REST API microservice enabling HTTP clients to view and manage user access to study datasets.
These concepts apply to curated studies, but might eventually apply also to individual and community studies uploaded directly by endusers.
Studies may be: pubic, prerelease, private, controlled, and protected. Some require that the user sends a request for access (they will be prompted when attempting the action):
No request access needed or offered:
-
public: access to all functionality by default
-
prerelease: no request access mechanism offered. you see the study page
Request access needed:
-
private: request access to explore the data, analyze it and download (by default you only can see the study page)
-
controlled or protected: request access to download.
In controlled studies the user will be allowed to access the data automatically upon request submission, while in protected and private studies there will be human intervention in the decision.
There are 3 tables in accountDB (shared by prod and qa sites) for 3 types of users:
-
a staff member will have access to all studies, and if "owner" (bad name) they can access the dashboard and update the database with many possible actions affecting any of the 3 tables.
-
an end user : they ask for permission to access a study (that is how they become a row in the table), and we (staff owner or provider) approve or deny access.
-
a provider is a user who owns the data for a given study, there could be several providers, and if "is_manager", then this provider can add/remove other providers.
Used to authenticate user WDK session token values.
Value must be the MD5 hash of the entire salt file used by WDK sites.
CLI |
|
|---|---|
ENV |
|
Defines the LDAP server(s) that are used to look up Oracle connection details.
Individual values must be formatted as <host.addr>:<port>, for example
ldap.mysite.org:123.
Multiple servers may be specified using a comma to separate them:
ldap1.mysite.org:123,ldap2.mysite.org:123
CLI |
|
|---|---|
ENV |
|
The base context in which Oracle database TNS Names will be resolved.
Required if the web service connects to Oracle database(s) using a TNS Name rather than individual connection details.
cn=OracleContext,cn=MyTnsName,dc=Some,dc=Domain,dc=Component
CLI |
|
|---|---|
ENV |
|
Sets the TNS Name to use when connecting to an Oracle application DB instance.
CLI |
|
|---|---|
ENV |
|
Sets the connection username for the application DB that this web service will connect to.
CLI |
|
|---|---|
ENV |
|
Sets the connection password for the application DB that this web service will connect to.
ENV |
|
|---|
Sets the TNS Name to use when connecting to an Oracle account DB instance.
CLI |
|
|---|---|
ENV |
|
Sets the connection username for the account DB that this web service will connect to.
CLI |
|
|---|---|
ENV |
|
Sets the connection password for the account DB that this web service will connect to.
ENV |
|
|---|
Used for sending emails this service will generate.
CLI |
|
|---|---|
ENV |
|
Used to set the ReplyTo value on emails sent from this service.
CLI |
|
|---|---|
ENV |
|
Used to configure the port the web server to listens to.
Defaults to port 80 if unset.
CLI |
|
|---|---|
ENV |
|
Sets the connection pool size for the application DB that this web service will connect to.
Defaults to 20
CLI |
|
|---|---|
ENV |
|
Sets the connection pool size for the account DB that this web service will connect to.
Defaults to 20
CLI |
|
|---|---|
ENV |
|
Sets the javax.mail.Session property mail.debug.
Defaults to false.
CLI |
|
|---|---|
ENV |
|
Path to the registration client component relative to the site URL.
Defaults to /app/user/registration.
CLI |
|
|---|---|
ENV |
|
# Required #############################
AUTH_SECRET_KEY=
LDAP_SERVER=
ORACLE_BASE_DN=
APP_DB_TNS_NAME=
APP_DB_USER=
APP_DB_PASS=
ACCT_DB_TNS_NAME=
ACCT_DB_USER=
ACCT_DB_PASS=
SMTP_HOST=
SUPPORT_EMAIL=
SITE_URL=
# Optional #############################
#SERVER_PORT=80
#APP_DB_POOL_SIZE=20
#ACCT_DB_POOL_SIZE=20
#EMAIL_DEBUG=false
#REGISTRATION_PATH=/app/user/registration
#APPLICATION_PATH=/app/study-access