Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature: Add the slices CRUD endpoints #87

Merged
merged 13 commits into from
Nov 1, 2023

Conversation

syphax-bouazzouni
Copy link

@syphax-bouazzouni syphax-bouazzouni commented May 23, 2022

Forked from #19

This PR adds the following endpoints :

  • Create slice POST https://data.bioontology.org/sclices
  • Get slice details GET https://data.bioontology.org/sclices/:slice_id
  • Update slide info POST https://data.bioontology.org/sclices/:slice_id
  • Delete a slice DELETE https://data.bioontology.org/sclices/:slice_id

Our long-term vision behind slices can be found here; In brief gives the possibility the users to create their slices, with their ontologies, colors, and logo, .... Making Ontoportal a sort a Portal provider for people that don't want or don't have the resources to deploy there own instances (and with portal federation, everything will be also connected).

The biggest blocker here, about the slice features is that we can't can't dynamically create a DSN configuration for each of the slices created by a user.

@alexskr
Copy link
Member

alexskr commented Sep 7, 2023

should slice creation/update be restricted to users with administrative privileges?

@alexskr
Copy link
Member

alexskr commented Sep 7, 2023

The biggest blocker here, about the slice features is that we can't can't dynamically create a DSN configuration for each of the slices created by a user.

it can be done with wildcard subdomains.

@syphax-bouazzouni
Copy link
Author

syphax-bouazzouni commented Sep 7, 2023

Should slice creation/update be restricted to users with administrative privileges?
Now that I have checked again my own code (a year) later, it is true that with this version anyone can create and delete a slice there is no ownership in the current model.

For now, I added a security check on each of the slice write operations. That prevents no admin users from editing them.

 error 403, "Access denied" unless current_user && current_user.admin?

@syphax-bouazzouni syphax-bouazzouni changed the title Add the slices CRUD endpoints Feature: Add the slices CRUD endpoints Sep 7, 2023
@alexskr
Copy link
Member

alexskr commented Sep 15, 2023

@syphax-bouazzouni, thanks for adding security check.
Would you please add necessary unit tests for the new functionality.

@alexskr
Copy link
Member

alexskr commented Sep 15, 2023

it would also be a good idea to restrict the use of underscores (_) in the slice names.
Underscores are generally allowed in subdomain names according to the DNS specification. However, it's important to note that while they are technically allowed, they may not be supported or accepted by all DNS servers, web browsers, software applications and certificate authorities.

@syphax-bouazzouni
Copy link
Author

@syphax-bouazzouni, thanks for adding security check. Would you please add necessary unit tests for the new functionality.

Added here 6dc238d

it would also be a good idea to restrict the use of underscores (_) in the slice names. Underscores are generally allowed in subdomain names according to the DNS specification. However, it's important to note that while they are technically allowed, they may not be supported or accepted by all DNS servers, web browsers, software applications and certificate authorities.

Added ncbo/ontologies_linked_data#176

@codecov-commenter
Copy link

codecov-commenter commented Oct 28, 2023

Codecov Report

Merging #87 (8489f2b) into master (9743042) will increase coverage by 0.01%.
Report is 49 commits behind head on master.
The diff coverage is 69.76%.

@@            Coverage Diff             @@
##           master      #87      +/-   ##
==========================================
+ Coverage   71.84%   71.85%   +0.01%     
==========================================
  Files          52       52              
  Lines        2845     2878      +33     
==========================================
+ Hits         2044     2068      +24     
- Misses        801      810       +9     
Flag Coverage Δ
unittests 71.85% <69.76%> (+0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files Coverage Δ
controllers/metrics_controller.rb 58.69% <100.00%> (-1.73%) ⬇️
controllers/ontology_analytics_controller.rb 100.00% <100.00%> (ø)
controllers/ontology_submissions_controller.rb 73.07% <100.00%> (+3.17%) ⬆️
helpers/access_control_helper.rb 83.33% <ø> (-1.29%) ⬇️
helpers/application_helper.rb 90.33% <100.00%> (+0.42%) ⬆️
controllers/slices_controller.rb 66.66% <59.37%> (-33.34%) ⬇️

@syphax-bouazzouni syphax-bouazzouni force-pushed the pr/add-slice-get-endpoint branch from 57a527f to 8489f2b Compare October 28, 2023 15:07
@alexskr
Copy link
Member

alexskr commented Oct 30, 2023

@syphax-bouazzouni, Looks great!

@mdorf
Copy link
Member

mdorf commented Nov 1, 2023

@syphax-bouazzouni, we want to merge this PR, but it contains a dependency on a specific branch of 'ontoportal-lirmm/ontologies_linked_data':

gem 'ontologies_linked_data', github: 'ontoportal-lirmm/ontologies_linked_data', branch: 'pr/feature/extend-slice-acronym-validator' 

We definitely don't want to add this dependency to our codebase. This PR doesn't make it clear what functionality/code exactly it requires from that 'ontoportal-lirmm/ontologies_linked_data' branch. Is there another PR that contains that functionality?

@mdorf
Copy link
Member

mdorf commented Nov 1, 2023

If we merge the PR ncbo/ontologies_linked_data#176, can we then remove the dependency on ontoportal-lirmm, or are there other changes that need to be merged first?

@syphax-bouazzouni
Copy link
Author

If we merge the PR ncbo/ontologies_linked_data#176, can we then remove the dependency on ontoportal-lirmm, or are there other changes that need to be merged first?

