Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix: hide private ontologies for non admin users in groups controller #113

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 6 additions & 2 deletions controllers/categories_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -13,16 +13,18 @@ class CategoriesController < ApplicationController
# Display all categories
get do
check_last_modified_collection(LinkedData::Models::Category)
categories = Category.where.include(Category.goo_attrs_to_load(includes_param)).to_a
categories = Category.where.include(*Category.goo_attrs_to_load(includes_param), ontologies: [:viewingRestriction]).to_a
categories = reject_private_ontologies(categories) unless current_user.admin?
reply categories
end

# Display a single category
get '/:acronym' do
check_last_modified_collection(LinkedData::Models::Category)
acronym = params["acronym"]
category = Category.find(acronym).include(Category.goo_attrs_to_load(includes_param)).first
category = Category.find(acronym).include(*Category.goo_attrs_to_load(includes_param), ontologies: [:viewingRestriction]).first
error 404, "Category #{acronym} not found" if category.nil?
category = reject_private_ontologies([category]).first unless current_user.admin?
reply 200, category
end

Expand Down Expand Up @@ -82,5 +84,7 @@ def create_category
end
reply 201, category
end


end
end
8 changes: 6 additions & 2 deletions controllers/groups_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -13,16 +13,18 @@ class GroupsController < ApplicationController
# Display all groups
get do
check_last_modified_collection(LinkedData::Models::Group)
groups = Group.where.include(Group.goo_attrs_to_load(includes_param)).to_a
groups = Group.where.include(*Group.goo_attrs_to_load(includes_param), ontologies: [:viewingRestriction]).to_a
groups = reject_private_ontologies(groups) unless current_user.admin?
reply groups
end

# Display a single group
get '/:acronym' do
check_last_modified_collection(LinkedData::Models::Group)
acronym = params["acronym"]
g = Group.find(acronym).include(Group.goo_attrs_to_load(includes_param)).first
g = Group.find(acronym).include(*Group.goo_attrs_to_load(includes_param), ontologies: [:viewingRestriction]).first
error 404, "Group #{acronym} not found" if g.nil?
g = reject_private_ontologies([g]).first unless current_user.admin?
reply 200, g
end

Expand Down Expand Up @@ -81,5 +83,7 @@ def create_group
end
reply 201, group
end


end
end
9 changes: 9 additions & 0 deletions helpers/ontology_helper.rb
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,15 @@ def add_file_to_submission(ont, submission)
end
return filename, tmpfile
end

# reject private ontologies in groups and categories
def reject_private_ontologies(items)
items.each do |item|
public_ontologies = item.ontologies.reject { |ontology| ontology.viewingRestriction == "private" }
item.instance_variable_set(:@ontologies, public_ontologies)
end
end

end
end
end
Expand Down
Loading