Upload switch to allow sharing samples with 3rd party services #801
Conversation
Repumba
changed the title
There was a problem hiding this comment.
Looks OK in general, added minor suggestions.
Another things that came to my mind and could be added in next PRs:
- feature is mostly useful for mwdb.cert.pl instance. It would be nice to have option in configuration
ENABLE_3RD_PARTY_SHARING_CONSENTthat will hide that switch from UI if set to False (which is default) as it can be confusing for self-hosted instance users. MWDB Core still doesn't send anything to 3rd parties on its own. - Switch position could be prettier (e.g. on side of the label) but I haven't managed to do that quickly.
docs/karton-guide.rst
Outdated
| @@ -135,3 +135,17 @@ MWDB-Core 2.3.0 includes automatic migration spawned on ``mwdb-core configure`` | |||
| - enable ``karton_reanalyze`` for all groups having ``karton_manage`` capability before. | |||
|
|
|||
| Built-in integration emulates the original ``karton`` attribute behavior and still exposes and accepts the values provided that way. | |||
|
|
|||
| Sharing with third parties | |||
There was a problem hiding this comment.
I think better place for that section is https://mwdb.readthedocs.io/en/latest/user-guide/9-Sharing-objects.html with making karton a link to https://mwdb.readthedocs.io/en/latest/karton-guide.html (for someone who doesn't know what is Karton)
mwdb/resources/object.py
Outdated
| selected_object.share_3rd_party = True | ||
| db.session.commit() | ||
|
|
||
| return "OK" |
There was a problem hiding this comment.
HTTP 200 without content (as in other endpoints) might be better than non-JSON "OK", because this will crash response.json()
| return "OK" |
mwdb/web/src/commons/api/index.jsx
Outdated
| @@ -547,6 +555,11 @@ function removeKartonAnalysisFromObject(id, analysis_id) { | |||
| return axios.delete(`/object/${id}/karton/${analysis_id}`); | |||
| } | |||
|
|
|||
| function enableSharing3rdParty(identifier) { | |||
| console.log(`/object/${identifier}/share_3rd_party`); | |||
There was a problem hiding this comment.
| console.log(`/object/${identifier}/share_3rd_party`); |
mwdb/core/karton.py
Outdated
| @@ -33,6 +33,7 @@ def send_file_to_karton(file) -> str: | |||
| "attributes": file.get_attributes( | |||
| as_dict=True, check_permissions=False | |||
| ), | |||
| "share_3rd_party": file.share_3rd_party, | |||
There was a problem hiding this comment.
I would add it as another header ("3rd_party": file.share_3rd_party) instead of payload so we don't route objects with share_3rd_party=False to 3rd-party consumers.
There was a problem hiding this comment.
Sidenote: that's another usecase for flags mentioned in CERT-Polska/karton#167
Your checklist for this pull request
What is the current behaviour?
What is the new behaviour?
Make it possible to disallow sharing samples with 3rd parties
Decision is made during upload. If you have
modify_3rd_party_sharingcapability you can change it in front-endFront end:
New box visible only for users with
modify_3rd_party_sharingcapabilityCheckbox is visible for every user
Test plan
I've added automatic tests for changing
share_3rd_partyattribute and for re-uploading samples with different values forshare_3rd_partyClosing issues
closes #740