Skip to content

Commit

Permalink
Merge pull request #2 from uc-cdis/fix/final-global-sharing
Browse files Browse the repository at this point in the history
Fix/final global sharing
  • Loading branch information
rkboyce authored May 16, 2024
2 parents 0493316 + 0946559 commit ca11cc3
Show file tree
Hide file tree
Showing 5 changed files with 39 additions and 86 deletions.
5 changes: 2 additions & 3 deletions js/components/security/access/configure-access-modal.html
Original file line number Diff line number Diff line change
Expand Up @@ -92,15 +92,14 @@
<label data-bind="css: classes('new-access-label'), text: ko.i18n('common.configureAccessModal.globalReadStatus', 'Status of global READ access:')"></label>
<div/>
<div class="btn-group" data-toggle="buttons">
<label data-bind="css: { active: !shareFlag()},
<label data-bind="css: { active: shareFlag()},
click: function () { shareFlag(false); grantGlobalReadAccess();},
clickBubble: false,
text: ko.i18n('common.configureAccessModal.globalReadStatusNotGranted', 'Granted')
"
class="btn btn-primary",
/>
<label data-bind="css: {
active: shareFlag()},
<label data-bind="css: { active: !shareFlag()},
click: function () { shareFlag(true); revokeGlobalReadAccess();},
clickBubble: false,
text: ko.i18n('common.configureAccessModal.globalReadStatusIsGranted', 'Not Granted')
Expand Down
28 changes: 9 additions & 19 deletions js/pages/cohort-definitions/cohort-definition-manager.js
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ define(['jquery', 'knockout', 'text!./cohort-definition-manager.html',
'appConfig',
'components/cohortbuilder/CohortDefinition',
'services/CohortDefinition',
'services/ShareRoleCheck',
'services/MomentAPI',
'services/ConceptSet',
'services/Permission',
Expand Down Expand Up @@ -66,8 +65,7 @@ define(['jquery', 'knockout', 'text!./cohort-definition-manager.html',
view,
config,
CohortDefinition,
cohortDefinitionService,
shareRoleCheck,
cohortDefinitionService,
momentApi,
conceptSetService,
PermissionService,
Expand Down Expand Up @@ -201,22 +199,14 @@ define(['jquery', 'knockout', 'text!./cohort-definition-manager.html',
this.authApi = authApi;
this.config = config;

this.enablePermissionManagement = ko.observable(false);
this.enablePermissionManagement(config.enablePermissionManagement);

this.userCanShare = ko.observable(false);
if (config.permissionManagementRoleId === "") {
this.userCanShare(true);
} else {
shareRoleCheck.checkIfRoleCanShare(authApi.subject(), config.permissionManagementRoleId)
.then(res=>{
this.userCanShare(res);
})
.catch(error => {
console.error(error);
alert(ko.i18n('cohortDefinitions.cohortDefinitionManager.shareRoleCheck', 'Error when determining if user can share cohorts')());
});
}
this.enablePermissionManagement = ko.observable(config.enablePermissionManagement);
if (config.enablePermissionManagement) {
this.userCanShare = ko.observable(
!config.limitedPermissionManagement ||
authApi.isPermittedGlobalShareCohort());
} else {
this.userCanShare = ko.observable(false);
}

this.relatedSourcecodesOptions = globalConstants.relatedSourcecodesOptions;
this.commonUtils = commonUtils;
Expand Down
31 changes: 10 additions & 21 deletions js/pages/concept-sets/conceptset-manager.js
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,7 @@ define([
'./const',
'const',
'components/conceptset/utils',
'services/Vocabulary',
'services/ShareRoleCheck',
'services/Vocabulary',
'services/Permission',
'services/Tags',
'components/security/access/const',
Expand Down Expand Up @@ -56,8 +55,7 @@ define([
constants,
globalConstants,
utils,
vocabularyAPI,
shareRoleCheck,
vocabularyAPI,
GlobalPermissionService,
TagsService,
{ entityType },
Expand Down Expand Up @@ -177,24 +175,15 @@ define([
return this.currentConceptSet() && this.currentConceptSet().id > 0;
});

this.enablePermissionManagement = ko.observable(false);
this.enablePermissionManagement(config.enablePermissionManagement);

this.userCanShare = ko.observable(false);
if (config.permissionManagementRoleId === "") {
this.userCanShare(true);
} else {
shareRoleCheck.checkIfRoleCanShare(authApi.subject(), config.permissionManagementRoleId)
.then(res=>{
this.userCanShare(res);
})
.catch(error => {
console.error(error);
alert(ko.i18n('conceptSets.conceptSetManager.shareRoleCheck', 'Error when determining if user can share concept sets')());
});
}
this.enablePermissionManagement = ko.observable(config.enablePermissionManagement);
if (config.enablePermissionManagement) {
this.userCanShare = ko.observable(
!config.limitedPermissionManagement ||
authApi.isPermittedGlobalShareCohort());
} else {
this.userCanShare = ko.observable(false);
}


this.isSaving = ko.observable(false);
this.isDeleting = ko.observable(false);
this.isOptimizing = ko.observable(false);
Expand Down
29 changes: 18 additions & 11 deletions js/services/AuthAPI.js
Original file line number Diff line number Diff line change
Expand Up @@ -395,6 +395,12 @@ define(function(require, exports) {
return isPermitted('cohortdefinition:' + id + ':copy:get');
}

var isPermittedGlobalShareCohort = function() {
// special * permission (intended for admins) that allows the
// user to share any cohort with a "global reader role":
return isPermitted('cohortdefinition:global:share:put');
}

var isPermittedUpdateCohort = function(id) {
var permission = 'cohortdefinition:' + id + ':put';
return isPermitted(permission);
Expand All @@ -407,17 +413,17 @@ define(function(require, exports) {
}

var isPermittedGenerateCohort = function(cohortId, sourceKey) {
var v = isPermitted('cohortdefinition:' + cohortId + ':generate:' + sourceKey + ':get') &&
isPermitted('cohortdefinition:' + cohortId + ':info:get');

// By default, everyone can generate any artifact they have
// permission to read. If a permissionManagementRoleId has
// been assigned, (non- empty string assignment), the default
// generate functionality is not desired. Rather, users will have to
// have a role that allows them to update the specific cohort definition.
if (config.permissionManagementRoleId !== ""){
v = v && isPermitted('cohortdefinition:' + cohortId + ':put')
}
var v = isPermitted('cohortdefinition:' + cohortId + ':generate:' + sourceKey + ':get') &&
isPermitted('cohortdefinition:' + cohortId + ':info:get');

// By default, everyone can generate any artifact they have
// permission to read. If limitedPermissionManagement has
// been set to true, the default
// generate functionality is not desired. Rather, users will have to
// have a permission that allows them to update the specific cohort definition.
if (config.limitedPermissionManagement){
v = v && isPermitted('cohortdefinition:' + cohortId + ':put')
}
return v
}

Expand Down Expand Up @@ -586,6 +592,7 @@ define(function(require, exports) {
isPermittedReadCohort: isPermittedReadCohort,
isPermittedCreateCohort: isPermittedCreateCohort,
isPermittedCopyCohort: isPermittedCopyCohort,
isPermittedGlobalShareCohort: isPermittedGlobalShareCohort,
isPermittedUpdateCohort: isPermittedUpdateCohort,
isPermittedDeleteCohort: isPermittedDeleteCohort,
isPermittedGenerateCohort: isPermittedGenerateCohort,
Expand Down
32 changes: 0 additions & 32 deletions js/services/ShareRoleCheck.js

This file was deleted.

0 comments on commit ca11cc3

Please sign in to comment.