#116 antibody url BE and FE changes - only if permitted

applications/portal/backend/api/mappers/antibody_mapper.py

@@ -12,7 +12,7 @@
 from cloudharness import log
 from openapi.models import Antibody as AntibodyDTO
 from openapi.models import AbstractAntibody as AbstractAntibodyDTO
-from .mapping_utils import dict_to_snake, dict_to_camel, to_snake
+from .mapping_utils import dict_to_snake, dict_to_camel, to_snake, get_url_if_permitted
 from ..services.gene_service import get_or_create_gene
 from ..services.specie_service import get_or_create_specie
 
@@ -128,6 +128,9 @@ def to_dto(self, dao: Antibody) -> AntibodyDTO:
             ab.sourceOrganism = dao.source_organism.name
         if dao.species and not ab.targetSpecies:
             ab.targetSpecies = [s.name for s in dao.species.all()]
+
+
+        ab.url = get_url_if_permitted(dao)
 
         ab.showLink = dao.show_link if dao.show_link is not None else (dao.vendor and dao.vendor.show_link)
 

applications/portal/backend/api/mappers/mapping_utils.py

@@ -1,5 +1,5 @@
 import re
-
+from api.services.user_service import get_current_user_id
 
 def to_snake(camel_str: str):
     return re.sub(r'(?<!^)(?=[A-Z])', '_', camel_str).lower()
@@ -56,3 +56,20 @@ def dict_to_camel(d):
         "uniprotId": "string",
         "vendorName": "string"
     })))
+
+
+def get_url_if_permitted(dao):
+    """
+        Get antibody URL only if permitted. RULES:
+        1. If user is creator of the antibody, return the URL.
+        2. Else return only if show_link is True.
+    """
+    try:
+        user_id = get_current_user_id()
+    except Exception as e:
+        return dao.url if dao.show_link else None
+
+    if user_id == dao.uid:
+        return dao.url if dao.url else None
+    else:
+        return dao.url if dao.show_link else None

applications/portal/backend/api/tests/test_antibodies.py

@@ -35,7 +35,27 @@ def test_create(self):
         self.assertEquals(ab.vendorName, "My vendorname")
         self.assertTrue("www.bdbiosciences.com" in ab.vendorUrl)
         self.assertEquals(ab.status, Status.QUEUE)
-        self.assertEquals(ab.url, example_ab["url"])
+
+        # current token user is different than the user that created the antibody
+        # so the url should not be shown
+        self.assertIsNone(ab.url)
+
+        # if show_link is set to True, the url should be shown
+        antibody1 = Antibody.objects.get(ix=ab.ix)
+        antibody1.show_link = True
+        antibody1.save()
+        ab1_with_url = antibody_mapper.to_dto(antibody1)
+        example_ab_url = example_ab['url']
+        self.assertEquals(ab1_with_url.url, example_ab_url)
+
+        # if userid is the creator of the antibody, the url should be shown - test with a new example
+        userid = get_current_user_id()
+        example_ab3 = example_ab.copy()
+        example_ab3['catalogNum'] = "N176A/786"
+        ab_with_token_user = create_antibody(AddAntibodyDTO(**example_ab3), userid)
+        self.assertEquals(ab_with_token_user.url, example_ab_url)
+
+
 
         self.assertIsNotNone(ab.insertTime)
 
@@ -72,7 +92,7 @@ def test_create(self):
         assert len(abget.targetSpecies) == 2
 
         ab3 = get_antibody(ab.abId, status=STATUS.QUEUE)[0]
-        assert ab.url == ab3.url
+        assert ab1_with_url.url == ab3.url
 
         a: Antibody = Antibody.objects.get(ab_id=ab.abId)
         a.status = STATUS.CURATED

applications/portal/frontend/src/services/AntibodiesService.ts

@@ -25,7 +25,7 @@ export async function getAntibodies(
 }
 
 function mapAntibody(antibody: Antibody): Antibody {
-  if((!antibody.showLink || !antibody.url) && antibody.vendorUrl) {
+  if ((!antibody.url) && antibody.vendorUrl) {
     antibody.url = antibody.vendorUrl[0];
   }
   if (antibody.url && !antibody.url.includes("//")) {