Yes, this change in the Gemfile, was just to pass the tests.

mdorf added a commit to ncbo/ontologies_linked_data that referenced this pull request Nov 1, 2023
…-acronym-validator

Merging in order to fulfill a dependency required by ncbo/ontologies_api#87
@mdorf mdorf merged commit 803b3b6 into ncbo:master Nov 1, 2023
2 checks passed
mdorf added a commit that referenced this pull request Nov 2, 2023
syphax-bouazzouni referenced this pull request in ontoportal/ontologies_api Jan 16, 2024
…onward (#4)

* fix get a submission metrics

* Auto stash before merge of "upstream" and "upstream/master"

* add the slice get endpoint

* add the slices create endpoint

* add the slices delete endpoint

* add the slices update endpoint

* Add caching for analytics for 24 hours.

* Fix for #97. Check for ontology existence before brining attributes

* Handle edge case for submission downloads which do not have UploadFilePath set

Fixes #98

* Gemfile.lock update

* Add GH workflow for capistrano deployments

* Update Gemfile.lock

* fix ability to run deployment manually

* Fix for deprecation notice of Rack::Attack.throttled_response

Update configuration to closely match rack attack documentation in order
to address deprecation notice:
[DEPRECATION] Rack::Attack.throttled_response is deprecated. Please use Rack::Attack.throttled_responder instead

* Update version of actions/checkout to address deprecation notices

* Fix: Documentation rendering  (#107)

* Auto stash before merge of "upstream" and "upstream/master"

* fix haml gem version

* Update Gemfile

* Restore branch specifier to master

* Update capistrano sample config to include setting which branch to deploy from

* Gemfile.lock update

* Gemfile.lock update

* Gemfile.lock update

* Gemfile.lock update

* Make sure ontology is present when accessing submissions.

Fixes an internal server error when accessing submission for non-existent/deleted ontology

* Remove owlapi_wrapper.jar file.  It is included elsewhere

* Add health checks for docker services and add more config file options

* Remove wait-for-it

* Add health check to AG service

* Add GH workflow for publishing docker images

* Add missing redis port number

* Restore branch specifier to develop

* Set mgrep port to 55556

* add arm64 platform

* bump up version of solr-ut

* Fix ncbo#116

- pinned redis-store to 1.9.1 until #358 gets resolved
- fixed deprecation notices "warning: calling URI.open via Kernel#open
  is deprecated, call URI.open directly or use URI#open"

* Restore branch specifier to master

* fix for wrongly replaced string

* Delete fix_purls.rb

fix_purls.rb moved to a rake task under ncbo_cron project

* Remove google analytics depenencies since those needed only in ncbo_cron

* bump up major version of oj and faraday

* remove search_index.rb script

* lock gem rack-cache to 1.13.0

see ncbo#118

* remove depenency on redis-activesupport

rack-attack can work with redis directly so there is no need to use
redis-activesupport which is no longer being actively developed

* unpin redis-store

solves:
ncbo#105
ncbo#106

* use redis-store from forked repo containing redis 5 compat fixes

this should be reverted back to original after redis 5
copatibilty issues are resolved

* use patched version of agraph v7.3.1

* unpin faraday gem

* Gemfile.lock update

* fixed an issue with the GA4 Analytics migration

* fixed an issue with the GA4 Analytics migration

* reduce request limit for resource intensive api calls (#121)

* Announce deployments in NewRelic  (#124)

* Record deployments to NewRelic

https://docs.newrelic.com/docs/apm/agents/ruby-agent/features/record-deployments-ruby-agent/

* add newrelic to deployment group

github actions deployment doesn't install default group so
capistrano fails to find newrelic recepies unless we add it
to the deployment group

* add rubocop

* Gemfile update, goo version including goo#138 and goo#139

* Gemfile.lock update

* Gemfile.lock update

* Gemfile.lock update

* update slice write operation to check if user is admin

* Gemfile.lock update

* fixed an accidental commit of docker compose file

* fixed Gemfile after merging from master

* Gemfile.lock update

* update Gemfile.lock

* Gemfile.lock update

* redis-store gem with redis 5 compatibility fix

* Gemfile.lock update

* make the check_access helper use filter_access if the object is a list

* add test for submissions access check with two ontologies private and pubic

* check access of ontologies in /ontologies/:acronym/submissions endpoint

* Set gem branch specifier to develop

* reset branch specifier to master

* add the slice get endpoint

* add the slices create endpoint

* add the slices delete endpoint

* add the slices update endpoint

* update slice write operation to check if user is admin

* add slices creation & deletion unit tests

* Gemfile.lock update

* Gemfile.lock update

* Merged #87 from master

* fixed Gemfile after merge

* Gemfile.lock update

* update Gemfile.lock

* Add configurable option for github org where code is deployed from

* Gemfile update

* Gemfile update

* check existance of acroym before fetching details

fixes #129

* extract slice tests helper to the parent class for reusability

* add a test for the creation of an admin user

* enforce the security of admin user creation

* enforce user deletion security to be admin only

* Gemfile.lock update

* update Gemfile.lock

* Gemfile update

* implemented the first pass at bmir-radx/radx-project#37

* set bundler version to be comptatible with ruby 2.7

* Gemfile.lock update

* implemented #127 - Add API call to trigger ontology pull from remote location

* Gemfile.lock

* implemented a test for #127 - Add API call to trigger ontology pull from remote location

* Gemfile.lock update

* implemented a test for #127 - Add API call to trigger ontology pull from remote location

* implemented a test for #127 - Add API call to trigger ontology pull from remote location

* Gemfile.lock update

* use agraph v8.0.0

* Gemfile.lock update

* Gemfile.lock update

---------

Co-authored-by: Alex Skrenchuk <[email protected]>
Co-authored-by: mdorf <[email protected]>
Co-authored-by: Jennifer Vendetti <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants