From 45856ad45a84f75c361396477946de7bd46a64f5 Mon Sep 17 00:00:00 2001
From: zsloan
Date: Wed, 1 Mar 2023 18:19:08 +0000
Subject: Show the log2 of the Mean column when Mean > 100 for Gene global
 search

---
 wqflask/wqflask/templates/gsearch_gene.html | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/wqflask/wqflask/templates/gsearch_gene.html b/wqflask/wqflask/templates/gsearch_gene.html
index 03e5019c..6bc92377 100644
--- a/wqflask/wqflask/templates/gsearch_gene.html
+++ b/wqflask/wqflask/templates/gsearch_gene.html
@@ -175,8 +175,15 @@
                 'orderSequence': [ "desc", "asc"],
                 'width': "30px",
                 'targets': 10,
-                'data': "mean",
-                'defaultContent': "N/A"
+                'data': null,
+                'defaultContent': "N/A",
+                'render': function(data) {
+                  if (data.mean > 100) {
+                    return Math.log2(data.mean).toFixed(3)
+                  } else {
+                    return data.mean
+                  }
+                }
               },
               {
                 'title': "<div style='text-align: right; padding-right: 10px;'>Peak</div> <div style='text-align: right;'>-logP <a href=\"{{ url_for('glossary_blueprint.glossary') }}#LRS\" target=\"_blank\" style=\"color: white;\"><sup>?</sup></a></div>",
-- 
cgit v1.2.3


From f6aefe82ad1eb1163cdaadf598dc2cebe91569b4 Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Fri, 3 Mar 2023 10:51:15 +0300
Subject: oauth2: enable creation and listing of group roles.

---
 wqflask/wqflask/oauth2/roles.py                   | 76 +++++++++++++++++++++--
 wqflask/wqflask/templates/oauth2/create-role.html | 46 ++++++++++++++
 wqflask/wqflask/templates/oauth2/list_roles.html  | 58 ++++++++++++++++-
 3 files changed, 174 insertions(+), 6 deletions(-)
 create mode 100644 wqflask/wqflask/templates/oauth2/create-role.html

diff --git a/wqflask/wqflask/oauth2/roles.py b/wqflask/wqflask/oauth2/roles.py
index 0b181264..c9493a1e 100644
--- a/wqflask/wqflask/oauth2/roles.py
+++ b/wqflask/wqflask/oauth2/roles.py
@@ -1,22 +1,38 @@
 """Handle role endpoints"""
 import uuid
 
-from flask import Blueprint, render_template
+from flask import flash, request, url_for, redirect, Blueprint, render_template
 
 from .checks import require_oauth2
 from .client import oauth2_get, oauth2_post
-from .request_utils import request_error
+from .request_utils import request_error, process_error
 
 roles = Blueprint("role", __name__)
 
 @roles.route("/user", methods=["GET"])
 @require_oauth2
 def user_roles():
-    def __success__(roles):
-        return render_template("oauth2/list_roles.html", roles=roles)
+    def  __grerror__(roles, user_privileges, error):
+        return render_template(
+            "oauth2/list_roles.html", roles=roles,
+            user_privileges=user_privileges,
+            group_roles_error=process_error(error))
+
+    def  __grsuccess__(roles, user_privileges, group_roles):
+        return render_template(
+            "oauth2/list_roles.html", roles=roles,
+            user_privileges=user_privileges, group_roles=group_roles)
+
+    def __role_success__(roles):
+        uprivs = tuple(
+            privilege["privilege_id"] for role in roles
+            for privilege in role["privileges"])
+        return oauth2_get("oauth2/group/roles").either(
+            lambda err: __grerror__(roles, uprivs, err),
+            lambda groles: __grsuccess__(roles, uprivs, groles))
 
     return oauth2_get("oauth2/user/roles").either(
-        request_error, __success__)
+        request_error, __role_success__)
 
 @roles.route("/role/<uuid:role_id>", methods=["GET"])
 @require_oauth2
@@ -26,3 +42,53 @@ def role(role_id: uuid.UUID):
 
