From 926fe1e7f928c300aa32d2cd61a4655fb073fdb9 Mon Sep 17 00:00:00 2001
From: Syphax Bouazzouni <gs_bouazzouni@esi.dz>
Date: Fri, 11 Feb 2022 09:34:42 +0100
Subject: [PATCH 1/6] Auto stash before merge of "upstream" and
 "upstream/master"

---
 .gitignore   | 2 ++
 Gemfile.lock | 6 +++---
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/.gitignore b/.gitignore
index 68d9c3f8..4045ab4b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -68,3 +68,5 @@ test/test_run.log
 test/data/ontology_files/catalog-v001.xml
 
 create_permissions.log
+
+ontologies_api.iml
diff --git a/Gemfile.lock b/Gemfile.lock
index cb883e4f..99189752 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,6 +1,6 @@
 GIT
   remote: https://github.com/ncbo/goo.git
-  revision: d26b364dc5e8a22753cf9f8495a77c398112683f
+  revision: 89a8f665f70644989adf70cd132bf0f38ef3414d
   branch: master
   specs:
     goo (0.0.2)
@@ -16,7 +16,7 @@ GIT
 
 GIT
   remote: https://github.com/ncbo/ncbo_annotator.git
-  revision: 94a77bb64f3a5af72d909c597869e9923bac3831
+  revision: e224f46dafc254b7d4a1685eb6c5c26d97ab33b7
   branch: master
   specs:
     ncbo_annotator (0.0.1)
@@ -27,7 +27,7 @@ GIT
 
 GIT
   remote: https://github.com/ncbo/ncbo_cron.git
-  revision: 2861124483e60071266f48b2ed6d72e4394de975
+  revision: 3d585ec682d84054668f939b613388186020faa0
   branch: master
   specs:
     ncbo_cron (0.0.1)

From 7ad1e2c691190bbee5d1d48e19ffc1ad39fe7efa Mon Sep 17 00:00:00 2001
From: mdorf <mdorf@stanford.edu>
Date: Thu, 7 Sep 2023 16:52:12 -0700
Subject: [PATCH 2/6] fixed Gemfile after merging from master

---
 Gemfile      | 12 ++++++------
 Gemfile.lock | 24 ++++++++++++------------
 2 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/Gemfile b/Gemfile
index 2236aee2..568b5b35 100644
--- a/Gemfile
+++ b/Gemfile
@@ -42,12 +42,12 @@ gem 'haml', '~> 5.2.2' # pin see https://github.com/ncbo/ontologies_api/pull/107
 gem 'redcarpet'
 
 # NCBO
-gem 'goo', github: 'ncbo/goo', branch: 'develop'
-gem 'ncbo_annotator', github: 'ncbo/ncbo_annotator', branch: 'develop'
-gem 'ncbo_cron', github: 'ncbo/ncbo_cron', branch: 'develop'
-gem 'ncbo_ontology_recommender', github: 'ncbo/ncbo_ontology_recommender', branch: 'develop'
-gem 'ontologies_linked_data', github: 'ncbo/ontologies_linked_data', branch: 'develop'
-gem 'sparql-client', github: 'ncbo/sparql-client', branch: 'develop'
+gem 'goo', github: 'ncbo/goo', branch: 'master'
+gem 'ncbo_annotator', github: 'ncbo/ncbo_annotator', branch: 'master'
+gem 'ncbo_cron', github: 'ncbo/ncbo_cron', branch: 'master'
+gem 'ncbo_ontology_recommender', github: 'ncbo/ncbo_ontology_recommender', branch: 'master'
+gem 'ontologies_linked_data', github: 'ncbo/ontologies_linked_data', branch: 'master'
+gem 'sparql-client', github: 'ncbo/sparql-client', branch: 'master'
 
 group :development do
   # bcrypt_pbkdf and ed35519 is required for capistrano deployments when using ed25519 keys; see https://github.com/miloserdow/capistrano-deploy/issues/42
diff --git a/Gemfile.lock b/Gemfile.lock
index 8ead8d9b..bbd1a6d7 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,7 +1,7 @@
 GIT
   remote: https://github.com/ncbo/goo.git
-  revision: 83425ba6c05d051d86c6f5775540727ce4238443
-  branch: develop
+  revision: b173245c437aea0dd31e8c9df3c6730aa00e7b79
+  branch: master
   specs:
     goo (0.0.2)
       addressable (~> 2.8)
@@ -15,8 +15,8 @@ GIT
 
 GIT
   remote: https://github.com/ncbo/ncbo_annotator.git
-  revision: 067104ae94c0e9d058cfbf419364fbf03f34de43
-  branch: develop
+  revision: ac11b22596b87a6eecbcd70787b2370c18ff4770
+  branch: master
   specs:
     ncbo_annotator (0.0.1)
       goo
@@ -26,8 +26,8 @@ GIT
 
 GIT
   remote: https://github.com/ncbo/ncbo_cron.git
-  revision: ed14911ccb28375298c63e7ca1b388ed0c638abb
-  branch: develop
+  revision: e1e0bf7018cc3a501680c0ab36392bf465ffe130
+  branch: master
   specs:
     ncbo_cron (0.0.1)
       dante
@@ -42,8 +42,8 @@ GIT
 
 GIT
   remote: https://github.com/ncbo/ncbo_ontology_recommender.git
-  revision: e6d4449d8b854f17bb54af6de142bc64bff22ab3
-  branch: develop
+  revision: 06eba3c71f07072f33c7a922e64d2114a6e53648
+  branch: master
   specs:
     ncbo_ontology_recommender (0.0.1)
       goo
@@ -53,8 +53,8 @@ GIT
 
 GIT
   remote: https://github.com/ncbo/ontologies_linked_data.git
-  revision: e33a0e451f8a8226d98291168e45b46d7065e670
-  branch: develop
+  revision: 6f884520e7a1f4feeae4261ef5ef38c1f618cefd
+  branch: master
   specs:
     ontologies_linked_data (0.0.1)
       activesupport
@@ -73,8 +73,8 @@ GIT
 
 GIT
   remote: https://github.com/ncbo/sparql-client.git
-  revision: 55e7dbf858eb571c767bc67868f9af61663859cb
-  branch: develop
+  revision: d418d56a6c9ff5692f925b45739a2a1c66bca851
+  branch: master
   specs:
     sparql-client (1.0.1)
       json_pure (>= 1.4)

From dc22c65488b5f2720cb1fef39c4ed4280e934023 Mon Sep 17 00:00:00 2001
From: mdorf <mdorf@stanford.edu>
Date: Thu, 7 Sep 2023 17:00:35 -0700
Subject: [PATCH 3/6] Gemfile.lock update

---
 Gemfile.lock | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index bbd1a6d7..856575e9 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,6 +1,6 @@
 GIT
   remote: https://github.com/ncbo/goo.git
-  revision: b173245c437aea0dd31e8c9df3c6730aa00e7b79
+  revision: cd477a1c71d8c2b2c26c3ea92c9457643a9cc70a
   branch: master
   specs:
     goo (0.0.2)
@@ -53,7 +53,7 @@ GIT
 
 GIT
   remote: https://github.com/ncbo/ontologies_linked_data.git
-  revision: 6f884520e7a1f4feeae4261ef5ef38c1f618cefd
+  revision: 89474face62004ab70430ef718556fe50720e038
   branch: master
   specs:
     ontologies_linked_data (0.0.1)
@@ -164,7 +164,9 @@ GEM
     google-cloud-env (1.6.0)
       faraday (>= 0.17.3, < 3.0)
     google-cloud-errors (1.3.1)
+    google-protobuf (3.24.3-aarch64-linux)
     google-protobuf (3.24.3-x86_64-darwin)
+    google-protobuf (3.24.3-x86_64-linux)
     googleapis-common-protos (1.4.0)
       google-protobuf (~> 3.14)
       googleapis-common-protos-types (~> 1.2)
@@ -178,9 +180,15 @@ GEM
       multi_json (~> 1.11)
       os (>= 0.9, < 2.0)
       signet (>= 0.16, < 2.a)
+    grpc (1.57.0)
+      google-protobuf (~> 3.23)
+      googleapis-common-protos-types (~> 1.0)
     grpc (1.57.0-x86_64-darwin)
       google-protobuf (~> 3.23)
       googleapis-common-protos-types (~> 1.0)
+    grpc (1.57.0-x86_64-linux)
+      google-protobuf (~> 3.23)
+      googleapis-common-protos-types (~> 1.0)
     haml (5.2.2)
       temple (>= 0.8.0)
       tilt

From 22eba94f8d086925d2d8b9b102fedcee0388901b Mon Sep 17 00:00:00 2001
From: Syphax bouazzouni <gs_bouazzouni@esi.dz>
Date: Thu, 21 Sep 2023 02:59:11 +0200
Subject: [PATCH 4/6] make the check_access helper use filter_access if the
 object is a list

