diff --git a/src/main/java/eu/hbp/mip/controllers/ExperimentApi.java b/src/main/java/eu/hbp/mip/controllers/ExperimentApi.java
index 722a5a9b04f2049b54e8eabc879ffeaa12b94573..0a7104e9fcc526c92641515668a3a1d3f029d8ad 100644
--- a/src/main/java/eu/hbp/mip/controllers/ExperimentApi.java
+++ b/src/main/java/eu/hbp/mip/controllers/ExperimentApi.java
@@ -110,8 +110,8 @@ public class ExperimentApi {
UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Run algorithm", "Running the algorithm...");
// --- Validating proper access rights on the datasets ---
- String allowedDatasets = authentication.getAuthorities().toString();
- UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Authorities", allowedDatasets.toString());
+ String userRoles = authentication.getAuthorities().toString();
+ UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Authorities", userRoles);
// Getting the dataset from the experiment parameters
String experimentDatasets = null;
@@ -131,7 +131,7 @@ public class ExperimentApi {
for (String dataset : experimentDatasets.split(",")) {
String datasetRole = "role_" + dataset;
- if (!allowedDatasets.toLowerCase().contains(datasetRole.toLowerCase())) {
+ if (!userRoles.toLowerCase().contains(datasetRole.toLowerCase())) {
UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Run algorithm",
"You are not allowed to use dataset: " + dataset);
return ResponseEntity.status(403).body("You are not allowed to use dataset: " + dataset);
diff --git a/src/main/java/eu/hbp/mip/controllers/PathologiesApi.java b/src/main/java/eu/hbp/mip/controllers/PathologiesApi.java
index 5b8b4421a2e1f96d73b045582847810ae880e02d..48e2a0fa17e251f2e0f9141399fac5666b03128b 100644
--- a/src/main/java/eu/hbp/mip/controllers/PathologiesApi.java
+++ b/src/main/java/eu/hbp/mip/controllers/PathologiesApi.java
@@ -4,13 +4,18 @@
package eu.hbp.mip.controllers;
-import com.fasterxml.jackson.core.type.TypeReference;
+import com.google.gson.Gson;
+import com.google.gson.reflect.TypeToken;
+import eu.hbp.mip.model.PathologyDTO;
+import eu.hbp.mip.model.PathologyDTO.PathologyDatasetDTO;
import eu.hbp.mip.model.UserInfo;
import eu.hbp.mip.utils.CustomResourceLoader;
+import eu.hbp.mip.utils.UserActionLogging;
import io.swagger.annotations.Api;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.io.Resource;
-import org.springframework.core.io.ResourceLoader;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.Authentication;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
@@ -19,7 +24,9 @@ import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
-import eu.hbp.mip.utils.UserActionLogging;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE;
@@ -28,28 +35,69 @@ import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE;
@Api(value = "/pathologies")
public class PathologiesApi {
+ private static final Gson gson = new Gson();
+
@Autowired
private UserInfo userInfo;
- @RequestMapping(name = "/pathologies", method = RequestMethod.GET)
- public String getPathologies() {
- UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "load the pathologies", "");
-
- return loadPathologies();
- }
-
@Autowired
private CustomResourceLoader resourceLoader;
- private String loadPathologies() {
- Resource resource = resourceLoader.getResource("file:/opt/portal/api/pathologies.json");
- String result;
+ @RequestMapping(name = "/pathologies", method = RequestMethod.GET)
+ public ResponseEntity<String> getPathologies(Authentication authentication) {
+ UserActionLogging.LogUserAction(userInfo.getUser().getUsername(), "Load all the pathologies", "");
+
+ Resource resource = resourceLoader.getResource("file:/opt/portal/api/pathologies.json");
+ List<PathologyDTO> allPathologies;
try {
- result = convertInputStreamToString(resource.getInputStream());
+ allPathologies = gson.fromJson(convertInputStreamToString(resource.getInputStream()), new TypeToken<List<PathologyDTO>>() {
+ }.getType());
} catch (IOException e) {
- result = "{\"error\" : \"The pathologies.json file could not be read.\"}";
+ return ResponseEntity.badRequest().body("{\"error\" : \"The pathologies.json file could not be read.\"}");
}
- return result;
+
+ // --- Providing only the allowed pathologies/datasets to the user ---
+ UserActionLogging.LogUserAction(userInfo.getUser().getUsername(),
+ "Load all the pathologies", "Filter out the unauthorised datasets.");
+
+ List<String> userRoles = Arrays.asList(authentication.getAuthorities().toString().toLowerCase()
+ .replaceAll("[\\s+\\]\\[]","").split(","));
+
+ UserActionLogging.LogUserAction(userInfo.getUser().getUsername(),
+ "Load all the pathologies", "Authorities : " + authentication.getAuthorities().toString());
+
+ UserActionLogging.LogUserAction(userInfo.getUser().getUsername(),
+ "Load all the pathologies", "Authorities: " + userRoles);
+
+ List<PathologyDTO> userPathologies = new ArrayList<>();
+ for (PathologyDTO curPathology : allPathologies) {
+ UserActionLogging.LogUserAction(userInfo.getUser().getUsername(),
+ "Load all the pathologies", "Pathology: " + curPathology);
+
+ List<PathologyDatasetDTO> userPathologyDatasets = new ArrayList<PathologyDatasetDTO>();
+ for (PathologyDatasetDTO dataset : curPathology.getDatasets()) {
+ if(userRoles.contains("role_" + dataset.getCode())){
+ userPathologyDatasets.add(dataset);
+ }
+ }
+
+ UserActionLogging.LogUserAction(userInfo.getUser().getUsername(),
+ "Load all the pathologies", "User Pathologies size: " + userPathologyDatasets.size());
+
+ if(userPathologyDatasets.size() > 0){
+ UserActionLogging.LogUserAction(userInfo.getUser().getUsername(),
+ "Load all the pathologies", "Added the pathology");
+
+ PathologyDTO userPathology = new PathologyDTO();
+ userPathology.setCode(curPathology.getCode());
+ userPathology.setLabel(curPathology.getLabel());
+ userPathology.setMetadataHierarchy(curPathology.getMetadataHierarchy());
+ userPathology.setDatasets(userPathologyDatasets);
+ userPathologies.add(userPathology);
+ }
+ }
+
+ return ResponseEntity.ok().body(gson.toJson(userPathologies));
}
// Pure Java
diff --git a/src/main/java/eu/hbp/mip/model/PathologyDTO.java b/src/main/java/eu/hbp/mip/model/PathologyDTO.java
new file mode 100644
index 0000000000000000000000000000000000000000..e447ba6053a6126c66ce20910cc78af07b6988e1
--- /dev/null
+++ b/src/main/java/eu/hbp/mip/model/PathologyDTO.java
@@ -0,0 +1,77 @@
+package eu.hbp.mip.model;
+
+import com.google.gson.annotations.SerializedName;
+
+import java.util.List;
+
+public class PathologyDTO {
+
+ public String getCode() {
+ return code;
+ }
+
+ public void setCode(String code) {
+ this.code = code;
+ }
+
+ public String getLabel() {
+ return label;
+ }
+
+ public void setLabel(String label) {
+ this.label = label;
+ }
+
+ public Object getMetadataHierarchy() {
+ return metadataHierarchy;
+ }
+
+ public void setMetadataHierarchy(Object metadataHierarchy) {
+ this.metadataHierarchy = metadataHierarchy;
+ }
+
+ public List<PathologyDatasetDTO> getDatasets() {
+ return datasets;
+ }
+
+ public void setDatasets(List<PathologyDatasetDTO> datasets) {
+ this.datasets = datasets;
+ }
+
+ @SerializedName("code")
+ private String code;
+
+ @SerializedName("label")
+ private String label;
+
+ @SerializedName("metadataHierarchy")
+ private Object metadataHierarchy;
+
+ @SerializedName("datasets")
+ private List<PathologyDatasetDTO> datasets;
+
+ public static class PathologyDatasetDTO {
+ @SerializedName("code")
+ private String code;
+
+ @SerializedName("label")
+ private String label;
+
+ public String getCode() {
+ return code;
+ }
+
+ public void setCode(String code) {
+ this.code = code;
+ }
+
+ public String getLabel() {
+ return label;
+ }
+
+ public void setLabel(String label) {
+ this.label = label;
+ }
+ }
+
+}