     return oauth2_get(f"oauth2/role/view/{role_id}").either(
         request_error, __success__)
+
+@roles.route("/create", methods=["GET", "POST"])
+@require_oauth2
+def create_role():
+    """Create a new role."""
+    def __roles_error__(error):
+        return render_template(
+            "oauth2/create-role.html", roles_error=process_error(error))
+
+    def __gprivs_error__(roles, error):
+        return render_template(
+            "oauth2/create-role.html", roles=roles,
+            group_privileges_error=process_error(error))
+
+    def __success__(roles, gprivs):
+        uprivs = tuple(
+            privilege["privilege_id"] for role in roles
+            for privilege in role["privileges"])
+        return render_template(
+            "oauth2/create-role.html", roles=roles, user_privileges=uprivs,
+            group_privileges=gprivs,
+            prev_role_name=request.args.get("role_name"))
+
+    def __fetch_gprivs__(roles):
+        return oauth2_get("oauth2/group/privileges").either(
+            lambda err: __gprivs_error__(roles, err),
+            lambda gprivs: __success__(roles, gprivs))
+
+    if request.method == "GET":
+        return oauth2_get("oauth2/user/roles").either(
+            __roles_error__, __fetch_gprivs__)
+
+    form = request.form
+    role_name = form.get("role_name")
+    privileges = form.getlist("privileges[]")
+    if len(privileges) == 0:
+        flash("You must assign at least one privilege to the role",
+              "alert-danger")
+        return redirect(url_for(
+            "oauth2.role.create_role", role_name=role_name))
+    def __create_error__(error):
+        err = process_error(error)
+        flash(f"{err['error']}: {err['error_description']}",
+              "alert-danger")
+        return redirect(url_for("oauth2.role.create_role"))
+    def __create_success__(*args):
+        flash("Role created successfully.", "alert-success")
+        return redirect(url_for("oauth2.role.user_roles"))
+    return oauth2_post("oauth2/group/role/create",data=form).either(
+        __create_error__,__create_success__)
diff --git a/wqflask/wqflask/templates/oauth2/create-role.html b/wqflask/wqflask/templates/oauth2/create-role.html
new file mode 100644
index 00000000..f2bff7b4
--- /dev/null
+++ b/wqflask/wqflask/templates/oauth2/create-role.html
@@ -0,0 +1,46 @@
+{%extends "base.html"%}
+{%from "oauth2/profile_nav.html" import profile_nav%}
+{%from "oauth2/display_error.html" import display_error%}
+{%block title%}View User{%endblock%}
+{%block content%}
+<div class="container" style="min-width: 1250px;">
+  {{profile_nav("roles", user_privileges)}}
+  <h3>Create Role</h3>
+
+  {{flash_me()}}
+
+  {%if group_privileges_error is defined%}
+  {{display_error("Group Privileges", group_privileges_error)}}
+  {%else%}
+  {%if "group:role:create-role" in user_privileges%}
+  <form method="POST" action="{{url_for('oauth2.role.create_role')}}">
+    <legend>Create Group Role</legend>
+    <div class="form-group">
+      <label for="role_name" class="form-label">Name</label>
+      <input type="text" id="role_name" name="role_name" required="required"
+	     class="form-control"
+	     {%if prev_role_name is defined and prev_role_name is not none%}
+	     value="{{prev_role_name}}"
+	     {%endif%} />
+    </div>
+    <label class="form-label">Privileges</label>
+    {%for priv in group_privileges%}
+    <div class="checkbox">
+      <label for="chk:{{priv.privilege_id}}">
+	<input type="checkbox" id="chk:{{priv.privilege_id}}"
+	       name="privileges[]" value={{priv.privilege_id}} />
+	<span style="text-transform: capitalize;">
+	  {{priv.privilege_description}}
+	</span> ({{priv.privilege_id}})
+      </label>
+    </div>
+    {%endfor%}
+
+    <input type="submit" class="btn btn-primary" value="Create" />
+  </form>
+  {%else%}
+  {{display_error("Privilege", {"error":"PrivilegeError", "error_description": "You do not have sufficient privileges to create a new role."})}}
+  {%endif%}
+  {%endif%}
+</div>
+{%endblock%}
diff --git a/wqflask/wqflask/templates/oauth2/list_roles.html b/wqflask/wqflask/templates/oauth2/list_roles.html
index 028d0a17..7d9c4ac2 100644
--- a/wqflask/wqflask/templates/oauth2/list_roles.html
+++ b/wqflask/wqflask/templates/oauth2/list_roles.html
@@ -1,15 +1,17 @@
 {%extends "base.html"%}
 {%from "oauth2/profile_nav.html" import profile_nav%}
+{%from "oauth2/display_error.html" import display_error%}
 {%block title%}View User{%endblock%}
 {%block content%}
 <div class="container" style="min-width: 1250px;">
-  {{profile_nav("roles")}}
+  {{profile_nav("roles", user_privileges)}}
   <h3>Roles</h3>
 
   {{flash_me()}}
 
   <div class="container-fluid">
     <div class="row">
+      <h3>Your System-Level Roles</h3>
       <ul>
 	{%for role in roles %}
 	<li>
@@ -25,6 +27,60 @@
       </ul>
     </div>
 
+    <div class="row">
+      <h3>Group-Wide Roles</h3>
+
+      {%if "group:role:create-role" in user_privileges%}
+      <a href="{{url_for('oauth2.role.create_role')}}"
+	 title="Link to create a new group role"
+	 class="btn btn-info">New Group Role</a>
+      {%endif%}
+
+      {%if group_roles_error is defined%}
+      {{display_error("Group Roles", group_role_error)}}
+      {%else%}
+      <table class="table">
+	<caption>Group Roles</caption>
+	<thead>
+	  <tr>
+	    <th>Role Name</th>
+	    <th colspan="2">Actions</th>
+	  </tr>
+	</thead>
+	<tbody>
+	  {%for grole in group_roles%}
+	  <tr>
+	    <td>{{grole.role.role_name}}</td>
+	    <td>
+	      <a href="#/group/role/{{grole.group_role_id}}"
+		 title="Link to role {{grole.role.role_name}}"
+		 class="btn btn-info">
+		View
+	      </a>
+	    </td>
+	    <td>
+	      <a href="#/edit/role"
+		 title="Edit role {{grole.role.role_name}}"
+		 class="btn btn-warning">
+		Edit
+	      </a>
+	    </td>
+	  </tr>
+	  {%else%}
+	  <tr>
+	    <td colspan="3">
+	      <span class="glyphicon glyphicon-exclamation-sign text-info">
+	      </span>
+	      &nbsp;
+	      <span class="text-info">No group roles found</span>
+	    </td>
+	  </tr>
+	  {%endfor%}
+	</tbody>
+      </table>
+      {%endif%}
+    </div>
+
   </div>
 
 </div>
-- 
cgit v1.2.3


From 6799268ea735ece65c548a5111e8e444680dd0fd Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Fri, 3 Mar 2023 14:01:26 +0300
Subject: oauth2: Bugfix: Ensure to send the list correctly.

