Add module-specific permissions for Survey, Imaging QC, Behavioural QC

CHANGELOG.md

@@ -13,7 +13,8 @@ changes in the following format: PR #1234***
 #### Features
 - *Add item here*
 #### Updates and Improvements
-- *Add item here*
+- Module-specific permissions added for Survey Accounts, Imaging Behavioural
+Quality Control, and Behavioural Quality Control. (PR #6041)
 #### Bug Fixes
 - *Add item here*
 ### Modules
@@ -111,4 +112,3 @@ be used by projects having custom modules not in LORIS. (PR #5913)
 - Config files for static analysis have been moved to the `test/` directory. (PR #5871)
 - Dashboard was refactored to turn panels into module widgets. (PR #5896)
 - Add CSSGrid component type (PR #6090)
-

SQL/0000-00-01-Permission.sql

@@ -75,7 +75,6 @@ INSERT INTO `permissions` VALUES
     (25,'dicom_archive_view_allsites', 'Across all sites view Dicom Archive module and pages', '2'),
     (28,'instrument_builder', 'Instrument Builder: Create and Edit instrument forms', '2'),
     (29,'data_dict_edit','Edit Data Dictionary','2'),
-    (30,'quality_control','Quality Control access','2'),
     (31,'candidate_parameter_view','View Candidate Parameters','2'),
     (32,'candidate_parameter_edit','Edit Candidate Parameters','2'),
     (33,'genomic_browser_view_site','View Genomic Browser data from own site','2'),
@@ -111,7 +110,10 @@ INSERT INTO `permissions` VALUES
     (63,'module_manager_edit', 'Module Manager: edit installed modules', 2),
     (64,'candidate_dod_edit', 'Edit dates of death', 2),
     (65,'violated_scans_view_ownsite','Violated Scans: View Violated Scans from own site','2'),
-    (66,'document_repository_edit','Document Repository: Edit and Upload','2');
+    (66,'document_repository_edit','Document Repository: Edit and Upload','2'),
+    (67,'survey_accounts_view', 'Survey Accounts: View module', 2),
+    (68,'imaging_quality_control_view','Imaging Quality Control: View module','2'),
+    (69,'behavioural_quality_control_view','Behavioural Quality Control: View module','2');
 
 INSERT INTO `user_perm_rel` (userID, permID)
   SELECT u.ID, p.permID

SQL/New_patches/2020-02-10_NewModulePermissions.sql

@@ -0,0 +1,10 @@
+INSERT INTO permissions (code,description,categoryID) VALUES
+('imaging_quality_control_view','Imaging Quality Control: View module',(SELECT ID FROM permissions_category WHERE Description='Permission'));
+INSERT INTO permissions (code,description,categoryID) VALUES
+('behavioural_quality_control_view','Behavioural Quality Control: View module',(SELECT ID FROM permissions_category WHERE Description='Permission'));
+INSERT INTO permissions (code,description,categoryID) VALUES
+('survey_accounts_view','Survey Accounts: View module',(SELECT ID FROM permissions_category WHERE Description='Permission'));
+-- Grant new permission codes to users who had the old ones.
+INSERT INTO user_perm_rel SELECT userID, (SELECT permID FROM permissions WHERE code='survey_accounts_view') FROM user_perm_rel WHERE permID=(SELECT permID FROM permissions WHERE code='user_accounts');
+INSERT INTO user_perm_rel SELECT userID, (SELECT permID FROM permissions WHERE code='behavioural_quality_control_view') FROM user_perm_rel WHERE permID=(SELECT permID FROM permissions WHERE code='quality_control');
+INSERT INTO user_perm_rel SELECT userID, (SELECT permID FROM permissions WHERE code='imaging_quality_control_view') FROM user_perm_rel WHERE permID=(SELECT permID FROM permissions WHERE code='user_accounts');

modules/behavioural_qc/README.md

@@ -15,7 +15,7 @@ the data entry (or double data entry) has not yet been completed.
 
