Merge pull request #686 from xchem/staging

Merge staging changes into production for 2024.11.1

api/security.py

@@ -373,17 +373,16 @@ def user_is_member_of_target(
         """
         Returns true if the user has access to any proposal the target belongs to.
         """
-        target_proposals = [p.title for p in target.project_id.all()]
         user_proposals = self.get_proposals_for_user(
             user, restrict_public_to_membership=restrict_public_to_membership
         )
-        is_member = any(proposal in user_proposals for proposal in target_proposals)
+        is_member = target.project.title in user_proposals
         if not is_member:
             logger.warning(
                 "Failed membership check user='%s' target='%s' target_proposals=%s",
                 user.username,
-                target.title,
-                target_proposals,
+                target.pk,
+                target.project.title,
             )
         return is_member
 

api/urls.py

@@ -124,6 +124,11 @@
 router.register(
     "metadata_upload", viewer_views.UploadMetadataView, basename='metadata_upload'
 )
+router.register(
+    "computedset_download",
+    viewer_views.DownloadComputedSetView,
+    basename='computedset_download',
+)
 
 # Squonk Jobs
 router.register(

fragalysis/settings.py

@@ -640,6 +640,7 @@
 # To simplify error messages when the match fails you can also
 # add an error message.
 TAS_REGEX: str = os.environ.get("TAS_REGEX", r"^(lb\d{5})(-(\d+)){0,1}$")
+
 TAS_REGEX_ERROR_MSG: str = os.environ.get(
     "TAS_REGEX_ERROR_MSG",
     "Must begin 'lb' followed by 5 digits, optionally followed by a hyphen and a number.",

hotspots/views.py

@@ -7,4 +7,4 @@ class HotspotView(ISPyBSafeQuerySet):
     queryset = HotspotMap.objects.all()
     serializer_class = HotspotMapSerializer
     filterset_fields = ("map_type", "target", "site_observation")
-    filter_permissions = "target__project_id"
+    filter_permissions = "target__project"

hypothesis/views.py

@@ -21,18 +21,18 @@ class InteractionView(ISPyBSafeQuerySet):
         "prot_smarts",
         "mol_smarts",
     )
-    filter_permissions = "interaction_point__targ_res__target_id__project_id"
+    filter_permissions = "interaction_point__targ_res__target_id__project"
 
 
 class InteractionPointView(ISPyBSafeQuerySet):
     queryset = InteractionPoint.objects.all()
     serializer_class = InteractionPointSerializer
     filterset_fields = ("site_observation", "protein_atom_name", "molecule_atom_name")
-    filter_permissions = "targ_res__target_id__project_id"
+    filter_permissions = "targ_res__target_id__project"
 
 
 class TargetResidueView(ISPyBSafeQuerySet):
     queryset = TargetResidue.objects.all()
     serializer_class = TargetResidueSerialzier
     filterset_fields = ("target_id", "res_name", "res_num", "chain_id")
-    filter_permissions = "target_id__project_id"
+    filter_permissions = "target_id__project"

media_serve/views.py

@@ -5,28 +5,6 @@
 
 logger = logging.getLogger(__name__)
 
-# def prot_download(request, file_path):
-#     """
-#     Download a protein by nginx redirect
-#     :param request: the initial request
-#     :param file_path: the file path we're getting from the static
-#     :return: the response (a redirect to nginx internal)
-#     """
-#     logger.info("+ Received file_download file path: %s", file_path)
-#     ispy_b_static = ISpyBSafeStaticFiles2()
-#     ispy_b_static.model = SiteObservation
-#     ispy_b_static.request = request
-#     # ispy_b_static.permission_string = "target_id__project_id"
-#     # ispy_b_static.permission_string = "target__project_id"
-#     ispy_b_static.permission_string = "experiment__experiment_upload__target__project_id"
-#     # ispy_b_static.field_name = "pdb_info"
-#     ispy_b_static.field_name = "apo_file"
-#     ispy_b_static.content_type = "application/x-pilot"
-#     ispy_b_static.prefix = "/pdbs/"
-#     # ispy_b_static.prefix = "/target_loader_data/"
-#     ispy_b_static.input_string = file_path
-#     return ispy_b_static.get_response()
-
 
