[dataquery/dictionary] Remove instruments and visits that the user doesnt have access to (#9903)

skarya22 · web-flow · commit 7c5810af7322 · 2025-10-30T11:19:54.000-04:00
- Created a function in the User class to getVisits that the user can access based on the Projects they have access to * Resolves #9894
diff --git a/modules/behavioural_qc/php/behavioural.class.inc b/modules/behavioural_qc/php/behavioural.class.inc
@@ -92,7 +92,7 @@ class Behavioural extends \NDB_Page implements ETagCalculator
         ServerRequestInterface $request
     ) : array {
         $user         = $request->getAttribute('user');
-        $visit_array  = \Utility::getVisitList();
+        $visit_array  = $user->getVisits();
         $userProjects = $user->getProjects();
         $projects     = [];
         foreach ($userProjects as $project) {
diff --git a/modules/candidate_list/php/candidate_list.class.inc b/modules/candidate_list/php/candidate_list.class.inc
@@ -70,58 +70,9 @@ class Candidate_List extends \DataFrameworkMenu
      */
     function getFieldOptions() : array
     {
-        $this->loris->getModule('candidate_parameters')->registerAutoloader();
-
-        // create user object
-        $factory = \NDB_Factory::singleton();
-        $user    = $factory->user();
-        $config  = $factory->config();
-
-        // get the list of visit labels
-        $visit_label_options = \Utility::getVisitList();
-
-        // get the list of sites available for the user
-        if ($user->hasPermission('access_all_profiles')) {
-            $list_of_sites = \Utility::getSiteList();
-        } else {
-            $list_of_sites = $user->getStudySites();
-        }
-        $site_options = [];
-        foreach (array_values($list_of_sites) as $name) {
-            $site_options[$name] = $name;
-        }
-
-        // get the list of projects
-        $list_of_projects = \Utility::getProjectList();
-        $project_options  = [];
-        foreach (array_values($list_of_projects) as $name) {
-            $project_options[$name] = $name;
-        }
-
-        // get the list of cohorts
-        $list_of_cohorts = \Utility::getCohortList();
-        $cohort_options  = [];
-        foreach (array_values($list_of_cohorts) as $name) {
-            $cohort_options[$name] = $name;
-        }
-
-        // get the list participant status options
-        $list_of_participant_status
-            = \Candidate::getParticipantStatusOptions();
-        $participant_status_options = [];
-        foreach (array_values($list_of_participant_status) as $name) {
-            $participant_status_options[$name] = $name;
-        }
-
-        return [
-            'visitlabel'        => $visit_label_options,
-            'site'              => $site_options,
-            'project'           => $project_options,
-            'cohort'            => $cohort_options,
-            'participantstatus' => $participant_status_options,
-            'useedc'            => $config->getSetting("useEDC"),
-            'Sex'               => \Utility::getSexList(),
-        ];
+        // To modify the field options,
+        // you must edit getFieldOptions in options.class.inc
+        return [];
     }
 
     /**
diff --git a/modules/candidate_list/php/options.class.inc b/modules/candidate_list/php/options.class.inc
@@ -47,8 +47,8 @@ class Options extends \LORIS\Http\Endpoint
         $user    = $factory->user();
         $config  = $factory->config();
 
-        // get the list of visit labels
-        $visit_label_options = \Utility::getVisitList();
+        // get the list of visit labels that the user has access to
+        $visit_label_options = $user->getVisits();
 
         // get the list of sites available for the user
         if ($user->hasPermission('access_all_profiles')) {
@@ -62,7 +62,8 @@ class Options extends \LORIS\Http\Endpoint
         }
 
         // get the list of projects
-        $list_of_projects = \Utility::getProjectList();
+        // $list_of_projects = \Utility::getProjectList();
+        $list_of_projects = $user->getProjectNames();
         $project_options  = [];
         foreach (array_values($list_of_projects) as $name) {
             $project_options[$name] = $name;
diff --git a/modules/candidate_parameters/php/candidatequeryengine.class.inc b/modules/candidate_parameters/php/candidatequeryengine.class.inc
@@ -250,9 +250,10 @@ class CandidateQueryEngine extends \LORIS\Data\Query\SQLQueryEngine
         if ($item->getScope()->__toString() !== 'session') {
             return [];
         }
+        $user = \NDB_Factory::singleton()->user();
 
