Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[instruments] Add view permission #9762

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
driusan merged 14 commits into from
Jun 12, 2025
Merged

[instruments] Add view permission #9762

driusan merged 14 commits into from
Jun 12, 2025

Conversation

@adamdaudrich
Copy link
Collaborator

@adamdaudrich adamdaudrich commented Apr 22, 2025
edited
Loading

Brief summary of changes

  • Have you updated related documentation? No
  1. this hasAccess function returns a call to hasAnyPermission() to check for 'data_entry' and 'view_instrument_data' permissions. Either one will work to access instrument data in the DQT.

-2. the SQL insert command adds a new permission to permissions list

Testing instructions (if applicable)

-remove 'data_entry' permission for your user.

-add Data Query Tool - View Instrument Data to your user

  • go to the new Data Query Tool, select a candidate field, select an instrument, select some fields from that instrument, and run the query. Assert that you see fields and rows : they can be "no data" or NULL values.

Link(s) to related issue(s)

  • Resolves # (Reference the issue this fixes, if any.)

@github-actions github-actions bot added Language: SQL PR or issue that update SQL code Language: PHP PR or issue that update PHP code Module: instruments PR or issue related to instruments module labels Apr 22, 2025
@kongtiaowang
Copy link
Contributor

kongtiaowang commented Apr 22, 2025

"raisinbread/RB_files/RB_permissions.sql" needs to be updated as well.

@adamdaudrich adamdaudrich changed the title Add view permission2 [instruments] Add view permission Apr 22, 2025
@github-actions github-actions bot added the RaisinBread PR or issue introducing/requiring improvements to the Raidinbread dataset label Apr 23, 2025
driusan
driusan reviewed Apr 24, 2025
View reviewed changes
raisinbread/RB_files/RB_permissions.sql Outdated
INSERT INTO `permissions` (`permID`, `code`, `description`, `moduleID`, `action`, `categoryID`) VALUES (82,'imaging_uploader_nosessionid', 'Imaging Scans with no session ID',22,'View',2);
INSERT INTO `permissions` (`permID`, `code`, `description`, `moduleID`, `action`, `categoryID`) VALUES (83,'dicom_archive_nosessionid','DICOMs with no session ID',15,'View',2);
INSERT INTO `permissions` (`permID`, `code`, `description`, `moduleID`, `action`, `categoryID`) VALUES (84,'dicom_archive_view_ownsites','DICOMs - Own Sites',15,'View',2);
INSERT INTO `permissions` (`permID`, `code`, `description`, `moduleID`, `action`, `categoryID`) VALUES (85,'view_instrument_data','Data Query Tool - View Instrument Data',26,'View',2);
Copy link
Collaborator

@driusan driusan Apr 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You also need to add the permission to the SQL/0000-00-00-permissions.sql file so that new installs have it

kongtiaowang
kongtiaowang reviewed Apr 28, 2025
View reviewed changes
SQL/0000-00-02-Permission.sql Outdated
('imaging_uploader_nosessionid', 'Imaging Scans with no session ID', (SELECT ID FROM modules WHERE Name='imaging_uploader'), 'View', '2'),
('dicom_archive_nosessionid', 'DICOMs with no session ID', (SELECT ID FROM modules WHERE Name='dicom_archive'), 'View', '2'),
('dicom_archive_view_ownsites', 'DICOMs - Own Sites', (SELECT ID FROM modules WHERE Name='dicom_archive'), 'View', '2')
('view_instrument_data', 'Data Query Tool - View Instrument Data', (SELECT ID FROM modules WHERE Name = 'instruments'), 'View', '2')
Copy link
Contributor

@kongtiaowang kongtiaowang Apr 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SQL/0000-00-02-Permission.sql at the end of the line 149 missing a comma.

@ridz1208
Copy link
Collaborator

ridz1208 commented Apr 29, 2025

Hey @adamdaudrich,

Although thats a good first step, I dont see the code to restrict data entry for someone who only has view permission, can you clarify how the added permission prevents data entry? maybe include screenshots of instruments with and without the permission?

does it also block from modifying the metadata in the left panel of instruments?

