Merge branch 'SciCatProject:master' into master

Author: joe-baudisch

package-lock.json

@@ -10,7 +10,6 @@ import { ProposalClass } from "src/proposals/schemas/proposal.schema";
 import { Instrument } from "src/instruments/schemas/instrument.schema";
 import { OrigDatablock } from "src/origdatablocks/schemas/origdatablock.schema";
 import { SampleClass } from "src/samples/schemas/sample.schema";
-import { Datablock } from "src/datablocks/schemas/datablock.schema";
 import { DatasetClass } from "./schemas/dataset.schema";
 
 @Injectable({ scope: Scope.REQUEST })
@@ -66,19 +65,19 @@ export class DatasetsAccessService {
         const ability = this.caslAbilityFactory.datasetInstanceAccess(user);
         const canViewAny = ability.can(
           Action.DatasetDatablockReadAny,
-          Datablock,
+          DatasetClass,
         );
         const canViewAccess = ability.can(
           Action.DatasetDatablockReadAccess,
-          Datablock,
+          DatasetClass,
         );
         const canViewOwner = ability.can(
           Action.DatasetDatablockReadOwner,
-          Datablock,
+          DatasetClass,
         );
         const canViewPublic = ability.can(
           Action.DatasetDatablockReadPublic,
-          Datablock,
+          DatasetClass,
         );
 
         return { canViewAny, canViewOwner, canViewAccess, canViewPublic };
@@ -147,10 +146,8 @@ export class DatasetsAccessService {
       fieldValue.$lookup.as as DatasetLookupKeysEnum,
       currentUser,
     );
-
     if (access) {
       const { canViewAny, canViewAccess, canViewOwner } = access;
-
       if (!canViewAny) {
         if (canViewAccess) {
           fieldValue.$lookup.pipeline = [
@@ -185,4 +182,42 @@ export class DatasetsAccessService {
       }
     }
   }
+
+  addDatasetAccess(fieldValue: PipelineStage.Lookup) {
+    const currentUser = this.request.user as JWTUser;
+    const ability = this.caslAbilityFactory.datasetInstanceAccess(currentUser);
+    const canViewAny = ability.can(Action.DatasetReadAny, DatasetClass);
+    const canViewAccess = ability.can(
+      Action.DatasetReadManyAccess,
+      DatasetClass,
+    );
+    const canViewOwner = ability.can(Action.DatasetReadManyOwner, DatasetClass);
+
+    if (!canViewAny) {
+      if (canViewAccess) {
+        fieldValue.$lookup.pipeline?.unshift({
+          $match: {
+            $or: [
+              { ownerGroup: { $in: currentUser.currentGroups } },
+              { accessGroups: { $in: currentUser.currentGroups } },
+              { sharedWith: { $in: [currentUser.email] } },
+              { isPublished: true },
+            ],
+          },
+        });
+      } else if (canViewOwner) {
+        fieldValue.$lookup.pipeline?.unshift({
+          $match: {
+            ownerGroup: { $in: currentUser.currentGroups },
+          },
+        });
+      } else {
+        fieldValue.$lookup.pipeline?.unshift({
+          $match: {
+            isPublished: true,
+          },
+        });
+      }
+    }
+  }
 }

src/datasets/datasets-access.service.ts

@@ -67,7 +67,7 @@ import { CaslModule } from "src/casl/casl.module";
     ]),
     HttpModule,
   ],
-  exports: [DatasetsService],
+  exports: [DatasetsService, DatasetsAccessService],
   controllers: [
     DatasetsPublicV4Controller,
     DatasetsController,

src/datasets/datasets.module.ts

@@ -11,6 +11,12 @@ export enum DatasetLookupKeysEnum {
   all = "all",
 }
 
+export enum DatasetArchiverLookupKeysEnum {
+  origdatablocks = "origdatablocks",
+  datablocks = "datablocks",
+  attachments = "attachments",
+}
+
 export const DATASET_LOOKUP_FIELDS: Record<
   DatasetLookupKeysEnum,
   PipelineStage.Lookup | undefined

src/datasets/types/dataset-lookup.ts

@@ -1,76 +1,52 @@
-import { ApiHideProperty, ApiProperty } from "@nestjs/swagger";
+import { ApiHideProperty } from "@nestjs/swagger";
 import { DatasetListDto } from "./dataset-list.dto";
 
 export class OutputJobV3Dto {
   @ApiHideProperty()
   _id: string;
 
-  @ApiProperty({
-    type: String,
-    required: true,
-    description: "Globally unique identifier of a job.",
-  })
+  /**
+   * Globally unique identifier of a job.
+   */
   id: string;
 
-  @ApiProperty({
-    type: String,
-    required: false,
-    description: "The email of the person initiating the job request.",
-  })
+  /**
+   * The email of the person initiating the job request.
+   */
   emailJobInitiator?: string;
 
-  @ApiProperty({
-    type: String,
-    required: true,
-    description: "Type of job, e.g. archive, retrieve etc.",
-  })
+  /**
+   * Type of job, e.g. archive, retrieve etc.
+   */
   type: string;
 
-  @ApiProperty({
-    type: Date,
-    required: true,
-    description:
-      "Time when job is created. Format according to chapter 5.6 internet date/time format in RFC 3339. This is handled automatically by mongoose with timestamps flag.",
-  })
+  /**
+   * Time when job is created. Format according to chapter 5.6 internet date/time format in RFC 3339. This is handled automatically by mongoose with timestamps flag.
+   */
   creationTime: Date;
 
-  @ApiProperty({
-    type: Date,
-    required: false,
-    description:
-      "Time when job should be executed. If not specified then the Job will be executed asap. Format according to chapter 5.6 internet date/time format in RFC 3339.",
-  })
+  /**
+   * Time when job should be executed. If not specified then the Job will be executed asap. Format according to chapter 5.6 internet date/time format in RFC 3339.
+   */
   executionTime?: Date;
 
-  @ApiProperty({
-    type: Object,
-    required: true,
-    default: {},
-    description:
-      "Object of key-value pairs defining job input parameters, e.g. 'destinationPath' for retrieve jobs or 'tapeCopies' for archive jobs.",
-  })
+  /**
+   * Object of key-value pairs defining job input parameters, e.g. 'destinationPath' for retrieve jobs or 'tapeCopies' for archive jobs.
+   */
   jobParams: Record<string, unknown>;
 
-  @ApiProperty({
-    type: String,
-    required: false,
-    description: "Defines current status of job lifecycle.",
-  })
+  /**
+   * Defines current status of job lifecycle.
+   */
   jobStatusMessage?: string;
 
-  @ApiProperty({
-    type: [DatasetListDto],
-    required: false,
-    description:
-      "Array of objects with keys: pid, files. The value for the pid key defines the dataset ID, the value for the files key is an array of file names. This array is either an empty array, implying that all files within the dataset are selected, or an explicit list of dataset-relative file paths, which should be selected.",
-  })
+  /**
+   * Array of objects with keys: pid, files. The value for the pid key defines the dataset ID, the value for the files key is an array of file names. This array is either an empty array, implying that all files within the dataset are selected, or an explicit list of dataset-relative file paths, which should be selected.
+   */
   datasetList: DatasetListDto[];
 
-  @ApiProperty({
-    type: Object,
-    required: true,
-    default: {},
-    description: "Detailed return value after job is finished.",
-  })
+  /**
+   * Detailed return value after job is finished.
+   */
   jobResultObject: Record<string, unknown>;
 }