         // Session scoped variables: VisitLabel, project, site, cohort
-        return array_keys(\Utility::getVisitList());
+        return array_keys($user->getVisits());
     }
 
     /**
diff --git a/modules/dataquery/php/visitlist.class.inc b/modules/dataquery/php/visitlist.class.inc
@@ -16,6 +16,7 @@ class VisitList extends \NDB_Page
     protected $itemmodule;
     protected $itemcategory;
     protected $dictionaryitem;
+    protected $user;
 
     /**
      * {@inheritDoc}
@@ -28,9 +29,7 @@ class VisitList extends \NDB_Page
     {
         if ($this->dictionaryitem === null) {
             return new \LORIS\Http\Response\JSON\OK(
-                [
-                    'Visits' => array_values(\Utility::getVisitList()),
-                ],
+                ['Visits' => array_values($this->user->getVisits())],
             );
         }
 
@@ -62,6 +61,7 @@ class VisitList extends \NDB_Page
         \User $user,
         ServerRequestInterface $request,
     ) : void {
+        $this->user  = $user;
         $queryparams = $request->getQueryParams();
         if (!isset($queryparams['module']) || !isset($queryparams['item'])) {
             return;
diff --git a/modules/dictionary/php/dictionary.class.inc b/modules/dictionary/php/dictionary.class.inc
@@ -63,7 +63,7 @@ class Dictionary extends \DataFrameworkMenu
             $cohort_options[$name] = $name;
         }
         $visit_options = [];
-        foreach (\Utility::getVisitList() as $visit) {
+        foreach ($user->getVisits() as $visit) {
             $visit_options[$visit] = $visit;
         }
         return [
diff --git a/modules/dictionary/php/module.class.inc b/modules/dictionary/php/module.class.inc
@@ -88,6 +88,18 @@ class Module extends \Module
         $categories  = [];
 
         $categoryitems = [];
+
+        // Get the instruments that the user has access to based on their Projects
+        $userVisits  = $user->getVisits();
+        $instruments = [];
+        foreach ($userVisits as $visitLabel => $_) {
+            $visitInstruments = \Utility::getVisitInstruments($visitLabel);
+            foreach ($visitInstruments as $testName => $fullName) {
+                if (!isset($instruments[$testName])) {
+                    $instruments[$testName] = $fullName;
+                }
+            }
+        }
         foreach ($modules as $module) {
             if ($formodule !== null && $module->getName() !== $formodule) {
                 continue;
@@ -104,6 +116,11 @@ class Module extends \Module
                 $categories[$mname] = [];
 
                 foreach ($mdict as $cat) {
+                    if ($mname === 'instruments'
+                        && !isset($instruments[$cat->getName()])
+                    ) {
+                        continue;
+                    }
                     $categories[$mname][$cat->getName()] = $cat->getDescription();
                     $categoryitems[] = [
                         'Module'   => $module,
diff --git a/modules/electrophysiology_uploader/php/electrophysiology_uploader.class.inc b/modules/electrophysiology_uploader/php/electrophysiology_uploader.class.inc
@@ -77,7 +77,7 @@ class Electrophysiology_Uploader extends \DataFrameworkMenu
 
         return [
             'sites'      => $site_options,
-            'visitLabel' => \Utility::getVisitList(),
+            'visitLabel' => $user->getVisits(),
         ];
     }
 
diff --git a/modules/imaging_browser/php/queryengine.class.inc b/modules/imaging_browser/php/queryengine.class.inc
@@ -357,9 +357,11 @@ class QueryEngine extends \LORIS\Data\Query\SQLQueryEngine
             return $visits;
         }
 
-        // Fall back on all visits if something ends up getting
+        $user = \NDB_Factory::singleton()->user();
+
+        // Fall back on user visits if something ends up getting
         // added that we can't derive the modality of.
-        return array_keys(\Utility::getVisitList());
+        return array_keys($user->getVisits());
     }
 
