Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
Emmanuel QUEVILLON
BIGSdb
Commits
4dd1fc01
Commit
4dd1fc01
authored
Dec 23, 2014
by
Keith Jolley
Browse files
Submitter account that only allows edit/delete isolate if sender.
parent
f98af405
Changes
9
Hide whitespace changes
Inline
Side-by-side
lib/BIGSdb/CurateAddPage.pm
View file @
4dd1fc01
...
...
@@ -172,6 +172,10 @@ sub _insert {
my
$extra_inserts
=
[]
;
my
@tables
=
qw(accession loci locus_aliases locus_descriptions profile_refs scheme_fields scheme_group_group_members
sequences sequence_bin sequence_refs)
;
if
(
defined
$newdata
->
{'
isolate_id
'}
&&
!
$self
->
is_allowed_to_view_isolate
(
$newdata
->
{'
isolate_id
'}
)
)
{
return
;
#Problem will be reported in CuratePage::create_record_table.
}
if
(
any
{
$table
eq
$_
}
@tables
)
{
my
$method
=
"
_check_
$table
";
...
...
lib/BIGSdb/CurateBatchAddPage.pm
View file @
4dd1fc01
...
...
@@ -884,6 +884,22 @@ sub _check_data_duplicates {
return
;
}
#sub _check_allowed_to_modify_isolate {
# my ( $self, $arg_ref ) = @_;
# return if $self->{'system'}->{'dbtype'} ne 'isolates';
# my $pk_combination = $arg_ref->{'pk_combination'};
# my $value = ${ $arg_ref->{'value'} };
# if ($arg_ref->{'field'} eq 'isolate_id'){
# if (!$self->is_allowed_to_view_isolate( $value)){
# my $problem_text = "isolate id-$value is not accessible.<br />";
# $arg_ref->{'problems'}->{$pk_combination} .= $problem_text
# if !defined $arg_ref->{'problems'}->{$pk_combination} || $arg_ref->{'problems'}->{$pk_combination} !~ /$problem_text/;
# ${ $arg_ref->{'special_problem'} } = 1;
# }
# }
# return;
#}
sub
_check_data_allele_designations
{
#special case to check for allele id format and regex which is defined in loci table
...
...
lib/BIGSdb/CurateIndexPage.pm
View file @
4dd1fc01
...
...
@@ -94,7 +94,7 @@ sub print_content {
}
}
elsif
(
$system
->
{'
dbtype
'}
eq
'
sequences
'
)
{
foreach
(
qw (locus_descriptions
scheme_curators
locus_curators
sequences
accession
sequence_refs
profiles
profile_refs
))
{
if
(
$self
->
can_modify_table
(
$_
)
||
$_
eq
'
profiles
'
)
{
#profile permissions handled by ACL
if
(
$self
->
can_modify_table
(
$_
)
||
$_
eq
'
profiles
'
)
{
my
$function
=
"
_print_
$_
";
try
{
my
(
$temp_buffer
,
$returned_td
)
=
$self
->
$function
(
$td
,
$set_string
);
...
...
lib/BIGSdb/CurateIsolateDeletePage.pm
View file @
4dd1fc01
...
...
@@ -45,16 +45,13 @@ sub print_content {
}
my
$data
=
$self
->
{'
datastore
'}
->
get_isolate_field_values
(
$id
);
if
(
!
$data
)
{
say
qq(<div class="box" id="statusbad"><p>No record with id
=
$id exists.</p></div>)
;
say
qq(<div class="box" id="statusbad"><p>No record with id
-
$id exists
or your account is not allowed to delete it
.</p></div>)
;
return
;
}
if
(
!
$self
->
can_modify_table
('
isolates
')
)
{
say
qq(<div class="box" id="statusbad"><p>Your user account is not allowed to delete records
to
the isolates table.</p></div>)
;
say
qq(<div class="box" id="statusbad"><p>Your user account is not allowed to delete records
in
the isolates table.</p></div>)
;
return
;
}
elsif
(
!
$self
->
is_allowed_to_view_isolate
(
$id
)
)
{
say
qq(<div class="box" id="statusbad"><p>Your user account is not allowed to delete this isolate record.</p></div>)
;
return
;
}
}
$buffer
.=
qq(<div class="box" id="resultstable">\n)
;
$buffer
.=
"
<p>You have selected to delete the following record:</p>
";
$buffer
.=
$q
->
start_form
;
...
