about summary refs log tree commit diff
path: root/gn_auth/auth
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2026-01-27 15:58:41 -0600
committerFrederick Muriuki Muriithi2026-01-27 15:58:41 -0600
commite728afe43676ec03821ac9c77c3e45c6a59f8386 (patch)
tree76b0fb414acd4bc7c78e1f5365f288089f48702a /gn_auth/auth
parent36d65f94a3c8792a1aaa1db666d24a5156fc7ecd (diff)
downloadgn-auth-e728afe43676ec03821ac9c77c3e45c6a59f8386.tar.gz
Leave notes for tasks that need doing.
Diffstat (limited to 'gn_auth/auth')
-rw-r--r--gn_auth/auth/authorisation/data/phenotypes.py14


1 files changed, 13 insertions, 1 deletions
diff --git a/gn_auth/auth/authorisation/data/phenotypes.py b/gn_auth/auth/authorisation/data/phenotypes.py
index b1fefec..d484c44 100644
--- a/gn_auth/auth/authorisation/data/phenotypes.py
+++ b/gn_auth/auth/authorisation/data/phenotypes.py
@@ -167,6 +167,7 @@ def unlink_from_resources(
         data_link_ids: tuple[uuid.UUID, ...]
 ) -> tuple[uuid.UUID, ...]:
     """Unlink phenotypes from resources."""
+    # TODO: Delete in batches
     cursor.executemany("DELETE FROM phenotype_resources "
                        "WHERE data_link_id=? RETURNING resource_id",
                        tuple((str(_id),) for _id in data_link_ids))
@@ -178,6 +179,7 @@ def delete_resources(
         resource_ids: tuple[uuid.UUID, ...]
 ) -> tuple[uuid.UUID, ...]:
     """Delete the specified phenotype resources."""
+    # TODO: Delete in batches
     cursor.executemany("DELETE FROM resources "
                        "WHERE resource_id=? RETURNING resource_id",
                        tuple((str(_id),) for _id in resource_ids))
@@ -209,6 +211,7 @@ def delete_linked_data(
         data_link_ids: tuple[uuid.UUID, ...]
 ) -> int:
     """Delete the actual linked data."""
+    # TODO: Delete in batches
     cursor.executemany("DELETE FROM linked_phenotype_data "
                        "WHERE data_link_id=?",
                        tuple((str(_id),) for _id in data_link_ids))
@@ -228,10 +231,17 @@ def delete_linked_phenotypes_data(
     with (require_oauth.acquire("profile group resource") as _token,
           authdb.connection(db_uri) as auth_conn,
           authdb.cursor(auth_conn) as cursor):
+        # TODO: Check for user privileges here.
+        # - Does user have DELETE privilege on system (i.e. is data curator)?
+        #   YES: go ahead and delete data as below.
+        # - Does user have DELETE privilege on resource(s)?
+        #   YES: Delete phenotypes by resource, checking privileges for each
+        #        resource.
+        # - Neither: Raise `AuthorisationError` and bail!
         _deleted = 0
         xref_ids = tuple(request.json.get("xref_ids", []))#type: ignore[union-attr]
         if len(xref_ids) > 0:
-            # TOD0: Introduce background jobs for this.
+            # TODO: Use background job, for huge number of xref_ids
             data_link_ids = fetch_data_link_ids(
                 cursor, species_id, population_id, dataset_id, xref_ids)
             _resources_ids = unlink_from_resources(cursor, data_link_ids)
@@ -239,6 +249,8 @@ def delete_linked_phenotypes_data(
             _deleted = delete_linked_data(cursor, data_link_ids)
 
         return jsonify({
+            # TODO: "status": "sent-to-background"/"completed"/"failed"
+            # TODO: "status-url": <status-check-uri>
             "requested": len(xref_ids),
             "deleted": _deleted
         })

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2026-01-30 06:21:57 +0000