@ridz1208
Copy link
Collaborator

ridz1208 commented May 2, 2025

@driusan give us your opinion here in terms of view/edit permissions. should data_entry be required to modify the flags at the session level as well? (i think it makes sense at the instrument level)

These flags
Screenshot 2025-05-02 at 12 29 22 PM

@driusan
Copy link
Collaborator

driusan commented May 2, 2025

It would make the most sense to me to require data_entry to modify the flags on the session level

@adamdaudrich adamdaudrich mentioned this pull request May 5, 2025
Open
1 task
@github-actions github-actions bot added the Module: instrument_list PR or issue related to instrument_list module label May 5, 2025
@adamdaudrich adamdaudrich mentioned this pull request May 8, 2025
Open
3 tasks
@adamdaudrich adamdaudrich added the 27.0.0 - Bugs Bugs Found in LORIS 27 testing label May 15, 2025
@driusan driusan added the Priority: High PR or issue should be prioritised over others for review and testing label Jun 5, 2025
@driusan driusan added this to the 27.0.0 milestone Jun 5, 2025
@github-actions github-actions bot added Language: Javascript PR or issue that update Javascript code Module: statistics PR or issue related to statistics module Module: behavioural_qc PR or issue related behavioural_qc module Module: dashboard PR or issue related to dashboard module Module: genomic_browser PR or issue related to genomic_browser module Module: imaging_browser PR or issue related to imaging_browser module Module: schedule_module PR or issue related to the schedule_manager module Module: dataquery PR or issue related to (new) dataquery module labels Jun 5, 2025
@adamdaudrich adamdaudrich changed the base branch from main to 27.0-release June 5, 2025 14:07
CamilleBeau
CamilleBeau approved these changes Jun 5, 2025
View reviewed changes
Copy link
Collaborator

@CamilleBeau CamilleBeau left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! I was not able to edit any instrument data, including anything from the sidebar, and I was not able to see behavioural feedback with the "instrument view" permission. Access profile does not show up in this case as well, so the instruments from the instrument module are only viewable with a direct link.

With the "Instrument view" permission, I was able to access the instrument data from the DQT.

@CamilleBeau CamilleBeau added the Passed manual tests PR has been successfully tested by at least one peer label Jun 5, 2025
@driusan driusan merged commit 903157f into aces:27.0-release Jun 12, 2025
1 check passed
@regisoc regisoc mentioned this pull request Jun 18, 2025
Merged
3 tasks
SKADE2303 pushed a commit to SKADE2303/Loris that referenced this pull request Jul 10, 2025
@adamdaudrich
[instruments] Add view permission (aces#9762)
155f1d5 
1. this hasAccess function returns a call to hasAnyPermission() to check
for 'data_entry' and 'view_instrument_data' permissions. Either one will
work to access instrument data in the DQT.
2. the SQL insert command adds a new permission to permissions list
jeffersoncasimir pushed a commit to jeffersoncasimir/Loris that referenced this pull request Aug 11, 2025
@adamdaudrich @jeffersoncasimir
[instruments] Add view permission (aces#9762)
45429c8 
1. this hasAccess function returns a call to hasAnyPermission() to check
for 'data_entry' and 'view_instrument_data' permissions. Either one will
work to access instrument data in the DQT.
2. the SQL insert command adds a new permission to permissions list
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@driusan driusan driusan left review comments

@kongtiaowang kongtiaowang kongtiaowang left review comments

@CamilleBeau CamilleBeau CamilleBeau approved these changes

@jeffersoncasimir jeffersoncasimir Awaiting requested review from jeffersoncasimir

@KLaFleur KLaFleur Awaiting requested review from KLaFleur

Assignees

@adamdaudrich adamdaudrich

Labels

27.0.0 - Bugs Bugs Found in LORIS 27 testing Language: Javascript PR or issue that update Javascript code Language: PHP PR or issue that update PHP code Language: SQL PR or issue that update SQL code Module: behavioural_qc PR or issue related behavioural_qc module Module: dashboard PR or issue related to dashboard module Module: dataquery PR or issue related to (new) dataquery module Module: genomic_browser PR or issue related to genomic_browser module Module: imaging_browser PR or issue related to imaging_browser module Module: instrument_list PR or issue related to instrument_list module Module: instruments PR or issue related to instruments module Module: schedule_module PR or issue related to the schedule_manager module Module: statistics PR or issue related to statistics module Passed manual tests PR has been successfully tested by at least one peer Priority: High PR or issue should be prioritised over others for review and testing RaisinBread PR or issue introducing/requiring improvements to the Raidinbread dataset

Projects

None yet

Milestone

27.0.0

Development

Successfully merging this pull request may close these issues.

5 participants

@adamdaudrich @kongtiaowang @ridz1208 @driusan @CamilleBeau