Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Imaging] Sites/Project/subproject filters and permission #7402

Closed
wants to merge 3 commits into from
Closed

[Imaging] Sites/Project/subproject filters and permission #7402

wants to merge 3 commits into from

Conversation

laemtl
Copy link
Contributor

@laemtl laemtl commented Mar 18, 2021
edited
Loading

This PR:

  1. modifies the way project/subproject/site filters are populated. Now those filters are displayed with values the current user has permission for.
  2. fixed the MRI violations data table to remove entries for Projects and Sites the user does not have access to.
  3. add some integration tests

Note:
The permission imaging_browser_qc was removed from imaging_qc.class.inc. This permission is not documented for this module and permission's description refers to the imaging_browser module. Can a senior developer confirm if documentation needs to be updated instead?

To test

  • Visit all the modules and check that all data entries belong to sites and projects the user has access to.
  • Visit all the modules and check that the site/project/subproject menu filters contain entries the user has access to.
  • Modified modules:
    • imaging_browser
    • imaging_qc
    • mri_violations
    • imaging_uploader

Resolves #6691
Related to #6829
Replace #6729

@laemtl laemtl added State: Blocked PR or issue awaiting an external event such as the merge or another PR to proceed Category: Bug PR or issue that aims to report or fix a bug Category: Feature PR or issue that aims to introduce a new feature Category: Security PR or issue that aims to improve security labels Mar 18, 2021
@laemtl laemtl force-pushed the 2021-03-18-Imaging-User-Project-filter branch from 2913594 to abc4135 Compare March 18, 2021 19:59
@laemtl laemtl removed the State: Blocked PR or issue awaiting an external event such as the merge or another PR to proceed label Mar 18, 2021
@laemtl laemtl force-pushed the 2021-03-18-Imaging-User-Project-filter branch from abc4135 to d91c88b Compare March 18, 2021 20:25
laemtl added a commit to laemtl/Loris that referenced this pull request Mar 18, 2021
@laemtl
Imaging files removal (migrated in aces#7402)
1792024
@laemtl laemtl force-pushed the 2021-03-18-Imaging-User-Project-filter branch from d91c88b to 46f3650 Compare March 19, 2021 01:58
@laemtl
Copy link
Contributor Author

laemtl commented Mar 19, 2021
edited
Loading

@nicolasbrossard Do you have time to review? This PR regroups the imaging modules from #6836 (and is therefore easier to test 😊).

cmadjar
cmadjar reviewed Mar 24, 2021
View reviewed changes
Copy link
Collaborator

@cmadjar cmadjar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@laemtl I did not test this yet as it needs to be rebased. I can test it once this is rebased. Just let me know when ready :).

I just looked at the code. See attached comment in my review.

modules/imaging_qc/php/imaging_qc.class.inc Outdated
];
$this->fieldOptions = [

'site' => $this->getSiteOptions(false, []),
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is the array of getSiteOptions empty here? Or is it using access_all_profiles by default?

Is there no module permissions for imaging_qc? I don't know very well that module or what should be its behaviour in terms of permissions. @ridz1208, do you know?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@cmadjar Rebased !

Copy link
Contributor Author

@laemtl laemtl Mar 24, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And yes, getOptions have default values:

public function getSiteOptions(
        bool $numeric_keys = true,
        array $allsitesPermission = ['access_all_profiles'],
        bool $study_site = true
)

$allsitesPermission is empty here because there is no allsitesPermission for this module (see my comment in the description of the PR about permission imaging_browser_qc).

@laemtl laemtl force-pushed the 2021-03-18-Imaging-User-Project-filter branch from 46f3650 to 5f3b11e Compare March 24, 2021 17:40
cmadjar
cmadjar requested changes Apr 6, 2021
View reviewed changes
Copy link
Collaborator

@cmadjar cmadjar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@laemtl Thank you for the rebase!

