Check that authorization for the `/api/phenopackets` endpoint uses the `X-CANDIG-EXT-REMS` header

sh-ura commented 3 years ago

Use the Postman Collection created for DIG-477 to check that the GET /api/phenopackets endpoint correctly uses the X-CANDIG-EXT-REMS header. You will probably need to add some requests to that collection, but try not to remove/seriously alter the existing requests if possible.

Acceptance Criteria

[x] Comment below whether or not authorization of the /api/phenopackets endpoint works as expected
[x] Update the Postman Collection for testing Katsu authorization to test both the GET /api/individuals and GET /api/phenopackets endpoints. The collection covers and validates the following test case:
- [x] There exists some user U that has a valid REMS Entitlement to dataset D. When U requests the individuals and phenopackets associated with D from Katsu, they are granted access
- [x] U’s Entitlement to D is revoked in REMS
- [x] Next time U’s access tokens are refreshed (ex. on re-login), when U requests individuals or phenopackets associated with D from Katsu, they are not granted access

Samarth-Agarwal1 commented 3 years ago

Authorization of the /api/phenopackets endpoint works as expected

sh-ura commented 2 years ago

WON'T DO Closing due to repo archival.

dycons / researcher-portal

Check that authorization for the `/api/phenopackets` endpoint uses the `X-CANDIG-EXT-REMS` header #15

Acceptance Criteria