Do not filter out VS when user does not hava access to underlying stu…

…dy samples

src/main/java/org/cbioportal/web/PublicVirtualStudiesController.java

@@ -4,7 +4,6 @@
 import io.swagger.v3.oas.annotations.media.Content;
 import io.swagger.v3.oas.annotations.media.Schema;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
-import org.cbioportal.security.VirtualStudyPermissionService;
 import org.cbioportal.service.CancerTypeService;
 import org.cbioportal.service.exception.AccessForbiddenException;
 import org.cbioportal.service.exception.CancerTypeNotFoundException;
@@ -52,20 +51,16 @@ public class PublicVirtualStudiesController {
 
     private final CancerTypeService cancerTypeService;
 
-    private final VirtualStudyPermissionService virtualStudyPermissionService;
-
     public PublicVirtualStudiesController(
         @Value("${session.endpoint.publisher-api-key:}") String requiredPublisherApiKey,
         SessionServiceRequestHandler sessionServiceRequestHandler,
         @Value("${session.service.url:}") String sessionServiceURL,
-        CancerTypeService cancerTypeService,
-        VirtualStudyPermissionService virtualStudyPermissionService
+        CancerTypeService cancerTypeService
     ) {
         this.requiredPublisherApiKey = requiredPublisherApiKey;
         this.sessionServiceRequestHandler = sessionServiceRequestHandler;
         this.sessionServiceURL = sessionServiceURL;
         this.cancerTypeService = cancerTypeService;
-        this.virtualStudyPermissionService = virtualStudyPermissionService;
     }
 
     @GetMapping
@@ -82,7 +77,6 @@ public ResponseEntity<List<VirtualStudy>> getPublicVirtualStudies() {
             });
 
         List<VirtualStudy> virtualStudies = responseEntity.getBody();
-        virtualStudyPermissionService.filterOutForbiddenStudies(virtualStudies);
         return new ResponseEntity<>(virtualStudies, HttpStatus.OK);
     }
 

src/main/java/org/cbioportal/web/SessionServiceController.java

@@ -12,7 +12,6 @@
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
 import jakarta.servlet.http.HttpServletResponse;
 import jakarta.validation.constraints.Size;
-import org.cbioportal.security.VirtualStudyPermissionService;
 import org.cbioportal.service.util.CustomAttributeWithData;
 import org.cbioportal.service.util.CustomDataSession;
 import org.cbioportal.service.util.SessionServiceRequestHandler;
@@ -80,9 +79,6 @@ public class SessionServiceController {
     @Value("${session.service.url:}")
     private String sessionServiceURL;
 
-    @Autowired
-    private VirtualStudyPermissionService virtualStudyPermissionService;
-
     private static Map<SessionPage, Class<? extends PageSettingsData>> pageToSettingsDataClass = ImmutableMap.of(
          SessionPage.study_view, StudyPageSettings.class,
          SessionPage.results_view, ResultsPageSettings.class
@@ -216,14 +212,7 @@ public ResponseEntity<Session> getSession(@PathVariable Session.SessionType type
             Session session;
             switch (type) {
                 case virtual_study:
-                    VirtualStudy virtualStudy = sessionServiceObjectMapper.readValue(sessionDataJson, VirtualStudy.class);
-                    List<VirtualStudy> virtualStudies = new ArrayList<>();
-                    virtualStudies.add(virtualStudy);
-                    virtualStudyPermissionService.filterOutForbiddenStudies(virtualStudies);
-                    if (virtualStudies.isEmpty()) {
-                        return new ResponseEntity<>(HttpStatus.NOT_FOUND);
-                    }
-                    session = virtualStudies.getFirst();
+                    session = sessionServiceObjectMapper.readValue(sessionDataJson, VirtualStudy.class);
                     break;
                 case settings:
                     session = sessionServiceObjectMapper.readValue(sessionDataJson, PageSettings.class);
@@ -266,7 +255,6 @@ public ResponseEntity<List<VirtualStudy>> getUserStudies() throws JsonProcessing
                         new ParameterizedTypeReference<List<VirtualStudy>>() {});
 
                 List<VirtualStudy> virtualStudyList = responseEntity.getBody();
-                virtualStudyPermissionService.filterOutForbiddenStudies(virtualStudyList);
                 return new ResponseEntity<>(virtualStudyList, HttpStatus.OK);
             } catch (Exception exception) {
                 LOG.error("Error occurred", exception);