Closed rfdougherty closed 11 years ago
The bug is actually not limited to what a user might have access to. If a matching subject exists in an identically named experiment, we mistakenly use that experiment. Scary!
I have added another line to the query. Seems to work. Testing now...
query = query.join(ResearchGroup, Experiment.owner).filter(ResearchGroup.gid == group_name)
When a user has multiple experiments with the same name but under different research groups, a session can get mis-classified. E.g., if a user has access to smcclure/gaba and cni/gaba, their sessions with patient id "smcclure/gaba' may end up in 'cni/gaba'. (I think the subject names would have to also match for this error to occur.) It seems that the problem is in the Subject class method from_mrfile, which does a query for any matching experiment name regardless of the ResearchGroup. E.g.: