Merge pull request #295 from CanDIG/daisieh/query-beacon

CanDIG · Mar 5, 2024 · 02c1c93 · 02c1c93
2 parents b25e0e7 + 868baa5
commit 02c1c93
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 10 deletions.
diff --git a/htsget_server/authz.py b/htsget_server/authz.py
@@ -15,8 +15,6 @@ def is_authed(id_, request):
         print("WARNING: TEST MODE, AUTHORIZATION IS DISABLED")
         app.logger.warning("WARNING: TEST MODE, AUTHORIZATION IS DISABLED")
         return 200 # no auth
-    if is_site_admin(request):
-        return 200
     if "Authorization" in request.headers:
         authed_cohorts = get_authorized_cohorts(request)
         obj = database.get_drs_object(id_)

diff --git a/htsget_server/beacon_operations.py b/htsget_server/beacon_operations.py
@@ -279,8 +279,8 @@ def search(raw_req):
         response['beaconHandovers'] = []
         query_info = {} # program_id and submitter_sample_id
         for drs_obj_id in variants_by_file.keys():
-            # look for samples and cohorts
-            drs_obj, status_code = drs_operations.get_object(drs_obj_id)
+            # look for samples and cohorts for all drs objects, even if user is not authorized
+            drs_obj = database.get_drs_object(drs_obj_id)
             if "cohort" in drs_obj:
                 if drs_obj["cohort"] not in query_info:
                     query_info[drs_obj["cohort"]] = []

diff --git a/htsget_server/drs_operations.py b/htsget_server/drs_operations.py
@@ -44,9 +44,6 @@ def get_object(object_id, expand=False):
         new_object = database.get_drs_object(escape(object_id), expand)
         auth_code = authz.is_authed(escape(object_id), request)
         if auth_code != 200:
-            # allow request if it's from query
-            if authz.request_is_from_query(request):
-                return new_object, 200
             return {"message": f"Not authorized to access object {object_id}"}, auth_code
     if new_object is None:
         return {"message": "No matching object found"}, 404

diff --git a/tests/test_htsget_server.py b/tests/test_htsget_server.py
@@ -36,10 +36,14 @@ def get_headers(username=USERNAME, password=PASSWORD):
     return headers
 
 
-def test_remove_objects():
-    cohorts = ["test-htsget", "1000genomes"]
+def test_remove_objects(cohorts):
     headers = get_headers()
+    candig_url = os.getenv("CANDIG_URL")
+
     for cohort in cohorts:
+        if candig_url is not None:
+            response = requests.delete(f"{candig_url}/ingest/program/{cohort}/email/{USERNAME}@test.ca", headers=get_headers())
+
         url = f"{HOST}/ga4gh/drs/v1/cohorts/{cohort}"
         response = requests.request("GET", url, headers=headers)
         if response.status_code == 200:
@@ -53,13 +57,20 @@ def test_remove_objects():
             assert obj["cohort"] != cohort
 
 
-def test_post_objects(drs_objects):
+def test_post_objects(drs_objects, cohorts):
     """
     Install test objects. Will fail if any post request returns an error.
     """
     # clean up old objects in db:
     url = f"{HOST}/ga4gh/drs/v1/objects"
     headers = get_headers()
+    candig_url = os.getenv("CANDIG_URL")
+
+    for cohort in cohorts:
+        if candig_url is not None:
+            response = requests.post(f"{candig_url}/ingest/program/{cohort}/email/{USERNAME}@test.ca", headers=get_headers())
+            print(response.text)
+
     response = requests.request("GET", url, headers=headers)
 
     for obj in drs_objects:
@@ -512,6 +523,11 @@ def test_vcf_json():
     assert len(res.json()['variants']) == 7
 
 
+@pytest.fixture
+def cohorts():
+    return ["test-htsget", "1000genomes"]
+
+
 @pytest.fixture
 def drs_objects():
     drs_objects = {}