🐛 Fix analysis query permissions

kids-first · Aug 12, 2020 · 602c0f3 · 602c0f3
1 parent b2855bf
commit 602c0f3
Show file tree

Hide file tree

Showing 5 changed files with 43 additions and 16 deletions.
diff --git a/creator/analyses/migrations/0003_fix_permission_name.py b/creator/analyses/migrations/0003_fix_permission_name.py
@@ -0,0 +1,17 @@
+# Generated by Django 2.2.13 on 2020-08-12 14:53
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('analyses', '0002_analysis_error_message'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='analysis',
+            options={'permissions': [('list_all_analysis', 'Can list all analyses'), ('view_my_study_analysis', 'Can view all analyses in studies user is a member of'), ('add_my_study_analysis', 'Can add analyses to studies the user is a member of'), ('change_my_study_analysis', 'Can change analyses in studies the user is a member of')]},
+        ),
+    ]
diff --git a/creator/analyses/models.py b/creator/analyses/models.py
@@ -17,7 +17,7 @@ class Meta:
         permissions = [
             ("list_all_analysis", "Can list all analyses"),
             (
-                "view_my_analysis",
+                "view_my_study_analysis",
                 "Can view all analyses in studies user is a member of",
             ),
             (

diff --git a/creator/analyses/schema.py b/creator/analyses/schema.py
@@ -36,8 +36,9 @@ def get_node(cls, info, id):
         # belongs to one of their studies
         if user.has_perm("analyses.view_analysis") or (
             user.has_perm("analyses.view_my_study_analysis")
-            and analysis.study
-            and user.studies.filter(kf_id=analysis.study.kf_id).exists()
+            and user.studies.filter(
+                kf_id=analysis.version.root_file.study.kf_id
+            ).exists()
         ):
             return analysis
 
@@ -46,7 +47,7 @@ def get_node(cls, info, id):
 
 class AnalysisFilter(django_filters.FilterSet):
     file_kf_id = django_filters.CharFilter(
-        field_name="root_file__kf_id", lookup_expr="exact"
+        field_name="version__root_file__kf_id", lookup_expr="exact"
     )
 
     class Meta:
@@ -69,7 +70,8 @@ class Query(object):
     def resolve_all_analyses(self, info, **kwargs):
         """
         Return all analyses if user has view_analysis
-        Return only analyses in user's studies if user has view_my_analysis
+        Return only analyses in user's studies if user has the
+            view_my_study_analysis permission
         Return not allowed otherwise
         """
         user = info.context.user
@@ -85,7 +87,7 @@ def resolve_all_analyses(self, info, **kwargs):
 
         if user.has_perm("analyses.view_my_study_analysis"):
             return Analysis.objects.filter(
-                root_file__study__in=user.studies.all()
+                version__root_file__study__in=user.studies.all()
             ).all()
 
         raise GraphQLError("Not allowed")
diff --git a/creator/groups.py b/creator/groups.py
@@ -58,6 +58,7 @@
         "view_study",
         "view_downloadtoken",
         "add_downloadtoken",
+        "view_analysis",
         "delete_downloadtoken",
         "view_file",
         "view_version",
@@ -69,7 +70,7 @@
         "view_my_file",
         "add_my_study_file",
         "change_my_study_file",
-        "view_analysis",
+        "view_my_study_analysis",
         "add_my_study_analysis",
         "add_my_study_version",
         "add_downloadtoken",
@@ -82,6 +83,7 @@
         "view_study",
         "view_file",
         "view_version",
+        "view_analysis",
         "add_downloadtoken",
         "view_event",
         "view_project",
@@ -92,5 +94,11 @@
         "unlink_project",
         "import_volume",
     ],
-    "Services": ["view_study", "add_file", "view_file", "view_version"],
+    "Services": [
+        "view_study",
+        "add_file",
+        "view_file",
+        "view_analysis",
+        "view_version",
+    ],
 }
diff --git a/tests/analyses/test_query.py b/tests/analyses/test_query.py
@@ -41,10 +41,10 @@ def analysis(db):
     "user_group,allowed",
     [
         ("Administrators", True),
-        ("Services", False),
-        ("Developers", False),
+        ("Services", True),
+        ("Developers", True),
         ("Investigators", False),
-        ("Bioinformatics", False),
+        ("Bioinformatics", True),
         (None, False),
     ],
 )
@@ -71,10 +71,10 @@ def test_query_analysis(db, clients, analysis, user_group, allowed):
     "user_group,allowed",
     [
         ("Administrators", True),
-        ("Services", False),
-        ("Developers", False),
-        ("Investigators", False),
-        ("Bioinformatics", False),
+        ("Services", True),
+        ("Developers", True),
+        ("Investigators", True),
+        ("Bioinformatics", True),
     ],
 )
 def test_query_my_analysis(db, clients, analysis, user_group, allowed):
@@ -107,7 +107,7 @@ def test_query_my_analysis(db, clients, analysis, user_group, allowed):
         ("Administrators", True, 1),
         ("Services", False, 0),
         ("Developers", False, 0),
-        ("Investigators", False, 0),
+        ("Investigators", True, 1),
         ("Bioinformatics", False, 0),
         (None, False, 0),
     ],