...
lib/BIGSdb/CurateIsolateUpdatePage.pm
View file @
4dd1fc01
...
...
@@ -75,7 +75,13 @@ sub print_content {
my
$data
=
$sql
->
fetchrow_hashref
;
$self
->
add_existing_metadata_to_hashref
(
$data
);
if
(
!
$data
->
{'
id
'}
)
{
say
"
<div class=
\"
box
\"
id=
\"
statusbad
\"
><p>No record with id =
"
.
$q
->
param
('
id
')
.
"
exists.</p></div>
";
my
$exists_in_isolates_table
=
$self
->
{'
datastore
'}
->
run_query
(
"
SELECT EXISTS(SELECT * FROM isolates WHERE id=?)
",
$q
->
param
('
id
')
);
if
(
$exists_in_isolates_table
)
{
say
qq(<div class="box" id="statusbad"><p>Isolate id-)
.
$q
->
param
('
id
')
.
qq( is not accessible from your account.</p></div>)
;
}
else
{
say
qq(<div class="box" id="statusbad"><p>No record with id-)
.
$q
->
param
('
id
')
.
qq( exists.</p></div>)
;
}
return
;
}
if
(
$q
->
param
('
sent
')
)
{
...
...
lib/BIGSdb/CuratePage.pm
View file @
4dd1fc01
...
...
@@ -51,7 +51,11 @@ sub create_record_table {
my
(
$self
,
$table
,
$newdata
,
$options
)
=
@_
;
$options
=
{}
if
ref
$options
ne
'
HASH
';
if
(
ref
$newdata
ne
'
HASH
'
)
{
say
"
<div class=
\"
box
\"
id=
\"
statusbad
\"
><p>Record doesn't exist.</p></div>
";
say
qq(<div class="box" id="statusbad"><p>Record doesn't exist.</p></div>)
;
return
'';
}
elsif
(
defined
$newdata
->
{'
isolate_id
'}
&&
!
$self
->
is_allowed_to_view_isolate
(
$newdata
->
{'
isolate_id
'}
)
)
{
say
qq(<div class="box" id="statusbad"><p>Your account is not allowed to modify values for isolate id-$newdata->{'isolate_id'}.)
.
qq(</p></div>)
;
return
'';
}
my
$q
=
$self
->
{'
cgi
'};
...
...
@@ -614,7 +618,7 @@ sub _create_extra_fields_for_loci {
my
(
$self
,
$newdata_ref
,
$width
)
=
@_
;
my
$q
=
$self
->
{'
cgi
'};
my
$buffer
=
'';
if
(
$self
->
{'
system
'}
->
{'
dbtype
'}
eq
'
sequences
'
)
{
if
(
$self
->
{'
system
'}
->
{'
dbtype
'}
eq
'
sequences
'
)
{
my
$attributes
=
$self
->
{'
datastore
'}
->
get_table_field_attributes
('
locus_descriptions
');
if
(
defined
$newdata_ref
->
{'
id
'}
)
{
my
$desc_ref
=
...
...
@@ -1082,14 +1086,19 @@ sub _is_field_bad_other {
#Make sure a foreign key value exists in foreign table
if
(
$thisfield
->
{'
foreign_key
'}
)
{
my
$qry
=
"
SELECT COUNT(*) FROM
$thisfield
->{'foreign_key'} WHERE id=?
";
my
$sql
=
$self
->
{'
db
'}
->
prepare
(
$qry
);
my
$qry
;
if
(
$fieldname
eq
'
isolate_id
'
)
{
$qry
=
"
SELECT EXISTS(SELECT * FROM
$self
->{'system'}->{'view'} WHERE id=?)
";
}
else
{
$qry
=
"
SELECT EXISTS(SELECT * FROM
$thisfield
->{'foreign_key'} WHERE id=?)
";
}
$value
=
$self
->
map_locus_name
(
$value
)
if
$fieldname
eq
'
locus
';
eval
{
$sql
->
execute
(
$value
)
};
$logger
->
error
(
$@
)
if
$@
;
my
(
$exists
)
=
$sql
->
fetchrow_array
;
my
$exists
=
$self
->
{'
datastore
'}
->
run_query
(
$qry
,
$value
,
{
cache
=>
"
CuratePage::is_field_bad_other:
$fieldname
"
}
);
if
(
!
