REST API key from Admin page fails

[graybeal]

I have an odd situation, I'm trying to access LCMPT, which shows up fine in the UI. But when I try to click on Submissions in the UI, I get

-"errors": [
"Access denied for this resource"
],
"status": 403
}

Replacing LCMPT with GEO works fine. Making LCMPT a public ontology and using a new Guest browser doesn't help. Nothing jumps out at me to explain why this ontology wouldn't be accessible from the REST API.

The ontology just got installed by Rafael yesterday, and it is weird in general.

Taking away all the API key information in the call makes it work. (Huh?!) I guess the API key info being generated by the Javascript

isn't helpful. (Some of the LC ontologies have this problem for me, some don't.)

Call this low priority for now. I have multiple browser accounts (hence caches) going, not sure if that is contributing. Though it might explain why CEDAR can't access the LCMPT vocabulary.

[jvendetti]

@graybeal - I assume you're referring to attempts to access the following REST API URL in a browser window:

http://data.bioontology.org/ontologies/LCMPT/submissions

LCMPT is currently configured as a private ontology in BioPortal. I tested the above URL with two different BioPortal accounts:

1. My personal account, which has administrative privileges.
2. A test account with no admin privileges, and no inclusion in the list of accounts that are allowed to view the classes for LCMPT.

Issuing a curl command using the API key for my personal account results in submissions data returned (note that I've removed the API key in the text snippet below for security):

➜  ~ curl -X GET -G \
'http://data.bioontology.org/ontologies/LCMPT/submissions' \
-d apikey=
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 34336  100 34336    0     0   462k      0 --:--:-- --:--:-- --:--:--  465k
[
   {
      "hasOntologyLanguage" : "OWL",
      "submissionId" : 9,
      "description" : "Vocabulary that provides terminology to describe the instruments, voices, etc., used in the performance of musical works.",
      "version" : "OWL transform 2",
      "status" : "alpha",
      "contact" : [
         {
            "id" : "http://data.bioontology.org/contacts/c71f2ce0-8379-0134-635e-005056010073",
            "email" : "nlorimer@stanford.edu",
            "name" : "Nancy Lorimer"
         }
      ],

etc...

Issuing a curl command using the API key for the test account results in a 403 access denied message:

➜  ~ curl -X GET -G \
'http://data.bioontology.org/ontologies/LCMPT/submissions' \
-d apikey=
{"errors":["Access denied for this resource"],"status":403}%

This is expected behavior since the test account has neither administrative privileges, nor permissions to view LCMPT classes.

There doesn't appear to be any issue at the REST level. If you're seeing unexpected results in a browser window, I suggest clearing your browser cache and trying to reproduce the issue.

[jvendetti]

@graybeal - If instead you were referring to the Admin page in the BioPortal UI, I wasn't able to reproduce this behavior (I tried FF, Chrome, and Safari). Clicking on the Submissions links worked for me in all cases.

[graybeal]

Yes, the Admin page was what gave me the difficulty. But I probably mis-spoke--it wasn't the Submissions link but the REST link.

If I look at the link it looks like this, with minor substitutions: http://data.bioontology.org/ontologies/LCMPT?apikey=8b5b7825-538d-xxxx-xxxx-xxxxxxxxxxxx&userapikey:%203b75757e-b552-yyyy-yyyy-yyyyyyyyyyyy

That apparently is not good enough.

[jvendetti]

Thanks for the clarification - I'm now able to reproduce the error by clicking the "REST" link for LCMPT on the Admin page. The last portion of the URL looks unusual to me: "&userapikey: ", in particular the use of the colon character followed by a URL encoded space character. @mdorf authored the Admin page code, and thus might be able to more quickly offer insight here.

[graybeal]

Cool. Not urgent now that I know what is going on.

[alexskr]

resolved