---
 wqflask/wqflask/oauth2/roles.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/wqflask/wqflask/oauth2/roles.py b/wqflask/wqflask/oauth2/roles.py
index c9493a1e..cabfdfac 100644
--- a/wqflask/wqflask/oauth2/roles.py
+++ b/wqflask/wqflask/oauth2/roles.py
@@ -90,5 +90,7 @@ def create_role():
     def __create_success__(*args):
         flash("Role created successfully.", "alert-success")
         return redirect(url_for("oauth2.role.user_roles"))
-    return oauth2_post("oauth2/group/role/create",data=form).either(
+    return oauth2_post(
+        "oauth2/group/role/create",data={
+            "role_name": role_name, "privileges[]": privileges}).either(
         __create_error__,__create_success__)
-- 
cgit v1.2.3


From e7c136949d3daf5310b33423f27918aaa9e92c65 Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Fri, 3 Mar 2023 14:02:10 +0300
Subject: oauth2: group role: View group role details.

---
 wqflask/wqflask/oauth2/groups.py                 | 17 +++++++++++++++++
 wqflask/wqflask/templates/oauth2/list_roles.html |  2 +-
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/wqflask/wqflask/oauth2/groups.py b/wqflask/wqflask/oauth2/groups.py
index f9e9bffe..2effaae8 100644
--- a/wqflask/wqflask/oauth2/groups.py
+++ b/wqflask/wqflask/oauth2/groups.py
@@ -1,3 +1,4 @@
+import uuid
 import datetime
 from functools import partial
 
@@ -131,3 +132,19 @@ def reject_join_request():
         data=request.form).either(
             handle_error("oauth2.group.list_join_requests"),
             __success__)
+
+@groups.route("/role/<uuid:group_role_id>", methods=["GET"])
+@require_oauth2
+def group_role(group_role_id: uuid.UUID):
+    """View the details of a particular role."""
+    def __role_error__(error):
+        return render_template(
+            "oauth2/view-group-role.html",
+            group_role_error=process_error(error))
+
+    def __role_success__(role):
+        return render_template(
+            "oauth2/view-group-role.html", group_role=role)
+
+    return oauth2_get(f"oauth2/group/role/{group_role_id}").either(
+        __role_error__, __role_success__)
diff --git a/wqflask/wqflask/templates/oauth2/list_roles.html b/wqflask/wqflask/templates/oauth2/list_roles.html
index 7d9c4ac2..6feccb6f 100644
--- a/wqflask/wqflask/templates/oauth2/list_roles.html
+++ b/wqflask/wqflask/templates/oauth2/list_roles.html
@@ -52,7 +52,7 @@
 	  <tr>
 	    <td>{{grole.role.role_name}}</td>
 	    <td>
-	      <a href="#/group/role/{{grole.group_role_id}}"
+	      <a href="{{url_for('oauth2.group.group_role', group_role_id=grole.group_role_id)}}"
 		 title="Link to role {{grole.role.role_name}}"
 		 class="btn btn-info">
 		View
-- 
cgit v1.2.3


From 530822468be436f1da0024a4b0dd85e0a2f69b7f Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Mon, 6 Mar 2023 10:15:57 +0300
Subject: oauth2: group roles: commit missing template.

---
 .../wqflask/templates/oauth2/view-group-role.html  | 40 ++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 wqflask/wqflask/templates/oauth2/view-group-role.html

diff --git a/wqflask/wqflask/templates/oauth2/view-group-role.html b/wqflask/wqflask/templates/oauth2/view-group-role.html
new file mode 100644
index 00000000..ca45fc4c
--- /dev/null
+++ b/wqflask/wqflask/templates/oauth2/view-group-role.html
@@ -0,0 +1,40 @@
+{%extends "base.html"%}
+{%from "oauth2/profile_nav.html" import profile_nav%}
+{%from "oauth2/display_error.html" import display_error%}
+{%block title%}View User{%endblock%}
+{%block content%}
+<div class="container" style="min-width: 1250px;">
+  {{profile_nav("roles")}}
+  <h3>View Group Role</h3>
+
+  {{flash_me()}}
+
+  <div class="container-fluid">
+    <div class="row">
+      {%if group_role_error is defined%}
+      {{display_error("Group Role", group_role_error)}}
+      {%else%}
+      <table class="table">
+	<caption>Details for '{{group_role.role.role_name}}' Role</caption>
+	<thead>
+	  <tr>
+	    <th>Privilege</th>
+	    <th>Description</th>
+	  </tr>
+	</thead>
+	<tbody>
+	  {%for privilege in group_role.role.privileges%}
+	  <tr>
+	    <td>{{privilege.privilege_id}}</td>
+	    <td>{{privilege.privilege_description}}</td>
+	  </tr>
+	  {%endfor%}
+	</tbody>
+      </table>
+      {%endif%}
+    </div>
+
+  </div>
+
+</div>
+{%endblock%}
-- 
cgit v1.2.3


From 52956c15c9c7dcb631b55f75d77786b52d4f631b Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Mon, 6 Mar 2023 10:16:35 +0300
Subject: oauth2: resources: List all users with access to the resource.