     /**
diff --git a/modules/imaging_uploader/php/imaging_uploader.class.inc b/modules/imaging_uploader/php/imaging_uploader.class.inc
@@ -160,7 +160,8 @@ class Imaging_Uploader extends \NDB_Menu_Filter_Form
             'N' => 'No',
             'Y' => 'Yes',
         ];
-        $visitlabels   = \Utility::getVisitList();
+        $user          = \NDB_Factory::singleton()->user();
+        $visitlabels   = $user->getVisits();
         // Fields used for selection filter and upload form
         $this->addSelect('IsPhantom', 'Phantom Scans', $phantomOtions);
         $this->addBasicText('candID', 'CandID');
diff --git a/modules/instruments/php/instrumentqueryengine.class.inc b/modules/instruments/php/instrumentqueryengine.class.inc
@@ -182,6 +182,8 @@ class InstrumentQueryEngine implements \LORIS\Data\Query\QueryEngine
         if (isset($this->visitcache[$inst->getName()])) {
             return $this->visitcache[$inst->getName()];
         }
+        $user        = \NDB_Factory::singleton()->user();
+        $user_visits = "('" . join("','", $user->getVisits()) . "')";
 
         $DB     = \NDB_Factory::singleton()->database();
         $visits = $DB->pselectCol(
@@ -191,6 +193,7 @@ class InstrumentQueryEngine implements \LORIS\Data\Query\QueryEngine
                    JOIN session s ON (f.SessionID=s.ID)
                    JOIN candidate c ON (c.ID=s.CandidateID)
                 WHERE s.Active='Y' AND c.Active='Y' and tn.Test_name=:tn
+                AND s.Visit_Label IN $user_visits
             ORDER BY s.Visit_label",
             ['tn' => $inst->getName()]
         );
diff --git a/modules/statistics/jsx/widgets/projects.js b/modules/statistics/jsx/widgets/projects.js
diff --git a/modules/statistics/php/stats_behavioural.class.inc b/modules/statistics/php/stats_behavioural.class.inc
@@ -167,7 +167,7 @@ class Stats_Behavioural extends \NDB_Form
             }
             $Visits = \Utility::getVisitList($currentProject);
         } else {
-            $Visits = \Utility::getVisitList();
+            $Visits = $user->getVisits();
         }
 
         $this->tpl_data['Visits'] = $Visits ?? '';
diff --git a/modules/statistics/php/stats_demographic.class.inc b/modules/statistics/php/stats_demographic.class.inc
@@ -213,7 +213,8 @@ class Stats_Demographic extends \NDB_Form
     function setup()
     {
         parent::setup();
-        $visits = \Utility::getVisitList();
+        $user   = \NDB_Factory::singleton()->user();
+        $visits = $user->getVisits();
         $db     = $this->loris->getDatabaseConnection();
         //This boolean is for optional use by project if the demographics table
         // queries any information from the mri_parameter_form table
diff --git a/php/libraries/User.class.inc b/php/libraries/User.class.inc
@@ -325,7 +325,7 @@ class User extends UserPermissions implements
     }
 
     /**
-     * Get the user's sites' ID numbers
+     * Get the names of projects accessible to the user
      *
      * @return array
      */
@@ -338,6 +338,38 @@ class User extends UserPermissions implements
         return explode(';', $projects);
     }
 
