From e7f884ab69919818948a7d6ef2b6882eba8d815b Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Fri, 19 May 2023 10:49:36 +0300 Subject: auth: Use auth privileges to control UI display Use the privileges from the authorisation endpoint to control which elements of the UI are displayed to the user. * wqflask/base/trait.py: Remove unused import * wqflask/wqflask/show_trait/show_trait.py: Unhook from GN-PROXY * wqflask/wqflask/templates/show_trait.html: Display or hide UI elements depending on the privileges the user has. * wqflask/wqflask/templates/show_trait_details.html: Display or hide UI elements depending on the privileges the user has. * wqflask/wqflask/views.py: Pass privileges, user, and resource details on to the UI template to be used for controlling UI element display. --- wqflask/base/trait.py | 2 +- wqflask/wqflask/show_trait/show_trait.py | 5 - wqflask/wqflask/templates/show_trait.html | 224 +++++++++++----------- wqflask/wqflask/templates/show_trait_details.html | 6 +- wqflask/wqflask/views.py | 33 ++-- 5 files changed, 134 insertions(+), 136 deletions(-) (limited to 'wqflask') diff --git a/wqflask/base/trait.py b/wqflask/base/trait.py index e6e1c6b3..37085448 100644 --- a/wqflask/base/trait.py +++ b/wqflask/base/trait.py @@ -7,7 +7,7 @@ from base import webqtlConfig from base.webqtlCaseData import webqtlCaseData from base.data_set import create_dataset from utility.authentication_tools import check_resource_availability -from utility.tools import GN2_BASE_URL, GN_PROXY_URL +from utility.tools import GN2_BASE_URL from utility.redis_tools import get_redis_conn, get_resource_id from flask import g, request, url_for diff --git a/wqflask/wqflask/show_trait/show_trait.py b/wqflask/wqflask/show_trait/show_trait.py index e958e78c..13e11ff2 100644 --- a/wqflask/wqflask/show_trait/show_trait.py +++ b/wqflask/wqflask/show_trait/show_trait.py @@ -37,17 +37,12 @@ ONE_YEAR = 60 * 60 * 24 * 365 class ShowTrait: def __init__(self, db_cursor, user_id, kw): - self.admin_status = None if 'trait_id' in kw and kw['dataset'] != "Temp": self.temp_trait = False self.trait_id = kw['trait_id'] helper_functions.get_species_dataset_trait(self, kw) self.resource_id = get_resource_id(self.dataset, self.trait_id) - self.admin_status = get_highest_user_access_role( - user_id=user_id, - resource_id=(self.resource_id or ""), - gn_proxy_url=GN_PROXY_URL) elif 'group' in kw: self.temp_trait = True self.trait_id = "Temp_" + kw['species'] + "_" + kw['group'] + \ diff --git a/wqflask/wqflask/templates/show_trait.html b/wqflask/wqflask/templates/show_trait.html index b0390ace..bc5d75cd 100644 --- a/wqflask/wqflask/templates/show_trait.html +++ b/wqflask/wqflask/templates/show_trait.html @@ -1,33 +1,38 @@ {% extends "base.html" %} +{%from "oauth2/display_error.html" import display_error%} + {% block title %}Trait Data and Analysis{% endblock %} + {% block css %} - - - - - - - - - - + + + + + + + + + + {% endblock %} + {% block content %} + {{flash_me()}} + {%if "group:resource:view-resource" in trait_privileges%}
-

Trait Data and Analysis for {{ this_trait.display_name }}

- {% if this_trait.dataset.type != 'Publish' %} -

{{ this_trait.description_fmt[0]|upper }}{{ this_trait.description_fmt[1:]|safe }}

- {% endif %} -
+

Trait Data and Analysis for {{ this_trait.display_name }}

+ {% if this_trait.dataset.type != 'Publish' %} +

{{ this_trait.description_fmt[0]|upper }}{{ this_trait.description_fmt[1:]|safe }}

+ {% endif %} -
-
- - {% for key in hddn %} + +
+ + {% for key in hddn %} - {% endfor %} + {% endfor %}
@@ -40,100 +45,105 @@
-
-
-
-