---
 wqflask/wqflask/oauth2/resources.py                | 33 ++++++++--
 .../wqflask/templates/oauth2/view-resource.html    | 73 +++++++++++++++++++++-
 2 files changed, 99 insertions(+), 7 deletions(-)

diff --git a/wqflask/wqflask/oauth2/resources.py b/wqflask/wqflask/oauth2/resources.py
index 872a29c6..be0cb475 100644
--- a/wqflask/wqflask/oauth2/resources.py
+++ b/wqflask/wqflask/oauth2/resources.py
@@ -51,18 +51,39 @@ def create_resource():
 @require_oauth2
 def view_resource(resource_id: uuid.UUID):
     """View the given resource."""
-    # Display the resource's details
-    # Provide edit/delete options
-    # Metadata edit maybe?
+    def __this_user_success__(resource, unlinked_data, users_n_roles, user):
+        return render_template(
+            "oauth2/view-resource.html", resource=resource,
+            unlinked_data=unlinked_data, users_n_roles=users_n_roles,
+            this_user=user)
+
+    def __users_n_roles_success__(resource, unlinked_data, users_n_roles):
+        return oauth2_get("oauth2/user").either(
+            lambda err: render_template(
+                "oauth2/view-resources.html",
+                this_user_error=process_error(err)),
+            lambda usr_dets: __this_user_success__(
+                resource, unlinked_data, users_n_roles, usr_dets))
+
+    def __unlinked_success__(resource, unlinked_data):
+        return oauth2_get(f"oauth2/resource/{resource_id}/users").either(
+            lambda err: render_template(
+                "oauth2/view-resource.html", resource=resource,
+                unlinked_data=unlinked_data,
+                users_n_roles_error=process_error(err)),
+            lambda users_n_roles: __users_n_roles_success__(
+                resource, unlinked_data, users_n_roles))
+        return render_template(
+                "oauth2/view-resource.html", resource=resource, error=None,
+                unlinked_data=unlinked)
+
     def __resource_success__(resource):
         dataset_type = resource["resource_category"]["resource_category_key"]
         return oauth2_get(f"oauth2/group/{dataset_type}/unlinked-data").either(
             lambda err: render_template(
                 "oauth2/view-resource.html", resource=resource,
                 unlinked_error=process_error(err)),
-            lambda unlinked: render_template(
-                "oauth2/view-resource.html", resource=resource, error=None,
-                unlinked_data=unlinked))
+            lambda unlinked: __unlinked_success__(resource, unlinked))
 
     return oauth2_get(f"oauth2/resource/view/{resource_id}").either(
         lambda err: render_template("oauth2/view-resource.html",
diff --git a/wqflask/wqflask/templates/oauth2/view-resource.html b/wqflask/wqflask/templates/oauth2/view-resource.html
index fb44560b..e8a3d8cb 100644
--- a/wqflask/wqflask/templates/oauth2/view-resource.html
+++ b/wqflask/wqflask/templates/oauth2/view-resource.html
@@ -12,6 +12,7 @@
   <div class="container-fluid">
 
     <div class="row">
+      <h3>Resource Details</h3>
       {%if error %}
       <span class="glyphicon glyphicon-exclamation-sign text-danger">
       </span>
@@ -41,6 +42,7 @@
     </div>
 
     <div class="row">
+      <h3>Resource Data</h3>
       <table class="table">
 	<caption>Resource Data</caption>
 	<thead>
@@ -88,6 +90,7 @@
     </div>
 
     <div class="row">
+      <h3>Unlinked Data</h3>
       <table class="table">
 	<caption>Link Data</caption>
 	<thead>
@@ -125,7 +128,7 @@
 	    </td>
 	  </tr>
 	  {%else%}
-	  <span class="glyphicon glyphicon-info-sign text-danger">
+	  <span class="glyphicon glyphicon-info-sign text-info">
 	  </span>
 	  &nbsp;
 	  <strong class="text-info">No data to link.</strong>
@@ -135,6 +138,74 @@
       </table>
     </div>
 
+    <div class="row">
+      <h3>User Roles</h3>
+      {%if users_n_roles_error is defined%}
+      {{display_error("Users and Roles", users_n_roles_error)}}
+      {%else%}
+      <table class="table">
+	<caption>User Roles</caption>
+	<thead>
+	  <tr>
+	    <th>User Email</th>
+	    <th>User Name</th>
+	    <th>User Group</th>
+	    <th colspan="2">Assigned Roles</th>
+	  </tr>
+	</thead>
+	<tbody>
+	  {%for user_row in users_n_roles%}
+	  <tr>
+	    <td rowspan="{{user_row.roles | length + 1}}">{{user_row.user.email}}</td>
+	    <td rowspan="{{user_row.roles | length + 1}}">{{user_row.user.name}}</td>
+	    <td rowspan="{{user_row.roles | length + 1}}">
+	      {{user_row.user_group.group_name}}</td>
+	    <th>Role</th>
+	    <th>Action</th>
+	  </tr>
+	  {%for grole in user_row.roles%}
+	  <tr>
+	    <td>
+	      <a href="{{url_for(
+		       'oauth2.group.group_role',
+		       group_role_id=grole.group_role_id)}}"
+		 title="Details for '{{grole.role.role_name}}' role">
+		{{grole.role.role_name}}
+	      </a>
+	    </td>
+	    <td>
+	      <form action="#/role/id/unassign/user" action="POST">
+		<input type="hidden" name="user_id"
+		       value="{{user_row.user.user_id}}" />
+		<input type="hidden" name="group_role_id"
+		       value="{{grole.group_role_id}}">
+		<input type="submit"
+		       value="Unassign"
+		       class="btn btn-danger"
+		       {%if user_row.user.user_id==this_user.user_id%}
+		       disabled="disabled"
+		       {%endif%}>
+	      </form>
+	    </td>
+	  </tr>
+	  {%endfor%}
+	  {%else%}
+	  <tr>
+	    <td colspan="5">
+	      <span class="glyphicon glyphicon-info-sign text-info">
+	      </span>
+	      &nbsp;
+	      <span class="text-info">
+		There are no users assigned any role for this resource.
+	      </span>
+	    </td>
+	  </tr>
+	  {%endfor%}
+	</tbody>
+      </table>
+      {%endif%}
+    </div>
+
   </div>
 
 </div>
-- 
cgit v1.2.3


From 98602d24c64ffafe2c4af150236b72f77709f8de Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Mon, 6 Mar 2023 14:59:30 +0300
Subject: oauth2: resources: assign role to user on resource.

