From 909a8aabbd36a47a54c986b4df2ce753e26817e7 Mon Sep 17 00:00:00 2001 From: Imad Bourouche Date: Wed, 8 Jan 2025 19:20:05 +0100 Subject: [PATCH] Fix: hide private ontologies for non admin users in groups controller (#113) * reject private ontologies for non admin users in groups controller * reject private ontologies from non admin users in categories controller * extract function into helper and remove unnecessary comments --------- Co-authored-by: OntoPortal Bot --- controllers/categories_controller.rb | 8 ++++++-- controllers/groups_controller.rb | 8 ++++++-- helpers/ontology_helper.rb | 9 +++++++++ 3 files changed, 21 insertions(+), 4 deletions(-) diff --git a/controllers/categories_controller.rb b/controllers/categories_controller.rb index 518c8e0f..1306a7c3 100644 --- a/controllers/categories_controller.rb +++ b/controllers/categories_controller.rb @@ -13,7 +13,8 @@ class CategoriesController < ApplicationController # Display all categories get do check_last_modified_collection(LinkedData::Models::Category) - categories = Category.where.include(Category.goo_attrs_to_load(includes_param)).to_a + categories = Category.where.include(*Category.goo_attrs_to_load(includes_param), ontologies: [:viewingRestriction]).to_a + categories = reject_private_ontologies(categories) unless current_user.admin? reply categories end @@ -21,8 +22,9 @@ class CategoriesController < ApplicationController get '/:acronym' do check_last_modified_collection(LinkedData::Models::Category) acronym = params["acronym"] - category = Category.find(acronym).include(Category.goo_attrs_to_load(includes_param)).first + category = Category.find(acronym).include(*Category.goo_attrs_to_load(includes_param), ontologies: [:viewingRestriction]).first error 404, "Category #{acronym} not found" if category.nil? + category = reject_private_ontologies([category]).first unless current_user.admin? reply 200, category end @@ -82,5 +84,7 @@ def create_category end reply 201, category end + + end end \ No newline at end of file diff --git a/controllers/groups_controller.rb b/controllers/groups_controller.rb index 3e670fc3..e33b8b68 100644 --- a/controllers/groups_controller.rb +++ b/controllers/groups_controller.rb @@ -13,7 +13,8 @@ class GroupsController < ApplicationController # Display all groups get do check_last_modified_collection(LinkedData::Models::Group) - groups = Group.where.include(Group.goo_attrs_to_load(includes_param)).to_a + groups = Group.where.include(*Group.goo_attrs_to_load(includes_param), ontologies: [:viewingRestriction]).to_a + groups = reject_private_ontologies(groups) unless current_user.admin? reply groups end @@ -21,8 +22,9 @@ class GroupsController < ApplicationController get '/:acronym' do check_last_modified_collection(LinkedData::Models::Group) acronym = params["acronym"] - g = Group.find(acronym).include(Group.goo_attrs_to_load(includes_param)).first + g = Group.find(acronym).include(*Group.goo_attrs_to_load(includes_param), ontologies: [:viewingRestriction]).first error 404, "Group #{acronym} not found" if g.nil? + g = reject_private_ontologies([g]).first unless current_user.admin? reply 200, g end @@ -81,5 +83,7 @@ def create_group end reply 201, group end + + end end \ No newline at end of file diff --git a/helpers/ontology_helper.rb b/helpers/ontology_helper.rb index 3d82939e..23e485df 100644 --- a/helpers/ontology_helper.rb +++ b/helpers/ontology_helper.rb @@ -75,6 +75,15 @@ def add_file_to_submission(ont, submission) end return filename, tmpfile end + + # reject private ontologies in groups and categories + def reject_private_ontologies(items) + items.each do |item| + public_ontologies = item.ontologies.reject { |ontology| ontology.viewingRestriction == "private" } + item.instance_variable_set(:@ontologies, public_ontologies) + end + end + end end end