 ## Permissions
 
-Accessing the module requires the `behavioural_qc` permission.
+Accessing the module requires the `behavioural_quality_control_view` permission.
 
 ## Configurations
 

modules/behavioural_qc/ajax/GetCandidates.php

@@ -13,7 +13,7 @@
 require_once "NDB_Client.class.inc";
 
 $user = \User::singleton();
-if (!$user->hasPermission('quality_control')) {
+if (!$user->hasPermission('behavioural_quality_control_view')) {
     header("HTTP/1.1 403 Forbidden");
     exit;
 }
@@ -58,4 +58,3 @@
 print json_encode($response);
 
 
-

modules/behavioural_qc/ajax/GetInstruments.php

@@ -20,7 +20,7 @@
 require_once 'NDB_Client.class.inc';
 
 $user =& User::singleton();
-if (!$user->hasPermission('quality_control')) {
+if (!$user->hasPermission('behavioural_quality_control_view')) {
     header("HTTP/1.1 403 Forbidden");
     exit;
 }
@@ -67,4 +67,3 @@
     }
 }
 
-

modules/behavioural_qc/php/behavioural_qc.class.inc

@@ -18,7 +18,7 @@ class Behavioural_QC extends \NDB_Form
      */
     function _hasAccess(\User $user) : bool
     {
-        return $user->hasPermission('quality_control');
+        return $user->hasPermission('behavioural_quality_control_view');
     }
 
     /**

modules/behavioural_qc/php/module.class.inc

@@ -33,7 +33,7 @@ class Module extends \Module
     public function hasAccess(\User $user) : bool
     {
         return parent::hasAccess($user) &&
-            $user->hasPermission('quality_control');
+            $user->hasPermission('behavioural_quality_control_view');
     }
 
     /**

modules/behavioural_qc/test/behavioural_qcTest.php

@@ -65,7 +65,7 @@ function testBehaviouralQCWithoutPermission()
      */
     function testBehaviouralQCPermission()
     {
-         $this->setupPermissions(["quality_control"]);
+         $this->setupPermissions(["behavioural_quality_control_view"]);
          $this->safeGet($this->url . "/behavioural_qc/");
         $bodyText = $this->safeFindElement(
             WebDriverBy::cssSelector("body")

modules/imaging_qc/README.md

@@ -1,31 +1,59 @@
 ## Imaging Quality Control Module
 
-#### Purpose
-The purpose of this module is to verify and help ensure imaging data has been uploaded into LORIS and reviewed for Quality Control (QC). It provides a queryable interface to check at a glance the completeness of imaging data collection for a study, and the status of QC review processes on them.  
+#### Purpose 
 
-Note: this module is not the module in which visual/radiological QC is performed on scans, just the module in which QC assessments are *reviewed*. Links are included in this module so the user can jump to the Imaging Browser to mark QC assessments on images and visits.
+The purpose of this module is to verify and help ensure
+imaging data has been uploaded into LORIS and reviewed for Quality
+Control (QC). It provides a queryable interface to check at a glance the
+completeness of imaging data collection for a study, and the status of
+QC review processes on them.
 
-#### Intended Users
-This module is used by study administrators, imaging scientists, analysts, coordinators, and clinicians.
+Note: this module is not the module in which visual/radiological QC
+is performed on scans, just the module in which QC assessments are
+*reviewed*. Links are included in this module so the user can jump to
+the Imaging Browser to mark QC assessments on images and visits.
 
-#### Scope
-The Imaging QC module allows you to view specific data on uploaded image files, with many additional filtering options. The resulting table has a column for QC status, so you can see whether the upload has passed QC or not. The table provides a link to each file. You can download the table in `.csv` format. 
+#### Intended Users 
 
-Note: To QC a scan, the user must click the link leading to the Imaging Browser, and enter the QC details in that module.
+This module is used by study administrators, imaging
+scientists, analysts, coordinators, and clinicians.
+
+#### Scope 
+
+The Imaging QC module allows you to view specific data
+on uploaded image files, with many additional filtering options. The
+resulting table has a column for QC status, so you can see whether the
+upload has passed QC or not. The table provides a link to each file. You
+can download the table in `.csv` format.
+
+Note: To QC a scan, the user must click the link leading to the Imaging
+Browser, and enter the QC details in that module.
 