 def file_download(request, file_path):
     """
@@ -40,11 +18,8 @@ def file_download(request, file_path):
     # ispy_b_static = ISpyBSafeStaticFiles()
     ispy_b_static.model = SiteObservation
     ispy_b_static.request = request
-    # ispy_b_static.permission_string = "target_id__project_id"
     # the following 2 aren't used atm
-    ispy_b_static.permission_string = (
-        "experiment__experiment_upload__target__project_id"
-    )
+    ispy_b_static.permission_string = "experiment__experiment_upload__target__project"
     # ispy_b_static.field_name = "pdb_info"
     ispy_b_static.field_name = "apo_file"
     ispy_b_static.content_type = "application/x-pilot"
@@ -68,11 +43,8 @@ def tld_download(request, file_path):
     # ispy_b_static = ISpyBSafeStaticFiles()
     ispy_b_static.model = SiteObservation
     ispy_b_static.request = request
-    # ispy_b_static.permission_string = "target_id__project_id"
     # the following 2 aren't used atm
-    ispy_b_static.permission_string = (
-        "experiment__experiment_upload__target__project_id"
-    )
+    ispy_b_static.permission_string = "experiment__experiment_upload__target__project"
     ispy_b_static.field_name = "apo_file"
     ispy_b_static.content_type = "application/x-pilot"
     ispy_b_static.prefix = "/target_loader_data/"
@@ -92,9 +64,7 @@ def cspdb_download(request, file_path):
     ispy_b_static.model = SiteObservation
     ispy_b_static.request = request
     # the following 2 aren't used atm
-    ispy_b_static.permission_string = (
-        "experiment__experiment_upload__target__project_id"
-    )
+    ispy_b_static.permission_string = "experiment__experiment_upload__target__project"
     ispy_b_static.field_name = "apo_file"
     ispy_b_static.content_type = "application/x-pilot"
     ispy_b_static.prefix = "/computed_set_data/"
@@ -112,7 +82,7 @@ def bound_download(request, file_path):
     ispy_b_static = ISPyBSafeStaticFiles()
     ispy_b_static.model = SiteObservation
     ispy_b_static.request = request
-    ispy_b_static.permission_string = "target_id__project_id"
+    ispy_b_static.permission_string = "target_id__project"
     ispy_b_static.field_name = "bound_info"
     ispy_b_static.content_type = "application/x-pilot"
     ispy_b_static.prefix = "/bound/"
@@ -130,7 +100,7 @@ def map_download(request, file_path):
     ispy_b_static = ISPyBSafeStaticFiles()
     ispy_b_static.model = SiteObservation
     ispy_b_static.request = request
-    ispy_b_static.permission_string = "target_id__project_id"
+    ispy_b_static.permission_string = "target_id__project"
 
     substrings = file_path.split('.')[0].split('_')
     substring = [x for x in substrings if x in ['2fofc', 'fofc', 'event']]
@@ -166,7 +136,7 @@ def metadata_download(request, file_path):
     ispy_b_static = ISPyBSafeStaticFiles()
     ispy_b_static.model = Target
     ispy_b_static.request = request
-    ispy_b_static.permission_string = "project_id"
+    ispy_b_static.permission_string = "project"
     ispy_b_static.field_name = "metadata"
     ispy_b_static.content_type = "application/x-pilot"
     ispy_b_static.prefix = "/metadata/"
@@ -184,7 +154,7 @@ def archive_download(request, file_path):
     ispy_b_static = ISPyBSafeStaticFiles()
     ispy_b_static.model = Target
     ispy_b_static.request = request
-    ispy_b_static.permission_string = "project_id"
+    ispy_b_static.permission_string = "project"
     ispy_b_static.field_name = "zip_archive"
     ispy_b_static.content_type = "application/zip"
     ispy_b_static.prefix = "/targets/"

scoring/views.py

@@ -34,7 +34,7 @@ class ViewSceneView(
     # filter_backends = (filters.DjangoFilterBackend,)
     serializer_class = ViewSceneSerializer
     filterset_fields = ("user_id", "uuid")
-    filter_permissions = "snapshot__session_project__target__project_id"
+    filter_permissions = "snapshot__session_project__target__project"
     permission_classes = [IsObjectProposalMember]
 
     def put(self, request, *args, **kwargs):
@@ -113,7 +113,7 @@ class SiteObservationGroupView(
     queryset = SiteObservationGroup.objects.all()
     serializer_class = SiteObservationGroupSerializer
     filterset_fields = ("group_type", "site_observation", "target", "description")
-    filter_permissions = "target__project_id"
+    filter_permissions = "target__project"
     permission_classes = [IsObjectProposalMember]