Skip to content

Commit

Permalink
limit anonymous users to using discovery config only for metata queries
Browse files Browse the repository at this point in the history
  • Loading branch information
@gsfk
gsfk committed Sep 16, 2024
1 parent 52daf93 commit bd49a6c
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 1 deletion.
3 changes: 2 additions & 1 deletion bento_beacon/app.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
from .utils.beacon_request import save_request_data, validate_request, verify_permissions
from .utils.beacon_response import init_response_data
from .utils.katsu_utils import katsu_censorship_settings
from .utils.censorship import set_censorship_settings
from .utils.censorship import set_censorship_settings, reject_query_if_not_permitted

REQUEST_SPEC_RELATIVE_PATH = "beacon-v2/framework/json/requests/"
BEACON_MODELS = ["analyses", "biosamples", "cohorts", "datasets", "individuals", "runs", "variants"]
Expand Down Expand Up @@ -96,6 +96,7 @@ def before_request():
validate_request()
verify_permissions()
save_request_data()
reject_query_if_not_permitted()
init_response_data()


Expand Down
3 changes: 3 additions & 0 deletions bento_beacon/config_files/config.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -169,6 +169,9 @@ class Config:
PHENOPACKETS_SCHEMA_REFERENCE = {"entityType": "individual", "schema": "phenopackets v1"}

MAX_RETRIES_FOR_CENSORSHIP_PARAMS = 2

# don't let anonymous users query arbitrary phenopacket or experiment fields
ANONYMOUS_METADATA_QUERY_USES_DISCOVERY_CONFIG_ONLY = True
# -------------------
# gohan

Expand Down
16 changes: 16 additions & 0 deletions bento_beacon/utils/censorship.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,3 +70,19 @@ def reject_if_too_many_filters(filters):
def censored_chart_data(data):
t = get_censorship_threshold() # zero with correct permissions
return [{"label": d["label"], "value": d["value"]} for d in data if d["value"] > t]


def query_has_phenopacket_filter():
return bool(g.beacon_query_parameters["phenopacket_filters"])


def query_has_experiment_filter():
return bool(g.beacon_query_parameters["experiment_filters"])


# some anonymous queries are not permitted
def reject_query_if_not_permitted():
if g.permission_query_data or not current_app.config["ANONYMOUS_METADATA_QUERY_USES_DISCOVERY_CONFIG_ONLY"]:
return
if query_has_phenopacket_filter() or query_has_experiment_filter():
raise InvalidQuery("anonymous queries should use filters from discovery config only")

0 comments on commit bd49a6c

Please sign in to comment.