loads(requests.get(the_url).content)
     except:
diff --git a/wqflask/wqflask/correlation/show_corr_results.py b/wqflask/wqflask/correlation/show_corr_results.py
index cda34bee..d3e50972 100644
--- a/wqflask/wqflask/correlation/show_corr_results.py
+++ b/wqflask/wqflask/correlation/show_corr_results.py
@@ -29,7 +29,6 @@ from base.webqtlConfig import TMPDIR
 from wqflask.correlation.pre_computes import fetch_all_cached_metadata
 from wqflask.correlation.pre_computes import cache_new_traits_metadata
 
-from utility.authentication_tools import check_resource_availability
 from utility import hmac
 from utility.type_checking import get_float, get_int, get_string
 
diff --git a/wqflask/wqflask/gsearch.py b/wqflask/wqflask/gsearch.py
index 202d2670..a1b3c5c4 100644
--- a/wqflask/wqflask/gsearch.py
+++ b/wqflask/wqflask/gsearch.py
@@ -4,8 +4,9 @@ from pymonad.maybe import Just, Maybe
 from pymonad.tools import curry
 import requests
 
-from gn3.monads import MonadicDict
-from utility.tools import GN3_LOCAL_URL
+from base import webqtlConfig
+from utility.monads import MonadicDict
+from wqflask.database import xapian_database
 
 # KLUDGE: Due to the lack of pagination, we hard-limit the maximum
 # number of search results.
diff --git a/wqflask/wqflask/search_results.py b/wqflask/wqflask/search_results.py
index fd2b97d7..5019f156 100644
--- a/wqflask/wqflask/search_results.py
+++ b/wqflask/wqflask/search_results.py
@@ -6,6 +6,8 @@ import re
 
 import json
 
+from flask import g
+
 from base.data_set import create_dataset
 from base.webqtlConfig import PUBMEDLINK_URL
 from wqflask import parser
@@ -137,7 +139,8 @@ class SearchResultPage:
                 # Check permissions on a trait-by-trait basis for phenotype traits
                 trait_dict['name'] = trait_dict['display_name'] = str(result[0])
                 trait_dict['hmac'] = hmac.data_hmac('{}:{}'.format(trait_dict['name'], trait_dict['dataset']))
-                permissions = check_resource_availability(self.dataset, trait_dict['display_name'])
+                permissions = check_resource_availability(
+                    self.dataset, g.user_session.user_id, trait_dict['display_name'])
                 if not any(x in permissions['data'] for x in ["view", "edit"]):
                     continue
 
-- 
cgit v1.2.3