search

utsw-bicf / pandiseased

MIT License
1 stars 1 forks source link

Update download to have pop up to sign agrremnt #389

Closed vsmalladi closed 3 years ago

vsmalladi commented 3 years ago

Add a pop to download for data to have aggreement for users

Download only aggregate summary otherwise.

vsmalladi commented 3 years ago

Aggreement Text

"Users of any data provided by KCE, whether open or controlled access, agree not to attempt to reidentify any individual participant in any study represented by KCE data, for any purpose whatever. This includes, but is not limited to, the use of analytical techniques of reidentification on genomic or clinical data."

user must be logged in to download.

If not logged in can only download aggregate summary.

Aggregate Summary: (Something like table 1) https://www.sciencedirect.com/science/article/pii/S2352396416303917?via%3Dihub#t0005

Age Gender Histology

mingjiecn commented 3 years ago
  1. the rendered data in report.js has no session related info so I can't check if the user is logged in or not
  2. the download CSV is not a button, it is a link. So it will be easy for user to by pass signing the agreement. The user can just change the "report/" in the link to "report.tsv". For example this is the report link: https://www.encodeproject.org/report/type=Experiment&status=released&perturbed=false&assay_title=5%27+RLM+RACE To download the data, you can just use this link: https://www.encodeproject.org/report.tsv?type=Experiment&status=released&perturbed=false&assay_title=5%27+RLM+RACE
vsmalladi commented 3 years ago

@mingjiecn any idea of how to change this?

mingjiecn commented 3 years ago

@mingjiecn any idea of how to change this?

Not sure. Can the link be protected somehow? Right now the link for data file is not protected. Which mean that you can access the link without agreement.

mingjiecn commented 3 years ago

From encode team: if you want to block at API you have to just set all objects to hidden ("not released") when they are not logged in, give every object submitter privileges only. so if every object required a login to view at all, then the search results would be empty while logged out. And you can put a login trigger in Javascript on the empty search-results page.

mingjiecn commented 3 years ago
  1. add one status "public" for page and publication
  2. change the group ALLOW_CURRENT to ALLOW_CURRENT = [(Allow, 'group.verifed, 'view'),] + ONLY_ADMIN_VIEW
  3. associate status "public" with group ALLOW_EVERYONE_VIEW