From 7ad96ad58aff541f007a599bac56a5e4ae48f468 Mon Sep 17 00:00:00 2001
From: Florian M <florian@scm.io>
Date: Mon, 15 Feb 2021 14:39:04 +0100
Subject: [PATCH 1/2] Allow accessing dataset admin view configuration via
 sharing token

---
 app/controllers/ConfigurationController.scala       | 9 ++++++---
 conf/webknossos.latest.routes                       | 2 +-
 frontend/javascripts/admin/admin_rest_api.js        | 4 +++-
 frontend/javascripts/oxalis/model_initialization.js | 1 +
 4 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/app/controllers/ConfigurationController.scala b/app/controllers/ConfigurationController.scala
index b3c15c68dfd..33db5f87502 100755
--- a/app/controllers/ConfigurationController.scala
+++ b/app/controllers/ConfigurationController.scala
@@ -5,7 +5,7 @@ import com.scalableminds.util.accesscontext.GlobalAccessContext
 import models.binary.{DataSetDAO, DataSetService}
 import models.configuration.{DataSetConfigurationService, UserConfiguration}
 import models.user.UserService
-import oxalis.security.WkEnv
+import oxalis.security.{URLSharing, WkEnv}
 import play.api.i18n.Messages
 import play.api.libs.json.JsObject
 import play.api.libs.json.Json._
@@ -40,8 +40,9 @@ class ConfigurationController @Inject()(
     }
   }
 
-  def readDataSetViewConfiguration(organizationName: String, dataSetName: String) =
+  def readDataSetViewConfiguration(organizationName: String, dataSetName: String, sharingToken: Option[String]) =
     sil.UserAwareAction.async(validateJson[List[String]]) { implicit request =>
+      val ctx = URLSharing.fallbackTokenAccessContext(sharingToken)
       request.identity.toFox
         .flatMap(
           user =>
@@ -49,7 +50,9 @@ class ConfigurationController @Inject()(
               .getDataSetViewConfigurationForUserAndDataset(request.body, user, dataSetName, organizationName)(
                 GlobalAccessContext))
         .orElse(
-          dataSetConfigurationService.getDataSetViewConfigurationForDataset(request.body, dataSetName, organizationName)
+          dataSetConfigurationService.getDataSetViewConfigurationForDataset(request.body,
+                                                                            dataSetName,
+                                                                            organizationName)(ctx)
         )
         .getOrElse(Map.empty)
         .map(configuration => Ok(toJson(configuration)))
diff --git a/conf/webknossos.latest.routes b/conf/webknossos.latest.routes
index bd620551a1c..677cd8a91e2 100644
--- a/conf/webknossos.latest.routes
+++ b/conf/webknossos.latest.routes
@@ -30,7 +30,7 @@ POST          /auth/createOrganizationWithAdmin
 # Configurations
 GET           /user/userConfiguration                                           controllers.ConfigurationController.read
 PUT           /user/userConfiguration                                           controllers.ConfigurationController.update
-POST          /dataSetConfigurations/:organizationName/:dataSetName             controllers.ConfigurationController.readDataSetViewConfiguration(organizationName: String, dataSetName: String)
+POST          /dataSetConfigurations/:organizationName/:dataSetName             controllers.ConfigurationController.readDataSetViewConfiguration(organizationName: String, dataSetName: String, sharingToken: Option[String])
 PUT           /dataSetConfigurations/:organizationName/:dataSetName             controllers.ConfigurationController.updateDataSetViewConfiguration(organizationName: String, dataSetName: String)
 GET           /dataSetConfigurations/default/:organizationName/:dataSetName     controllers.ConfigurationController.readDataSetAdminViewConfiguration(organizationName: String, dataSetName: String)
 PUT           /dataSetConfigurations/default/:organizationName/:dataSetName     controllers.ConfigurationController.updateDataSetAdminViewConfiguration(organizationName: String, dataSetName: String)
diff --git a/frontend/javascripts/admin/admin_rest_api.js b/frontend/javascripts/admin/admin_rest_api.js
index 8fa4255523b..989aad846d2 100644
--- a/frontend/javascripts/admin/admin_rest_api.js
+++ b/frontend/javascripts/admin/admin_rest_api.js
@@ -873,9 +873,11 @@ export function updateDataset(datasetId: APIDatasetId, dataset: APIDataset): Pro
 export async function getDatasetViewConfiguration(
   dataset: APIDataset,
   displayedVolumeTracings: Array<string>,
+  sharingToken?: ?string,
 ): Promise<DatasetConfiguration> {
+  const sharingTokenSuffix = sharingToken != null ? `?sharingToken=${sharingToken}` : "";
   const settings = await Request.sendJSONReceiveJSON(
-    `/api/dataSetConfigurations/${dataset.owningOrganization}/${dataset.name}`,
+    `/api/dataSetConfigurations/${dataset.owningOrganization}/${dataset.name}${sharingTokenSuffix}`,
     {
       data: displayedVolumeTracings,
       method: "POST",
diff --git a/frontend/javascripts/oxalis/model_initialization.js b/frontend/javascripts/oxalis/model_initialization.js
index ee649af4217..0242c453f7e 100644
--- a/frontend/javascripts/oxalis/model_initialization.js
+++ b/frontend/javascripts/oxalis/model_initialization.js
@@ -126,6 +126,7 @@ export async function initialize(
   const initialDatasetSettings = await getDatasetViewConfiguration(
     dataset,
     displayedVolumeTracings,
+    getSharingToken(),
   );
   initializeSettings(initialUserSettings, initialDatasetSettings);
 

From e47dcf821ca550ae0b86ef05055c13f571041744 Mon Sep 17 00:00:00 2001
From: Florian M <florian@scm.io>
Date: Mon, 15 Feb 2021 14:40:52 +0100
Subject: [PATCH 2/2] changelog

---
 CHANGELOG.unreleased.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.unreleased.md b/CHANGELOG.unreleased.md
index 97f644afb85..c948313d604 100644
--- a/CHANGELOG.unreleased.md
+++ b/CHANGELOG.unreleased.md
@@ -30,6 +30,7 @@ For upgrade instructions, please check the [migration guide](MIGRATIONS.released
 - Fixed a bug where the listing of users that have open tasks of a project failed. [#5115](https://github.com/scalableminds/webknossos/pull/5115)
 - Fixed some scenarios where the Meshes tab could cause errors (e.g., when the UI was used but no segmentation layer was available). [#5142](https://github.com/scalableminds/webknossos/pull/5142)
 - Fixed a bug where the user (and telemetry) would get a cryptic error message when trying to register with an email that is already in use. [#5152](https://github.com/scalableminds/webknossos/pull/5152)
+- Fixed a bug where default dataset configuration could not be loaded if a dataset was accessed via sharing token [#5164](https://github.com/scalableminds/webknossos/pull/5164)
 
 ### Removed
 - Support for KNOSSOS cubes data format was removed. Use the [webKnossos cuber](https://github.com/scalableminds/webknossos-cuber) tool to convert existing datasets saved as KNOSSOS cubes. [#5085](https://github.com/scalableminds/webknossos/pull/5085)