---
 wqflask/wqflask/oauth2/resources.py                | 63 ++++++++++++++++++++--
 .../wqflask/templates/oauth2/view-resource.html    | 46 ++++++++++++++++
 2 files changed, 105 insertions(+), 4 deletions(-)

diff --git a/wqflask/wqflask/oauth2/resources.py b/wqflask/wqflask/oauth2/resources.py
index be0cb475..e3501835 100644
--- a/wqflask/wqflask/oauth2/resources.py
+++ b/wqflask/wqflask/oauth2/resources.py
@@ -1,6 +1,7 @@
 import uuid
 
-from flask import flash, request, url_for, redirect, Blueprint, render_template
+from flask import (
+    flash, request, url_for, redirect, Response, Blueprint, render_template)
 
 from .checks import require_oauth2
 from .client import oauth2_get, oauth2_post
@@ -51,11 +52,34 @@ def create_resource():
 @require_oauth2
 def view_resource(resource_id: uuid.UUID):
     """View the given resource."""
-    def __this_user_success__(resource, unlinked_data, users_n_roles, user):
+    def __users_success__(
+            resource, unlinked_data, users_n_roles, this_user, group_roles,
+            users):
         return render_template(
             "oauth2/view-resource.html", resource=resource,
             unlinked_data=unlinked_data, users_n_roles=users_n_roles,
-            this_user=user)
+            this_user=this_user, group_roles=group_roles, users=users)
+
+    def __group_roles_success__(
+            resource, unlinked_data, users_n_roles, this_user, group_roles):
+        return oauth2_get("oauth2/user/list").either(
+            lambda err: render_template(
+                "oauth2/view-resource.html", resource=resource,
+                unlinked_data=unlinked_data, users_n_roles=users_n_roles,
+                this_user=this_user, group_roles=group_roles,
+                users_error=process_error(err)),
+            lambda users: __users_success__(
+                resource, unlinked_data, users_n_roles, this_user, group_roles,
+                users))
+
+    def __this_user_success__(resource, unlinked_data, users_n_roles, this_user):
+        return oauth2_get("oauth2/group/roles").either(
+            lambda err: render_template(
+                "oauth2/view-resources.html", resource=resource,
+                unlinked_data=unlinked_data, users_n_roles=users_n_roles,
+                this_user=this_user, group_roles_error=process_error(err)),
+            lambda groles: __group_roles_success__(
+                resource, unlinked_data, users_n_roles, this_user, groles))
 
     def __users_n_roles_success__(resource, unlinked_data, users_n_roles):
         return oauth2_get("oauth2/user").either(
@@ -66,7 +90,7 @@ def view_resource(resource_id: uuid.UUID):
                 resource, unlinked_data, users_n_roles, usr_dets))
 
     def __unlinked_success__(resource, unlinked_data):
-        return oauth2_get(f"oauth2/resource/{resource_id}/users").either(
+        return oauth2_get(f"oauth2/resource/{resource_id}/user/list").either(
             lambda err: render_template(
                 "oauth2/view-resource.html", resource=resource,
                 unlinked_data=unlinked_data,
@@ -149,6 +173,37 @@ def unlink_data_from_resource():
         return redirect(url_for(
             "oauth2.resource.view_resource", resource_id=form["resource_id"]))
 
+@resources.route("<uuid:resource_id>/user/assign", methods=["POST"])
+@require_oauth2
+def assign_role(resource_id: uuid.UUID) -> Response:
+    form = request.form
+    group_role_id = form.get("group_role_id", "")
+    user_email = form.get("user_email", "")
+    try:
+        assert bool(group_role_id), "The role must be provided."
+        assert bool(user_email), "The user email must be provided."
+
+        def __assign_error__(error):
+            err = process_error(error)
+            flash(f"{err['error']}: {err['error_description']}", "alert-danger")
+            return redirect(url_for(
+                "oauth2.resource.view_resource", resource_id=resource_id))
+
+        def __assign_success__(success):
+            flash(success["description"], "alert-success")
+            return redirect(url_for(
+                "oauth2.resource.view_resource", resource_id=resource_id))
+
+        return oauth2_post(
+            f"oauth2/resource/{resource_id}/user/assign",
+            data={
+                "group_role_id": group_role_id,
+                "user_email": user_email
+            }).either(__assign_error__, __assign_success__)
+    except AssertionError as aserr:
+        flash(aserr.args[0], "alert-danger")
+        return redirect(url_for("oauth2.resources.view_resource", resource_id=resource_id))
+
 @resources.route("/edit/<uuid:resource_id>", methods=["GET"])
 @require_oauth2
 def edit_resource(resource_id: uuid.UUID):
diff --git a/wqflask/wqflask/templates/oauth2/view-resource.html b/wqflask/wqflask/templates/oauth2/view-resource.html
index e8a3d8cb..6563d2fa 100644
--- a/wqflask/wqflask/templates/oauth2/view-resource.html
+++ b/wqflask/wqflask/templates/oauth2/view-resource.html
@@ -206,6 +206,52 @@
       {%endif%}
     </div>
 
