Observer role #898
Open
Observer role #898
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Adds a new SubmissionObserver class to store access keys for observer role in new HEPSubmissions
Adds creation of the SubmissionObserver object upon HEPSubmission creation, as well as deletion when finalising, creating a new version, or removing the specific submission. Also adds key verification function.
Adds functionality for the metadata function, which handles /record/int endpoint to pass given observer_key to the render_record function.
Fixes deletion code for SubmissionObserver, previous code was wrong.
Adds the observer_key data (if exists) to the context in records/api to display a verified access key.
Adds a new clipboard entry for the access key copy button and accompanying HTML, and some modifications to allow the CSS to be extended to function on the new button.
Adds new observer key creation to new version of submission within records/api.py
Updates the submit_post function in submission/views.py (POST handler for /submit) to return observer key and publication_recid of the submission to generate access URL.
Adds the observer key to the post submission screen. Modifies the request triggered by the submit button to receive and display observer key/recid as a response. Adds observer key div to submit.html.
…mission Add status filtering to observer key creation in get_or_create_hepsubmission to allow only "todo" (to deny creation in sandbox instances)
Adds a basic observer key test to test against the render_record function permission/observer key functionality
Renames access_key to observer_key and refactors the SubmissionObserver object to use publication_recid
Adds an endpoint at /record/coordinator/observer_key/ to retrieve an observer key for a specific record if the user has permission to do so.
Adds a function to get or create a submission observer object for a given recid in submission utils.
…server Update get_or_create_hepsubmission to use get_or_create_submission_observer
Adds a message to the post-submission widget about the observer key. Also adds default hidden status and code to remove after submission.
Remove unique constraint from observer_key in SubmissionObserver object model.
Updates SubmissionObserver key generation to an 8 character truncated UUID
Fixes old references to access_key and submission.id in test_observer_key. Updated to observer_key and submission.publication_recid.
Moves get_or_create_submission_observer into a more suitable submodule (submission/api). Also handles potential regeneration of submissions during get.
Updates observer_url to use HEPDATA.site_url. No functional change here.
Adds the SubmissionObserver key to the email sent after submission in email/api.py Also modifies HTML to accommodate this.
Switches getting the SubmissionObserver object in creaet_new_version to use get_or_create_submission_observer.
Updates the observer_key endpoint to now return the full URL instead of just the key.
Adds just the observer key URL text to the dashboard "Manage Submission" widget at the bottom. Adds JS to handle the request and setting of this data. Includes HTML/CSS changes.
Moves verify_observer_key function from records/api.py into permissions/api.py, where it is more relevant as a permissions function.
Add missing import from records_test.py for verify_observer_key from permissions.api
Improves observer key selection and use logic. Should now appear when both using (as logged in perms user), and when not logged in with the observer key. Will also not query on every reload (reuses queried val)
Slightly improves observer key logic in the resource widget code. Will check for todo and observer key, instead of just todo.
Modify render_record to pass observer_key to context when logged in so it properly displays when logged in, but not set in request parameter.
Fixes a bug where observer_key does not properly display when logged in for copy/paste.
Adds further URL checks for a logged out observer for URL display
Updates get_or_create_submission_observer to use get_latest_hepsubmission instead of a basic query. Previous implementation did not consider versioning, so would not properly select the latest submission.
Having the setup_clipboard function inside of the promise was causing issues where (I think) the clipboard was being set up at a bad time, causing no action when clicking it.
GraemeWatt
requested changes
Dec 3, 2025
Member
GraemeWatt
left a comment
GraemeWatt
left a comment
There was a problem hiding this comment.
This looks good. I did a bit more testing and unfortunately found a few problems. Hopefully, it is not too much work to address them.
- The
observer_keyaccess doesn't seem to work for a revised record. When a new version 2 is created (but not finalised), theobserver_keyis added to the database, but including theobserver_keyin the URL still returns version 1 not version 2, even ifversion=2is included explicitly in the URL. - It should be only the decision of the Coordinator whether or not they want to share the
observer_key. It should not be visible to normal Uploaders/Reviewers. Currently, if an Uploader/Reviewer (without Coordinator access) views a record in preparation, the various links (and the JSON format) displayed on the record contain theobserver_key. Can the links (and JSON) suppress theobserver_keyunless it is being used to access the record (for a user without explicit permissions)? - It would be good if the Revision Submission widget could display a link containing the
observer_keyafter clicking the "Revise Submission" button, similar to the link displayed when the original version 1 is created. Thecreate_new_versionfunction should send an email to the Coordinator containing theobserver_keyusing a modification of thenotify_submission_createdfunction. Currently, theobserver_keyof a revised submission can only be obtained from the "Manage Submission" widget on a Coordinator's Dashboard. Sorry, I didn't mention this previously.
Adds a check to ensure only a coordinator can use the get_observer_data endpoint.
Replace == with === in equality check in HEPDATA.get_observer_key_data
Adds a check to ensure that the user is a coordinator before retrieving and setting an observer key in the context.
Collaborator
Author
Without further investigation, I was unsure as to why this was occurring. I will come back to this after I have solved the other outstanding issue.
I have implemented a check to ensure that the user is a coordinator before allowing the return of any observer key data without the key verification. I need to do some testing for this case still.
I have had some issues implementing the copy/paste boxes on widgets so far, I just need to spend a little more time on this one. |
Adds test_observer_create_from_none to test creation of SubmissionObserver objects where a Submission does not already have one, when called for by get_or_create_submission_observer.
Modifies format_submission where the version and version_count values are manipulated as this does not work with the version number of an in progress submission. The version could is incremented instead.
…sion This allows format_submission to be used to properly handle version number display/access on a todo record.
Implements accessing by inspire ID on /record/ and passes any given key to the render_record function
Fixes bug in get_table_details where version was written over.
Updates tests using render_record where observer_key should be added to use of assert_called_once_with
Adds observer key display functionality to the revision widget with copy button. CSS is still missing.
Adds CSS rules to the revision copy button's IDs, and adds relevant IDs to existing copybutton rules.
Adds flex to data_links for copy buttons so they correctly shift to edge of button container.
Adds logic to default select most recent version in render_record when there is a verified observer key, and no version set. As this is how the keys are generated (without an explicit version number)
…record Checks for a verified key, rather than use get_or_create_submission_observer as this will always return.
Updates the notify_submission_created function to add version numbers to subject.
Adds a call to send an email using notify_submission_created in create_new_version when a new Submission version is created.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Opening a draft PR to trigger AI PR reviewing/test implementations.
Adds observer role/access key functionality to HEPData, allows a user to be sent an access key to allow login-free access to view-only records.
closes #130
The SQL required to add the submissionobserver table to the database is as follows:
create table submissionobserver
(
publication_recid serial,
observer_key varchar(8) not null,
constraint pk_submissionobserver
primary key (publication_recid)
);
alter table submissionobserver
owner to hepdata;