 #### Configurations
 
-* This module will not load without the `mri_parameter_form` instrument installed and properly configured.  Each scan type (identified below via the Configuration module) should have an equivalent _scan_done_ column in the database table for this instrument. 
->  A sample MRI Parameter Form is available with our sample dataset in this repo: `raisinbread/instruments/NDB_BVL_Instrument_mri_parameter_form.class.inc`, and should be customized and installed for your project.  (Please consult our online Setup Guide for more information.)  
+* This module will not load without the `mri_parameter_form` instrument
+installed and properly configured.  Each scan type (identified below
+via the Configuration module) should have an equivalent _scan_done_
+column in the database table for this instrument.  A sample MRI
+Parameter Form is available with our sample dataset in this repo:
+`raisinbread/instruments/NDB_BVL_Instrument_mri_parameter_form.class.inc`,
+and should be customized and installed for your project. (Please consult
+our online Setup Guide for more information.)
+
+* The `tblScanTypes` Configuration setting allows customization of which
+modalities are displayed in this module.
 
-* The `tblScanTypes` Configuration setting allows customization of which modalities are displayed in this module. 
+#### Permissions 
 
-#### Permissions
-The `quality_control` permission gives users access to this module and its features.
+The `imaging_quality_control_view` permission gives users access to
+this module and its features.
 
 #### Interactions With LORIS
 
-* Imaging Browser: presents info about and links to QC and scans, for the scan types specified in the Configuration module (as noted above)
-* Imaging Uploader : the name of the user who uploaded the scan is displayed in this module 
-* Dicom Archive: Tarchive detected
-* MRI parameter form: Completeness of form and Scan Done are displayed, for this instrument
+* Imaging Browser: presents info about and links to QC and scans, for
+the scan types specified in the Configuration module (as noted above) 
+* Imaging Uploader : the name of the user who uploaded the scan is displayed
+in this module 
+* Dicom Archive: Tarchive detected 
+* MRI parameter form:
+Completeness of form and Scan Done are displayed, for this instrument

modules/imaging_qc/php/imaging_qc.class.inc

@@ -39,8 +39,7 @@ class Imaging_QC extends \NDB_Menu_Filter
      */
     function _hasAccess(\User $user) : bool
     {
-        // FIXME This module should have its own permission.
-        return $user->hasPermission('quality_control');
+        return $user->hasPermission('imaging_quality_control_view');
     }
 
     /**

modules/imaging_qc/php/module.class.inc

@@ -36,7 +36,7 @@ class Module extends \Module
         if (parent::hasAccess($user) == false) {
             return false;
         }
-        return $user->hasPermission('quality_control');
+        return $user->hasPermission('imaging_quality_control_view');
     }
 
     /**

modules/survey_accounts/README.md

@@ -21,7 +21,7 @@ LORIS `htdocs` directory.
 
 ## Permissions
 
-Accessing the survey accounts module requires the `user_accounts`
+Accessing the survey accounts module requires the `survey_accounts_view`
 LORIS permission.
 