+    <div class="row">
+      <h3>Assign</h3>
+      {%if group_roles_error is defined%}
+      {{display_error("Group Roles", group_roles_error)}}
+      {%elif users_error is defined%}
+      {{display_error("Users", users_error)}}
+      {%else%}
+      <form action="{{url_for(
+		    'oauth2.resource.assign_role',
+		    resource_id=resource.resource_id)}}"
+	    method="POST" autocomplete="off">
+	<input type="hidden" name="resource_id" value="{{resource_id}}" />
+	<div class="form-group">
+	  <label for="group_role_id" class="form-label">Role</label>
+	  <select class="form-control" name="group_role_id"
+		  id="group_role_id" required="required">
+	    <option value="">Select role</option>
+	    {%for grole in group_roles%}
+	    <option value="{{grole.group_role_id}}">
+	      {{grole.role.role_name}}
+	    </option>
+	    {%endfor%}
+	  </select>
+	</div>
+	<div class="form-group">
+	  <label for="user-email" class="form-label">User Email</label>
+	  <input list="users-list" name="user_email" class="form-control"
+		 {%if users | length == 0%}
+		 disabled="disabled"
+		 {%endif%}
+		 required="required" />
+	  <datalist id="users-list">
+	    {%for user in users%}
+	    <option value="{{user.email}}">{{user.email}} - {{user.name}}</option>
+	    {%endfor%}
+	  </datalist>
+	</div>
+
+	<input type="submit" class="btn btn-primary" value="Assign"
+	       {%if users | length == 0%}
+	       disabled="disabled"
+	       {%endif%} />
+      </form>
+      {%endif%}
+    </div>
+
   </div>
 
 </div>
-- 
cgit v1.2.3


From bc2300dc769eb0f4d22aab9a8caebcc1eda9a469 Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Tue, 7 Mar 2023 06:21:37 +0300
Subject: oauth2: resources: unassign role on resource from user.

---
 wqflask/wqflask/oauth2/resources.py                | 31 ++++++++++++++++++++++
 .../wqflask/templates/oauth2/view-resource.html    |  4 ++-
 2 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/wqflask/wqflask/oauth2/resources.py b/wqflask/wqflask/oauth2/resources.py
index e3501835..8f31f7c9 100644
--- a/wqflask/wqflask/oauth2/resources.py
+++ b/wqflask/wqflask/oauth2/resources.py
@@ -204,6 +204,37 @@ def assign_role(resource_id: uuid.UUID) -> Response:
         flash(aserr.args[0], "alert-danger")
         return redirect(url_for("oauth2.resources.view_resource", resource_id=resource_id))
 
+@resources.route("<uuid:resource_id>/user/unassign", methods=["POST"])
+@require_oauth2
+def unassign_role(resource_id: uuid.UUID) -> Response:
+    form = request.form
+    group_role_id = form.get("group_role_id", "")
+    user_id = form.get("user_id", "")
+    try:
+        assert bool(group_role_id), "The role must be provided."
+        assert bool(user_id), "The user id must be provided."
+
+        def __unassign_error__(error):
+            err = process_error(error)
+            flash(f"{err['error']}: {err['error_description']}", "alert-danger")
+            return redirect(url_for(
+                "oauth2.resource.view_resource", resource_id=resource_id))
+
+        def __unassign_success__(success):
+            flash(success["description"], "alert-success")
+            return redirect(url_for(
+                "oauth2.resource.view_resource", resource_id=resource_id))
+
+        return oauth2_post(
+            f"oauth2/resource/{resource_id}/user/unassign",
+            data={
+                "group_role_id": group_role_id,
+                "user_id": user_id
+            }).either(__unassign_error__, __unassign_success__)
+    except AssertionError as aserr:
+        flash(aserr.args[0], "alert-danger")
+        return redirect(url_for("oauth2.resources.view_resource", resource_id=resource_id))
+
 @resources.route("/edit/<uuid:resource_id>", methods=["GET"])
 @require_oauth2
 def edit_resource(resource_id: uuid.UUID):
diff --git a/wqflask/wqflask/templates/oauth2/view-resource.html b/wqflask/wqflask/templates/oauth2/view-resource.html
index 6563d2fa..14e7872b 100644
--- a/wqflask/wqflask/templates/oauth2/view-resource.html
+++ b/wqflask/wqflask/templates/oauth2/view-resource.html
@@ -174,7 +174,9 @@
 	      </a>
 	    </td>
 	    <td>
-	      <form action="#/role/id/unassign/user" action="POST">
+	      <form action="{{url_for('oauth2.resource.unassign_role',
+			    resource_id=resource.resource_id)}}"
+		    method="POST">
 		<input type="hidden" name="user_id"
 		       value="{{user_row.user.user_id}}" />
 		<input type="hidden" name="group_role_id"
-- 
cgit v1.2.3


From c7aa2ef757995e4b96d616033b0970ff58a7af24 Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Tue, 7 Mar 2023 10:42:28 +0300
Subject: oauth2: Include 'user' in requested scopes.

