= Dataset Access Service :linkcss: true :table-caption!: :source-highlighter: pygments :toc: preamble ifdef::env-github[] :tip-caption: :bulb: :note-caption: :information_source: :important-caption: :heavy_exclamation_mark: :caution-caption: :fire: :warning-caption: :warning: endif::[] ifndef::env-github[] :stylesdir: /home/ellie/Code/3rd/asciidoctor-skins/css :stylesheet: adoc-github.css endif::[]
https://veupathdb.github.io/service-dataset-access/api.html[API Docs]
REST API microservice enabling HTTP clients to view and manage user access to study datasets.
== Main Concepts for Study/Dataset Access
These concepts apply to curated studies, but might eventually apply also to individual and community studies uploaded directly by endusers.
Studies may be: pubic, prerelease, private, controlled, and protected. Some require that the user sends a request for access (they will be prompted when attempting the action):
No request access needed or offered:
. public: access to all functionality by default . prerelease: no request access mechanism offered. you see the study page
Request access needed:
. private: request access to explore the data, analyze it and download (by default you only can see the study page) . controlled or protected: request access to download.
In controlled studies the user will be allowed to access the data automatically upon request submission, while in protected and private studies there will be human intervention in the decision.
There are 3 tables in accountDB (shared by prod and qa sites) for 3 types of users:
. a staff member will have access to all studies, and if "owner" (bad name) they can access the dashboard and update the database with many possible actions affecting any of the 3 tables. . an end user : they ask for permission to access a study (that is how they become a row in the table), and we (staff owner or provider) approve or deny access. . a provider is a user who owns the data for a given study, there could be several providers, and if "is_manager", then this provider can add/remove other providers.
== Deployment
=== Required Configuration
==== Authentication Salt
Used to authenticate user WDK session token values.
Value must be the MD5 hash of the entire salt file used by WDK sites.
.Provided using
[cols=">1h,4m"]
|===
| CLI | --auth-secret=
==== LDAP Server
Defines the LDAP server(s) that are used to look up Oracle connection details.
Individual values must be formatted as <host.addr>:<port>
, for example
ldap.mysite.org:123
.
Multiple servers may be specified using a comma to separate them:
ldap1.mysite.org:123,ldap2.mysite.org:123
.Provided using
[cols=">1h,4m"]
|===
| CLI | --ldap-server=
==== Oracle Base Distinguished Name
The base context in which Oracle database TNS Names will be resolved.
Required if the web service connects to Oracle database(s) using a TNS Name rather than individual connection details.
.Provided using
[cols=">1h,4m"]
|===
| CLI | --oracle-base-dn=
==== Application DB TNS Name
Sets the TNS Name to use when connecting to an Oracle application DB instance.
.Provided using
[cols=">1h,4m"]
|===
| CLI | --app-db-ora=
==== Application DB Username
Sets the connection username for the application DB that this web service will connect to.
.Provided using
[cols=">1h,4m"]
|===
| CLI | --app-db-user=
==== Application DB Password
Sets the connection password for the application DB that this web service will connect to.
.Provided using
[cols=">1h,4m"]
|===
| ENV | APP_DB_PASS=
==== Account DB TNS Name
Sets the TNS Name to use when connecting to an Oracle account DB instance.
.Provided using
[cols=">1h,4m"]
|===
| CLI | --acct-db-ora=
==== Account DB Username
Sets the connection username for the account DB that this web service will connect to.
.Provided using
[cols=">1h,4m"]
|===
| CLI | --acct-db-user=
==== Account DB Password
Sets the connection password for the account DB that this web service will connect to.
.Provided using
[cols=">1h,4m"]
|===
| ENV | ACCT_DB_PASS=
==== SMTP Host
Used for sending emails this service will generate.
.Provided using
[cols=">1h,4m"]
|===
| CLI | --smtp-host=
==== Support Email
Used to set the ReplyTo value on emails sent from this service.
.Provided using
[cols=">1h,4m"]
|===
| CLI | --support-email=
==== Site URL
The base URL for the site to which this service is paired.
.Provided using
[cols=">1h,4m"]
|===
| CLI | --site-url=
//------------------------------------------------------------------------------
=== Optional Configuration
==== Server Port
Used to configure the port the web server to listens to.
Defaults to port 80
if unset.
.Provided using
[cols=">1h,4m"]
|===
| CLI | --server-port=
==== Application DB Connection Pool Size
Sets the connection pool size for the application DB that this web service will connect to.
Defaults to 20
.Provided using
[cols=">1h,4m"]
|===
| CLI | --app-db-pool-size=
==== Account DB Connection Pool Size
Sets the connection pool size for the account DB that this web service will connect to.
Defaults to 20
.Provided using
[cols=">1h,4m"]
|===
| CLI | --acct-db-pool-size=
==== Enable Email Debug
Sets the javax.mail.Session
property mail.debug
.
Defaults to false
.
.Provided using [cols=">1h,4m"] |=== | CLI | --mail-debug=true|false | ENV | EMAIL_DEBUG=true|false |=== //------------------------------------------------------------------------------
==== Registration Path
Path to the registration client component relative to the site URL.
Defaults to /app/user/registration
.
.Provided using
[cols=">1h,4m"]
|===
| CLI | --registration-path=
//------------------------------------------------------------------------------
==== Application Path
Path to the dataset access management client component relative to the site URL.
Defaults to /app/study-access
.
.Provided using
[cols=">1h,4m"]
|===
| CLI | --application-path=
=== Template .env
File
AUTH_SECRET_KEY= LDAP_SERVER= ORACLE_BASE_DN=
APP_DB_TNS_NAME= APP_DB_USER= APP_DB_PASS=
ACCT_DB_TNS_NAME= ACCT_DB_USER= ACCT_DB_PASS=
SMTP_HOST= SUPPORT_EMAIL=
SITE_URL=