Fix: hide private ontologies for non admin users in groups controller (…

…#113) * reject private ontologies for non admin users in groups controller * reject private ontologies from non admin users in categories controller * extract function into helper and remove unnecessary comments --------- Co-authored-by: OntoPortal Bot <[email protected]>
ontoportal-lirmm · Jan 8, 2025 · 909a8aa · 909a8aa
1 parent ce2c8d0
commit 909a8aa
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 4 deletions.
diff --git a/controllers/categories_controller.rb b/controllers/categories_controller.rb
@@ -13,16 +13,18 @@ class CategoriesController < ApplicationController
     # Display all categories
     get do
       check_last_modified_collection(LinkedData::Models::Category)
-      categories = Category.where.include(Category.goo_attrs_to_load(includes_param)).to_a
+      categories = Category.where.include(*Category.goo_attrs_to_load(includes_param), ontologies: [:viewingRestriction]).to_a
+      categories = reject_private_ontologies(categories) unless current_user.admin?
       reply categories
     end
 
     # Display a single category
     get '/:acronym' do
       check_last_modified_collection(LinkedData::Models::Category)
       acronym = params["acronym"]
-      category = Category.find(acronym).include(Category.goo_attrs_to_load(includes_param)).first
+      category = Category.find(acronym).include(*Category.goo_attrs_to_load(includes_param), ontologies: [:viewingRestriction]).first
       error 404, "Category #{acronym} not found" if category.nil?
+      category = reject_private_ontologies([category]).first unless current_user.admin?
       reply 200, category
     end
 
@@ -82,5 +84,7 @@ def create_category
       end
       reply 201, category
     end
+
+
   end
 end
diff --git a/controllers/groups_controller.rb b/controllers/groups_controller.rb
@@ -13,16 +13,18 @@ class GroupsController < ApplicationController
     # Display all groups
     get do
       check_last_modified_collection(LinkedData::Models::Group)
-      groups = Group.where.include(Group.goo_attrs_to_load(includes_param)).to_a
+      groups = Group.where.include(*Group.goo_attrs_to_load(includes_param), ontologies: [:viewingRestriction]).to_a
+      groups = reject_private_ontologies(groups) unless current_user.admin?
       reply groups
     end
 
     # Display a single group
     get '/:acronym' do
       check_last_modified_collection(LinkedData::Models::Group)
       acronym = params["acronym"]
-      g = Group.find(acronym).include(Group.goo_attrs_to_load(includes_param)).first
+      g = Group.find(acronym).include(*Group.goo_attrs_to_load(includes_param), ontologies: [:viewingRestriction]).first
       error 404, "Group #{acronym} not found" if g.nil?
+      g = reject_private_ontologies([g]).first unless current_user.admin?
       reply 200, g
     end
 
@@ -81,5 +83,7 @@ def create_group
       end
       reply 201, group
     end
+
+
   end
 end
diff --git a/helpers/ontology_helper.rb b/helpers/ontology_helper.rb
@@ -75,6 +75,15 @@ def add_file_to_submission(ont, submission)
         end
         return filename, tmpfile
       end
+
+      # reject private ontologies in groups and categories 
+      def reject_private_ontologies(items)
+        items.each do |item|
+          public_ontologies = item.ontologies.reject { |ontology| ontology.viewingRestriction == "private" }
+          item.instance_variable_set(:@ontologies, public_ontologies)
+        end
+      end
+
     end
   end
 end