---
 wqflask/wqflask/oauth2/client.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wqflask/wqflask/oauth2/client.py b/wqflask/wqflask/oauth2/client.py
index 2bf3f94d..f712e54d 100644
--- a/wqflask/wqflask/oauth2/client.py
+++ b/wqflask/wqflask/oauth2/client.py
@@ -6,7 +6,7 @@ from pymonad.maybe import Just, Maybe, Nothing
 from pymonad.either import Left, Right, Either
 from authlib.integrations.requests_client import OAuth2Session
 
-SCOPE = "profile group role resource register-client"
+SCOPE = "profile group role resource register-client user"
 
 def oauth2_client():
     config = app.config
-- 
cgit v1.2.3


From cb49be814e48e8d7008866d52df5777de88c6067 Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Tue, 7 Mar 2023 13:55:04 +0300
Subject: oauth2: group_roles: Enable adding/deleting privileges

---
 wqflask/wqflask/oauth2/groups.py                   | 68 ++++++++++++++++++++--
 .../wqflask/templates/oauth2/view-group-role.html  | 56 ++++++++++++++++++
 2 files changed, 118 insertions(+), 6 deletions(-)

diff --git a/wqflask/wqflask/oauth2/groups.py b/wqflask/wqflask/oauth2/groups.py
index 2effaae8..551c0640 100644
--- a/wqflask/wqflask/oauth2/groups.py
+++ b/wqflask/wqflask/oauth2/groups.py
@@ -137,14 +137,70 @@ def reject_join_request():
 @require_oauth2
 def group_role(group_role_id: uuid.UUID):
     """View the details of a particular role."""
-    def __role_error__(error):
+    def __render_error(**kwargs):
+        return render_template("oauth2/view-group-role.html", **kwargs)
+
+    def __gprivs_success__(role, group_privileges):
         return render_template(
-            "oauth2/view-group-role.html",
-            group_role_error=process_error(error))
+            "oauth2/view-group-role.html", group_role=role,
+            group_privileges=tuple(
+                priv for priv in group_privileges
+                if priv not in role["role"]["privileges"]))
 
     def __role_success__(role):
-        return render_template(
-            "oauth2/view-group-role.html", group_role=role)
+        return oauth2_get("oauth2/group/privileges").either(
+            lambda err: __render_error__(
+                group_role=group_role,
+                group_privileges_error=process_error(err)),
+            lambda privileges: __gprivs_success__(role, privileges))
 
     return oauth2_get(f"oauth2/group/role/{group_role_id}").either(
-        __role_error__, __role_success__)
+        lambda err: __render_error__(group_role_error=process_error(err)),
+        __role_success__)
+
+def add_delete_privilege_to_role(
+        group_role_id: uuid.UUID, direction: str) -> Response:
+    """Add/delete a privilege to/from a role depending on `direction`."""
+    assert direction in ("ADD", "DELETE")
+    def __render__():
+        return redirect(url_for(
+            "oauth2.group.group_role", group_role_id=group_role_id))
+
+    def __error__(error):
+        err = process_error(error)
+        flash(f"{err['error']}: {err['error_description']}", "alert-danger")
+        return __render__()
+
+    def __success__(success):
+        flash(success["description"], "alert-success")
+        return __render__()
+    try:
+        form = request.form
+        privilege_id = form.get("privilege_id")
+        assert bool(privilege_id), "Privilege to add must be provided"
+        uris = {
+            "ADD": f"oauth2/group/role/{group_role_id}/privilege/add",
+            "DELETE": f"oauth2/group/role/{group_role_id}/privilege/delete"
+        }
+        return oauth2_post(
+            uris[direction],
+            data={
+                "group_role_id": group_role_id,
+                "privilege_id": privilege_id
+            }).either(__error__, __success__)
+    except AssertionError as aerr:
+        flash(aerr.args[0], "alert-danger")
+        return redirect(url_for(
+            "oauth2.group.group_role", group_role_id=group_role_id))
+
+@groups.route("/role/<uuid:group_role_id>/privilege/add", methods=["POST"])
+@require_oauth2
+def add_privilege_to_role(group_role_id: uuid.UUID):
+    """Add a privilege to a group role."""
+    return add_delete_privilege_to_role(group_role_id, "ADD")
+
+@groups.route("/role/<uuid:group_role_id>/privilege/delete", methods=["POST"])
+@require_oauth2
+def delete_privilege_from_role(group_role_id: uuid.UUID):
+    """Delete a privilege from a group role."""
+    return add_delete_privilege_to_role(group_role_id, "DELETE")
diff --git a/wqflask/wqflask/templates/oauth2/view-group-role.html b/wqflask/wqflask/templates/oauth2/view-group-role.html
index ca45fc4c..873eb0ee 100644
--- a/wqflask/wqflask/templates/oauth2/view-group-role.html
+++ b/wqflask/wqflask/templates/oauth2/view-group-role.html
@@ -11,6 +11,7 @@
 
   <div class="container-fluid">
     <div class="row">
+      <h3>Role Details</h3>
       {%if group_role_error is defined%}
       {{display_error("Group Role", group_role_error)}}
       {%else%}
@@ -20,6 +21,7 @@
 	  <tr>
 	    <th>Privilege</th>
 	    <th>Description</th>
+	    <th>Action</th>
 	  </tr>
 	</thead>
 	<tbody>
@@ -27,6 +29,17 @@
 	  <tr>
 	    <td>{{privilege.privilege_id}}</td>
 	    <td>{{privilege.privilege_description}}</td>
+	    <td>
+	      <form action="{{url_for(
+			    'oauth2.group.delete_privilege_from_role',
+			    group_role_id=group_role.group_role_id)}}"
+		    method="POST">
+		<input type="hidden" name="privilege_id"
+		       value="{{privilege.privilege_id}}" />
+		<input type="submit" class="btn btn-danger"
+		       value="Remove" />
+	      </form>
+	    </td>
 	  </tr>
 	  {%endfor%}
 	</tbody>
@@ -34,6 +47,49 @@
       {%endif%}
     </div>
 