$exists
)
{
return
"
value '
$value
' does not exist in
$thisfield
->{foreign_key} table
";
if
(
$thisfield
->
{'
foreign_key
'}
eq
'
isolates
'
&&
$self
->
{'
system
'}
->
{'
view
'}
ne
'
isolates
'
)
{
return
"
value '
$value
' does not exist in isolates table or is not accessible to your account
";
}
return
"
value '
$value
' does not exist in
$thisfield
->{'foreign_key'} table
";
}
}
return
0
;
...
...
lib/BIGSdb/Datastore.pm
View file @
4dd1fc01
...
...
@@ -99,7 +99,7 @@ sub get_user_string {
sub
get_user_info_from_username
{
my
(
$self
,
$user_name
)
=
@_
;
return
if
!
defined
$user_name
;
return
$self
->
run_query
(
"
SELECT
first_name,surname,affiliation,email
FROM users WHERE user_name=?
",
return
$self
->
run_query
(
"
SELECT
*
FROM users WHERE user_name=?
",
$user_name
,
{
fetch
=>
'
row_hashref
',
cache
=>
'
get_user_info_from_username
'
}
);
}
...
...
lib/BIGSdb/Page.pm
View file @
4dd1fc01
...
...
@@ -64,7 +64,7 @@ use constant SUBMITTER_ALLOWED_PERMISSIONS => qw(modify_isolates modify_sequence
our
@EXPORT_OK
=
qw(SEQ_METHODS SEQ_FLAGS ALLELE_FLAGS SEQ_STATUS DIPLOID HAPLOID DATABANKS FLANKING LOCUS_PATTERN
SUBMITTER_ALLOWED_PERMISSIONS)
;
sub
new
{
## no critic (RequireArgUnpacking)
sub
new
{
## no critic (RequireArgUnpacking)
my
$class
=
shift
;
my
$self
=
{
@
_
};
$self
->
{'
prefs
'}
=
{};
...
...
@@ -204,7 +204,7 @@ sub print_page_content {
}
}
else
{
$self
->
initiate_prefs
;
$self
->
initiate_view
(
$self
->
{'
username
'}
,
$self
->
{'
curate
'}
);
$self
->
initiate_view
(
$self
->
{'
username
'}
);
}
$q
->
charset
('
UTF-8
');
if
(
$self
->
{'
type
'}
ne
'
xhtml
'
)
{
...
...
@@ -598,6 +598,7 @@ sub get_metaset_and_fieldname {
sub
add_existing_metadata_to_hashref
{
my
(
$self
,
$data
)
=
@_
;
return
if
!
defined
$data
->
{'
id
'};
my
$metadata_list
=
$self
->
{'
xmlHandler
'}
->
get_metadata_list
;
foreach
my
$metadata_set
(
@$metadata_list
)
{
my
$metadata
=
...
...
@@ -2044,7 +2045,7 @@ sub _initiate_isolatedb_prefs {
}
sub
initiate_view
{
my
(
$self
,
$username
,
$curate
)
=
@_
;
my
(
$self
,
$username
)
=
@_
;
return
if
(
$self
->
{'
system
'}
->
{'
dbtype
'}
//
''
)
ne
'
isolates
';
my
$set_id
=
$self
->
get_set_id
;
if
(
defined
$self
->
{'
system
'}
->
{'
view
'}
&&
$set_id
)
{
...
...
@@ -2053,6 +2054,15 @@ sub initiate_view {
$self
->
{'
system
'}
->
{'
view
'}
=
$set_view
if
$set_view
;
}
}
if
(
$self
->
{'
curate
'}
)
{
my
$user_info
=
$self
->
{'
datastore
'}
->
get_user_info_from_username
(
$username
);
return
if
!
$user_info
;
if
(
$user_info
->
{'
status
'}
eq
'
submitter
'
)
{
$self
->
{'
db
'}
->
do
(
"
CREATE TEMPORARY VIEW temp_view AS SELECT * FROM
$self
->{'system'}->{'view'} WHERE sender=?
",
undef
,
$user_info
->
{'
id
'}
);
$self
->
{'
system
'}
->
{'
view
'}
=
'
temp_view
';
}
}
return
;
}
...
...
lib/BIGSdb/Plugin.pm
View file @
4dd1fc01
...
...
@@ -340,7 +340,7 @@ sub print_content {
}
}
$plugin
->
initiate_prefs
;
$plugin
->
initiate_view
(
$self
->
{'
username
'}
,
$self
->
{'
curate
'}
);
$plugin
->
initiate_view
(
$self
->
{'
username
'}
);
$plugin
->
run
;
return
;
}
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment