ACAS node changes for restricting /api/experiments/protocolCodename/:code
Pass allowed projects to the backend for filtering
Bug description
To reproduce
Create an experiment in a restricted project and login as a user who does not have access to that project.
Go to the protocol browser window and search for the protocol
Scroll down to the section titled: "Experiments using"
Expectation
Experiment in restricted project that the user does not have access to is not displayed
Actual outcome
Experiment in restricted project that the user does not have access to is displayed.
Description
/api/experiments/protocolCodename/:codeBug description
To reproduce Create an experiment in a restricted project and login as a user who does not have access to that project. Go to the protocol browser window and search for the protocol Scroll down to the section titled: "Experiments using" Expectation Experiment in restricted project that the user does not have access to is not displayed
Actual outcome Experiment in restricted project that the user does not have access to is displayed.
Technical details This feature relies on the ACAS route here https://github.com/mcneilco/acas/blob/b8719989a424da9ccbc571a84c118d213774eaf3/modules/ServerAPI/src/server/routes/ExperimentServiceRoutes.coffee#L32: app.get '/api/experiments/protocolCodename/:code', loginRoutes.ensureAuthenticated, exports.experimentsByProtocolCodename This route does not pay attention to acls and therefore experiments are not filtered.
Related Issue
ACAS-699
How Has This Been Tested?
Ran acasclient tests including new tests added here for this case: https://github.com/mcneilco/acasclient/pull/138