+    <div class="row">
+      <h3>Other Privileges</h3>
+      <table class="table">
+	<caption>Other Privileges not Assigned to this Role</caption>
+	<thead>
+	  <tr>
+	    <th>Privilege</th>
+	    <th>Description</th>
+	    <th>Action</th>
+	  </tr>
+	</thead>
+
+	<tbody>
+	  {%for priv in group_privileges%}
+	  <tr>
+	    <td>{{priv.privilege_id}}</td>
+	    <td>{{priv.privilege_description}}</td>
+	    <td>
+	      <form action="{{url_for(
+			    'oauth2.group.add_privilege_to_role',
+			    group_role_id=group_role.group_role_id)}}"
+		    method="POST">
+		<input type="hidden" name="privilege_id"
+		       value="{{priv.privilege_id}}" />
+		<input type="submit" class="btn btn-warning"
+		       value="Add to Role" />
+	      </form>
+	    </td>
+	  </tr>
+	  {%else%}
+	  <tr>
+	    <td colspan="3">
+	      <span class="glyphicon glyphicon-info-sign text-info">
+	      </span>
+	      &nbsp;
+	      <span class="text-info">All privileges assigned!</span>
+	    </td>
+	  </tr>
+	  {%endfor%}
+	</tbody>
+      </table>
+    </div>
+
   </div>
 
 </div>
-- 
cgit v1.2.3


From 6c5d0d8a1e981063b02bb9a7aab63190858ed348 Mon Sep 17 00:00:00 2001
From: Alexander Kabui
Date: Tue, 7 Mar 2023 23:18:01 +0300
Subject: fix:Enter key in search field. (#769)

* enable search on keypress enter

* add default value for search field

* forward search queries---
 wqflask/wqflask/templates/base.html | 49 +++++++++++++++++++++++++++++++++++--
 1 file changed, 47 insertions(+), 2 deletions(-)

diff --git a/wqflask/wqflask/templates/base.html b/wqflask/wqflask/templates/base.html
index 7145cd7a..4b1237f5 100644
--- a/wqflask/wqflask/templates/base.html
+++ b/wqflask/wqflask/templates/base.html
@@ -28,6 +28,10 @@
     {% endblock %}
 
     <style>
+
+        .form-rounded {
+            border-radius: 1rem;
+        }
         table.dataTable thead .sorting_asc {
             background-image: url({{ url_for("js", filename="DataTables/images/sort_asc_disabled.png") }});
         }
@@ -135,14 +139,19 @@
 
     <div class="container-fluid" style="width: 100%; min-width: 650px; position: relative; background-color: #d5d5d5; height: 84px;">
 
-        <form method="get" action="/gsearch">
+        <form method="get" action="/gsearch" id="searchform">
             <div class="row" style="width: 100%; position: absolute; bottom: 0; top: 30px;">
+
+                <!--
                 <button id="btsearch" class="btn btn-primary" style="margin-left: 20px;"><span class="glyphicon glyphicon-search"></span> Search All</button>
+
+             use enter key to submit fomr -->
                 <select style="width: 160px; margin-top: 15px; margin-left: 10px;" name="type">
                     <option value="gene">Genes / Molecules</option>
                     <option value="phenotype" {% if type=="phenotype" %}selected{% endif %}>Phenotypes</option>
                 </select>
-                <input style="width: 50%; margin-top: 15px; margin-left: 10px;" type="text" name="terms" required>
+
+                <input id="term"  class="form-rounded" style="width: 40vw; margin-top: 15px; margin-left: 10px;" type="text" name="terms" required placeholder="enter you search term here">
             </div>
         </form>
     </div>
@@ -247,6 +256,7 @@
       <!--</div>-->
     </div>
 
+
     <script src="{{ url_for('js', filename='jquery/jquery.min.js') }}" type="text/javascript"></script>
     <script src="{{ url_for('js', filename='bootstrap/js/bootstrap.min.js') }}" type="text/javascript"></script>
     <script>
@@ -259,6 +269,41 @@
               }
             })
     </script>
+
+
+    <script type="text/javascript">
+
+
+
+$(document).ready(function() {
+
+
+    const urlParams = new  URLSearchParams(window.location.search)
+
+   let term = "cytochrome NOT P450"
+
+   if (urlParams.get("search_terms_or")){
+    term =  urlParams.get("search_terms_or")
+   }
+
+   else if (urlParams.get("terms")){
+    term = urlParams.get("terms")
+   }
+
+    $("#term").val(term);
+    $("#term").keyup(function(event) {
+  if (event.keyCode === 13) {
+    event.preventDefault();
+    $('#searchform').attr('action', "/gsearch").submit();
+    }
+    });    
+
+
+});
+
+
+    </script>
+
     <script src="{{ url_for('js', filename='jquery-cookie/jquery.cookie.js') }}" type="text/javascript"></script>
     <script src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js"></script>
     <!-- <script src="{{ url_for('js', filename='jquery-ui/jquery-ui.min.js') }}" type="text/javascript"></script> -->
-- 
cgit v1.2.3