+    /**
+     * Get the visits the User has access to
+     * through their projects and their cohorts.
+     *
+     * @return array of study visits in the format array('VL' => 'VL')
+     *         where VL is the visit label
+     */
+    public function getVisits(): array
+    {
+        $visit_labels   = [];
+        $userProjectIDs = $this->getProjectIDs();
+
+        $factory = \NDB_Factory::singleton();
+        $DB      = $factory->database();
+
+        // Get VisitController instance
+        $visitController        = new \LORIS\VisitController($DB);
+        $allVisitsProjectCohort = $visitController->getVisitsProjectCohort();
+
+        foreach ($allVisitsProjectCohort as [$visit, $projectID]) {
+            // Check if user has access to this project
+            if (in_array(\ProjectID::singleton($projectID), $userProjectIDs)) {
+                $visitLabel = $visit->getName();
+                if (!in_array($visitLabel, $visit_labels)) {
+                    $visit_labels[$visitLabel] = $visitLabel;
+                }
+            }
+        }
+
+        return $visit_labels;
+    }
+
     /**
      * Get the user's sites' ID numbers
      *
diff --git a/php/libraries/VisitController.class.inc b/php/libraries/VisitController.class.inc
@@ -155,15 +155,15 @@ class VisitController
         return array_map(
             function ($row) {
                 return [
-                    new \LORIS\Visit($row['name'], $row['ID']),
+                    new \LORIS\Visit($row['name'], $row['label']),
                     $row['project'],    // will be modified to object when
                     $row['cohort'], // available
                 ];
             },
             iterator_to_array(
                 $this->database->pselect(
                     'SELECT
-                  v.VisitID as "ID",
+                  v.VisitLabel as "label",
                   v.VisitName as "name",
                   psr.ProjectID as "project",
                   psr.CohortID as "cohort"
@@ -175,7 +175,7 @@ class VisitController
                  JOIN
                   project_cohort_rel psr
                  ON vps.ProjectCohortRelID = psr.ProjectCohortRelID
-                ORDER BY ID, project, cohort
+                ORDER BY label, project, cohort
                 ',
                     []
                 )
diff --git a/raisinbread/RB_files/RB_test_names.sql b/raisinbread/RB_files/RB_test_names.sql
@@ -5,6 +5,6 @@ INSERT INTO `test_names` (`ID`, `Test_name`, `Full_name`, `Sub_group`, `IsDirect
 INSERT INTO `test_names` (`ID`, `Test_name`, `Full_name`, `Sub_group`, `IsDirectEntry`) VALUES (2,'bmi','BMI Calculator',1,1);
 INSERT INTO `test_names` (`ID`, `Test_name`, `Full_name`, `Sub_group`, `IsDirectEntry`) VALUES (3,'medical_history','Medical History',1,1);
 INSERT INTO `test_names` (`ID`, `Test_name`, `Full_name`, `Sub_group`, `IsDirectEntry`) VALUES (4,'mri_parameter_form','MRI Parameter Form',2,NULL);
-INSERT INTO `test_names` (`ID`, `Test_name`, `Full_name`, `Sub_group`, `IsDirectEntry`) VALUES (6,'aosi','AOSI',1,NULL);
+INSERT INTO `test_names` (`ID`, `Test_name`, `Full_name`, `Sub_group`, `IsDirectEntry`) VALUES (5,'aosi','AOSI',1,NULL);
 UNLOCK TABLES;
 SET FOREIGN_KEY_CHECKS=1;

Original file line number	Diff line number	Diff line change
`@@ -250,9 +250,10 @@ class CandidateQueryEngine extends \LORIS\Data\Query\SQLQueryEngine`
`250`	`250`	`if ($item->getScope()->__toString() !== 'session') {`
`251`	`251`	`return [];`
`252`	`252`	`}`
	`253`	`+ $user = \NDB_Factory::singleton()->user();`
`253`	`254`
`254`	`255`	`// Session scoped variables: VisitLabel, project, site, cohort`
`255`		`- return array_keys(\Utility::getVisitList());`
	`256`	`+ return array_keys($user->getVisits());`
`256`	`257`	`}`
`257`	`258`
`258`	`259`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -63,7 +63,7 @@ class Dictionary extends \DataFrameworkMenu`
`63`	`63`	`$cohort_options[$name] = $name;`
`64`	`64`	`}`
`65`	`65`	`$visit_options = [];`
`66`		`- foreach (\Utility::getVisitList() as $visit) {`
	`66`	`+ foreach ($user->getVisits() as $visit) {`
`67`	`67`	`$visit_options[$visit] = $visit;`
`68`	`68`	`}`
`69`	`69`	`return [`
Original file line number	Diff line number	Diff line change
`@@ -77,7 +77,7 @@ class Electrophysiology_Uploader extends \DataFrameworkMenu`
`77`	`77`
`78`	`78`	`return [`
`79`	`79`	`'sites' => $site_options,`
`80`		`- 'visitLabel' => \Utility::getVisitList(),`
	`80`	`+ 'visitLabel' => $user->getVisits(),`
`81`	`81`	`];`
`82`	`82`	`}`
`83`	`83`
Original file line number	Diff line number	Diff line change
`@@ -357,9 +357,11 @@ class QueryEngine extends \LORIS\Data\Query\SQLQueryEngine`
`357`	`357`	`return $visits;`
`358`	`358`	`}`
`359`	`359`
`360`		`- // Fall back on all visits if something ends up getting`
	`360`	`+ $user = \NDB_Factory::singleton()->user();`
	`361`	`+`
	`362`	`+ // Fall back on user visits if something ends up getting`
`361`	`363`	`// added that we can't derive the modality of.`
`362`		`- return array_keys(\Utility::getVisitList());`
	`364`	`+ return array_keys($user->getVisits());`
`363`	`365`	`}`
`364`	`366`
`365`	`367`	`/**`