 ## Configurations

modules/survey_accounts/ajax/GetEmailContent.php

@@ -4,7 +4,7 @@
  * template for the current instrument. It is used in the survey_accounts
  * page via AJAX to update the email template with the current page
  *
- * PHP Version 5
+ * PHP Version 7
  *
  * @category Survey
  * @package  Loris
@@ -13,8 +13,8 @@
  * @link     https://www.github.com/aces/Loris-Trunk/
  */
 
-$user =& User::singleton();
-if (!$user->hasPermission('user_accounts')) {
+$user = \User::singleton();
+if (!$user->hasPermission('survey_accounts_view')) {
     header("HTTP/1.1 403 Forbidden");
     exit;
 }

modules/survey_accounts/ajax/ValidateEmailSubmitInput.php

@@ -3,7 +3,7 @@
  * This is used by the survey accounts module to validate inputs
  * before the email message popup appears
  *
- * PHP Version 5
+ * PHP Version 7
  *
  * @category Survey
  * @package  Loris
@@ -12,8 +12,8 @@
  * @link     https://www.github.com/aces/Loris-Trunk/
  */
 
-$user =& User::singleton();
-if (!$user->hasPermission('user_accounts')) {
+$user = \User::singleton();
+if (!$user->hasPermission('survey_accounts_view')) {
     header("HTTP/1.1 403 Forbidden");
     exit;
 }

modules/survey_accounts/php/addsurvey.class.inc

@@ -35,7 +35,7 @@ class AddSurvey extends \NDB_Form
      */
     function _hasAccess(\User $user) : bool
     {
-        return $user->hasPermission('user_accounts');
+        return $user->hasPermission('survey_accounts_view');
     }
 
     /**

modules/survey_accounts/php/module.class.inc

@@ -3,7 +3,7 @@
  * This serves as a hint to LORIS that this module is a real module.
  * It does nothing but implement the module class in the module's namespace.
  *
- * PHP Version 5
+ * PHP Version 7
  *
  * @category Behavioural
  * @package  Main
@@ -33,7 +33,8 @@ class Module extends \Module
      */
     public function hasAccess(\User $user) : bool
     {
-        return parent::hasAccess($user) && $user->hasPermission('user_accounts');
+        return parent::hasAccess($user)
+            && $user->hasPermission('survey_accounts_view');
     }
 
     /**

modules/survey_accounts/php/survey_accounts.class.inc

@@ -33,7 +33,7 @@ class Survey_Accounts extends \DataFrameworkMenu
      */
     function _hasAccess(\User $user) : bool
     {
-        return $user->hasPermission('user_accounts');
+        return $user->hasPermission('survey_accounts_view');
     }
 
     /**

modules/survey_accounts/test/survey_accountsTest.php

@@ -183,7 +183,7 @@ public function tearDown()
      */
     function testSurveyAccountsDoespageLoad()
     {
-        $this->setupPermissions(["user_accounts"]);
+        $this->setupPermissions(["survey_accounts_view"]);
         $this->safeGet($this->url . "/survey_accounts/");
         $bodyText
             = $this->webDriver->findElement(WebDriverBy::cssSelector("body"))

raisinbread/RB_files/RB_permissions.sql

@@ -66,5 +66,8 @@ INSERT INTO `permissions` (`permID`, `code`, `description`, `categoryID`) VALUES
 INSERT INTO `permissions` (`permID`, `code`, `description`, `categoryID`) VALUES (64,'candidate_dod_edit','Edit dates of death',2);
 INSERT INTO `permissions` (`permID`, `code`, `description`, `categoryID`) VALUES (65,'violated_scans_view_ownsite','Violated Scans: View Violated Scans from own site',2);
 INSERT INTO `permissions` (`permID`, `code`, `description`, `categoryID`) VALUES (66,'document_repository_edit','Document Repository: Upload and edit files',2);
+INSERT INTO `permissions` (`permID`, `code`, `description`, `categoryID`) VALUES (67,'survey_accounts_view','Survey Accounts: view module',2);
+INSERT INTO `permissions` (`permID`, `code`, `description`, `categoryID`) VALUES (68,'imaging_quality_control_view','Imaging Quality Control: view module',2);
+INSERT INTO `permissions` (`permID`, `code`, `description`, `categoryID`) VALUES (69,'behavioural_quality_control_view','Behavioural Quality Control: view module',2);
 UNLOCK TABLES;
 SET FOREIGN_KEY_CHECKS=1;