---
 helpers/access_control_helper.rb | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/helpers/access_control_helper.rb b/helpers/access_control_helper.rb
index 1de3bee5..b1a9233f 100644
--- a/helpers/access_control_helper.rb
+++ b/helpers/access_control_helper.rb
@@ -6,15 +6,12 @@ module AccessControlHelper
 
       ##
       # For a given object, check the access control settings. If they are restricted, handle appropriately.
-      # For a list, this will filter out results. For single objects, if will throw an error if access is denied.
+      # For a list, this will filter out results.
+      # For single objects, if will throw an error if access is denied.
       def check_access(obj)
         return obj unless LinkedData.settings.enable_security
         if obj.is_a?(Enumerable)
-          if obj.first.is_a?(LinkedData::Models::Base) && obj.first.access_based_on?
-            check_access(obj.first)
-          else
             filter_access(obj)
-          end
         else
           if obj.respond_to?(:read_restricted?) && obj.read_restricted?
             readable = obj.readable?(env["REMOTE_USER"])

From 6d987141cf172736e547f76ee3ae095522c5e052 Mon Sep 17 00:00:00 2001
From: Syphax bouazzouni <gs_bouazzouni@esi.dz>
Date: Thu, 21 Sep 2023 03:21:43 +0200
Subject: [PATCH 5/6] add test for submissions access check with two ontologies
 private and pubic

---
 .../test_ontology_submissions_controller.rb   | 44 +++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/test/controllers/test_ontology_submissions_controller.rb b/test/controllers/test_ontology_submissions_controller.rb
index 7500dce4..40532cd0 100644
--- a/test/controllers/test_ontology_submissions_controller.rb
+++ b/test/controllers/test_ontology_submissions_controller.rb
@@ -192,4 +192,48 @@ def test_download_acl_only
     end
   end
 
+  def test_ontology_submissions_access_controller
+    count, created_ont_acronyms, onts = create_ontologies_and_submissions(ont_count: 2, submission_count: 1, process_submission: false)
+    # case first submission is private
+    acronym = created_ont_acronyms.first
+    ont = onts.first.bring_remaining
+
+    begin
+      allowed_user = User.new({
+                                username: "allowed",
+                                email: "test@example.org",
+                                password: "12345"
+                              })
+      allowed_user.save
+      blocked_user = User.new({
+                                username: "blocked",
+                                email: "test@example.org",
+                                password: "12345"
+                              })
+      blocked_user.save
+
+      ont.acl = [allowed_user]
+      ont.viewingRestriction = "private"
+      ont.save
+
+      LinkedData.settings.enable_security = true
+
+      get "/submissions?apikey=#{allowed_user.apikey}"
+      assert_equal 200, last_response.status
+      submissions = MultiJson.load(last_response.body)
+      assert_equal 2, submissions.size
+
+      get "/submissions?apikey=#{blocked_user.apikey}"
+      assert_equal 200, last_response.status
+      submissions = MultiJson.load(last_response.body)
+      assert_equal 1, submissions.size
+    ensure
+      LinkedData.settings.enable_security = false
+      del = User.find("allowed").first
+      del.delete if del
+      del = User.find("blocked").first
+      del.delete if del
+    end
+  end
+
 end

From 275b7ae6aa495baa0922543633872dae143e7409 Mon Sep 17 00:00:00 2001
From: Syphax Bouazzouni <gs_bouazzouni@esi.dz>
Date: Thu, 21 Sep 2023 03:59:38 +0200
Subject: [PATCH 6/6] check access of ontologies in
 /ontologies/:acronym/submissions endpoint

---
 controllers/ontology_submissions_controller.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/controllers/ontology_submissions_controller.rb b/controllers/ontology_submissions_controller.rb
index f560fa57..3d1050af 100644
--- a/controllers/ontology_submissions_controller.rb
+++ b/controllers/ontology_submissions_controller.rb
@@ -19,9 +19,10 @@ class OntologySubmissionsController < ApplicationController
     ##
     # Display all submissions of an ontology
     get do
-      ont = Ontology.find(params["acronym"]).include(:acronym).first
+      ont = Ontology.find(params["acronym"]).include(:acronym, :administeredBy, :acl, :viewingRestriction).first
       error 422, "Ontology #{params["acronym"]} does not exist" unless ont
       check_last_modified_segment(LinkedData::Models::OntologySubmission, [ont.acronym])
+      check_access(ont)
       ont.bring(submissions: OntologySubmission.goo_attrs_to_load(includes_param))
       reply ont.submissions.sort {|a,b| b.submissionId.to_i <=> a.submissionId.to_i }  # descending order of submissionId
     end