Update API on request to import an analysis by a user who does not have access to a study (user dataset or regular study: private/prerelease)

VEuPathDB / EdaUserService

An EDA service that tracks user state

Apache License 2.0

0 stars 0 forks source link

Update API on request to import an analysis by a user who does not have access to a study (user dataset or regular study: private/prerelease) #21

Closed aurreco-uga closed 1 year ago

aurreco-uga commented 1 year ago

This is to improve the UX when a user who has received an analysis URL from another user sharing it, does not have access to the study (user dataset or regular study: private/prerelease): The behavior should be the same for a user dataset and a regular study: (1) send back a sentence and study id "Sorry, you do not have currently access to this study (are you logged in?). Please request permission to access the study, and then try again to import the analysis with your URL." (2) do not save the analysis in the user database

ryanrdoherty commented 1 year ago

@dmfalke What kind of API do you want here? Thinking a 403 Forbidden with JSON like this:

{
  studyId: string,
  errorMessage: string, the value above that Cristina wrote
}

ryanrdoherty commented 1 year ago

@aurreco-uga What level of permissions are required to copy an analysis? Options are:

  private final boolean _allowStudyMetadata;
  private final boolean _allowSubsetting;
  private final boolean _allowVisualizations;
  private final boolean _allowResultsFirstPage;
  private final boolean _allowResultsAll;

I believe these are always progressive, so a higher perm implies lower perms. I'm thinking we probably can allow the share even as long as subsetting is allowed? Or do they need visualizations too? Maybe both since an analysis may contain visualizations?

dmfalke commented 1 year ago

@aurreco-uga What level of permissions are required to copy an analysis? Options are:
  private final boolean _allowStudyMetadata;
  private final boolean _allowSubsetting;
  private final boolean _allowVisualizations;
  private final boolean _allowResultsFirstPage;
  private final boolean _allowResultsAll;
I believe these are always progressive, so a higher perm implies lower perms. I'm thinking we probably can allow the share even as long as subsetting is allowed? Or do they need visualizations too? Maybe both since an analysis may contain visualizations?

You ought to be able to just check for allowSubsetting. The client is not currently checking for permissions to visualize, so if that value is false, then the user will just get error messages when trying to view visualizations. It wouldn't be hard to add a check, for completeness.