Tests done:

  • imaging browser: all good 👍
  • imaging uploader: on RB data, if my user belongs to project Rye and site Ottawa, I should not have any entries displayed in the table. If I click on the link that redirects to the imaging browser, it tells me (rightfully) that I do not have the permission to access this data so I should not be able to see entries in imaging upload for project Rye, site Ottawa.
  • MRI violations: for the site, I see several options: All (including unknown), All (excluding unknown), Unknown and site belonging to user. Shouldn't it be the same for Project?
  • imaging QC: in the data table, I can see entries that do not belong to my user's project. For example: my user belongs to site Ottawa and Project Rye but it can see in the data table entries for project Pumpernickel as well.

@laemtl laemtl added the State: Needs work PR awaiting additional work by the author to proceed label Apr 14, 2021
@cmadjar
Copy link
Collaborator

cmadjar commented Jun 8, 2021

@laemtl I think the ball is in your court on this one. Let me know when ready for another review. Thanks!

@laemtl laemtl added the State: Needs rebase PR that needs to be rebased to proceed (conflicts, wrong branch...) label Jun 17, 2021
laemtl added a commit to laemtl/Loris that referenced this pull request Aug 16, 2021
@laemtl
Imaging files removal (migrated in aces#7402)
ae38fa4
laemtl added a commit to laemtl/Loris that referenced this pull request Aug 16, 2021
@laemtl
Imaging files removal (migrated in aces#7402)
5aa89fa
@laemtl laemtl mentioned this pull request Aug 16, 2021
Closed
@laemtl
Copy link
Contributor Author

laemtl commented Aug 17, 2021

@cmadjar Your comments are addressed except this one:

MRI violations: for the site, I see several options: All (including unknown), All (excluding unknown), Unknown and site belonging to user. Shouldn't it be the same for Project?

Can you add a discussion point for next Loris meeting?

@laemtl laemtl force-pushed the 2021-03-18-Imaging-User-Project-filter branch from 8dd93d2 to 936665e Compare August 17, 2021 18:12
@laemtl laemtl removed the State: Needs work PR awaiting additional work by the author to proceed label Aug 17, 2021
@laemtl laemtl force-pushed the 2021-03-18-Imaging-User-Project-filter branch from 936665e to c483ca7 Compare August 17, 2021 21:06
@laemtl laemtl removed the State: Needs rebase PR that needs to be rebased to proceed (conflicts, wrong branch...) label Aug 17, 2021
@laemtl laemtl force-pushed the 2021-03-18-Imaging-User-Project-filter branch 3 times, most recently from fe6b0b2 to 1d79899 Compare August 18, 2021 00:28
@laemtl laemtl force-pushed the 2021-03-18-Imaging-User-Project-filter branch 3 times, most recently from 539d037 to 4864d1f Compare August 18, 2021 02:19
@laemtl laemtl force-pushed the 2021-03-18-Imaging-User-Project-filter branch from 4864d1f to 9b14015 Compare August 18, 2021 03:02
@laemtl laemtl mentioned this pull request Jan 17, 2023
Open
@laemtl laemtl linked an issue Jan 17, 2023 that may be closed by this pull request
[imaging_browser] The project dropdown filter is showing projects the user don't have access to. #7874
Open
@laemtl laemtl added this to the 25.0.0 milestone Feb 28, 2023
@laemtl laemtl added State: Needs work PR awaiting additional work by the author to proceed State: Blocked PR or issue awaiting an external event such as the merge or another PR to proceed labels Mar 16, 2023
@laemtl laemtl added the State: Needs rebase PR that needs to be rebased to proceed (conflicts, wrong branch...) label Apr 4, 2023
@laemtl laemtl removed this from the 25.0.0 milestone Apr 4, 2023
@laemtl laemtl closed this Apr 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cmadjar cmadjar cmadjar requested changes

Assignees

@laemtl laemtl

Labels
Category: Bug PR or issue that aims to report or fix a bug Category: Feature PR or issue that aims to introduce a new feature Category: Security PR or issue that aims to improve security State: Blocked PR or issue awaiting an external event such as the merge or another PR to proceed State: Needs rebase PR that needs to be rebased to proceed (conflicts, wrong branch...) State: Needs work PR awaiting additional work by the author to proceed
Projects
None yet
Milestone
No milestone
2 participants
@laemtl @cmadjar