- Details and Links -

-
-
-
- {% include 'show_trait_details.html' %} -
-
- {% if metadata %} -
-

- Data Set Group: {{ dataset.fullname }} -

-
-
-
- {% include 'show_metadata_details.html' %} -
-
- {% endif %} +
+
+
+

+ Details and Links +

+
+
+
+ {% include 'show_trait_details.html' %}
-
-
-

- Statistics -

-
-
-
- {% include 'show_trait_statistics.html' %} -
-
+
+ {% if metadata %} +
+

+ Data Set Group: {{ dataset.fullname }} +

+
+
+
+ {% include 'show_metadata_details.html' %} +
+
+ {% endif %} +
+
+
+

+ Statistics +

+
+
+
+ {% include 'show_trait_statistics.html' %}
-
-
-

- Transform and Filter Data -

-
-
-
- {% include 'show_trait_transform_and_filter.html' %} -
-
-
+
+
+
+
+

+ Transform and Filter Data +

+
+
+
+ {% include 'show_trait_transform_and_filter.html' %} +
+
+
+
+
+
+

+ Calculate Correlations +

+
+
+
+ {% include 'show_trait_calculate_correlations.html' %}
-
-
-

- Calculate Correlations -

-
-
-
- {% include 'show_trait_calculate_correlations.html' %} -
-
-
-
-
-

- Mapping Tools -

-
-
-
- {% include 'show_trait_mapping_tools.html' %} -
-
-
-
-
1100) %}style="min-width: {{ trait_table_width|int + 30 }}px;"{% endif %}> -
-

- Review and Edit Data -

-
-
-
- {% include 'show_trait_edit_data.html' %} -
-
+
+
+
+
+

+ Mapping Tools +

+
+
+
+ {% include 'show_trait_mapping_tools.html' %}
+
+
- {% include 'show_trait_progress_bar.html' %} - + {%if "group:resource:edit-resource" in trait_privileges%} +
1100)%}style="min-width: {{trait_table_width|int + 30}}px;"{% endif %}> +
+

+ Review and Edit Data +

+
+
+
+ {% include 'show_trait_edit_data.html' %} +
+
+
+ {%endif%} +
+ {% include 'show_trait_progress_bar.html' %}
- + +
+ {%else%} + {{display_error("Access Denied", {"error": "AuthorisationError", "error_description": "No read access for user '" + user.name + "'."})}} + {%endif%} - + {% endblock %} diff --git a/wqflask/wqflask/templates/show_trait_details.html b/wqflask/wqflask/templates/show_trait_details.html index 83ab1482..cce76082 100644 --- a/wqflask/wqflask/templates/show_trait_details.html +++ b/wqflask/wqflask/templates/show_trait_details.html @@ -235,7 +235,7 @@ {% endif %} {% endif %} - {% if admin_status != None and admin_status.get('metadata', DataRole.VIEW) > DataRole.VIEW %} + {%if "group:resource:edit-resource" in trait_privileges%} {% if this_trait.dataset.type == 'Publish' %} {% endif %} @@ -245,9 +245,9 @@ {% endif %} {% endif %}
- {% if admin_status != None and admin_status.get('metadata', DataRole.VIEW) > DataRole.VIEW %} + {%if "group:resource:edit-resource" in trait_privileges%}
- +
{% endif %}
diff --git a/wqflask/wqflask/views.py b/wqflask/wqflask/views.py index 164cf9ce..188dc27b 100644 --- a/wqflask/wqflask/views.py +++ b/wqflask/wqflask/views.py @@ -77,6 +77,7 @@ from wqflask.docs import Docs, update_text from wqflask.decorators import edit_access_required from wqflask.db_info import InfoPage +from wqflask.oauth2 import client from wqflask.oauth2.client import no_token_get from wqflask.oauth2.request_utils import process_error @@ -494,7 +495,10 @@ def show_temp_trait_page(): @app.route("/show_trait") def show_trait_page(): - def __show_trait__(): + def __show_trait__(privileges_data): + assert len(privileges_data) == 1 + privileges_data = privileges_data[0] + trait_privileges = tuple(item for item in privileges_data["privileges"]) with database_connection() as conn, conn.cursor() as cursor: user_id = ((g.user_session.record.get(b"user_id") or b"").decode("utf-8") @@ -519,7 +523,12 @@ def show_trait_page(): return render_template( "show_trait.html", metadata=metadata, - **template_vars.__dict__) + **{ + **template_vars.__dict__, + "user": privileges_data["user"], + "trait_privileges": trait_privileges, + "resource_id": privileges_data["resource_id"] + }) dataset = request.args["dataset"] trait_id = request.args["trait_id"] def __failure__(err): @@ -527,27 +536,11 @@ def show_trait_page(): flash(f"{error['error']}: {error['error_description']}", "alert-error") return render_template("show_trait_error.html") - def __success__(auth_results): - trait_privileges = auth_results[0]["privileges"] - if ("group:resource:view-resource" in trait_privileges or - "system:resource:public-read" in trait_privileges): - return __show_trait__() - flash( - f"AuthorisationError: You do not have access to trait '{trait_id}' " - f"from the '{dataset}' dataset.", - "alert-danger") - return render_template("show_trait_error.html") - - return no_token_get( + return client.post( "oauth2/data/authorisation", - headers={ - "Content-Type": "application/json", - **({"Authorization": f"Bearer {session['token']}"} - if bool(session.get("token")) else {}) - }, json={ "traits": [f"{dataset}::{trait_id}"] - }).either(__failure__, __success__) + }).either(__failure__, __show_trait__) @app.route("/heatmap", methods=('POST',)) -- cgit v1.2.3