Committee API endpoint

.gitignore

@@ -55,3 +55,4 @@ config/settings/*.local.yml
 config/environments/*.local.yml
 
 /config/master.key
+docs/development/

Gemfile

@@ -95,6 +95,8 @@ group :development, :test do
   # Coverage report
   gem 'simplecov', '~> 0.17.0'
   gem 'mutex_m'
+  # API documentation
+  gem 'rswag' 
 end
 
 group :development do

Gemfile.lock

@@ -214,6 +214,9 @@ GEM
       railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
     json (2.16.0)
+    json-schema (6.1.0)
+      addressable (~> 2.8)
+      bigdecimal (>= 3.1, < 5)
     jwt (2.10.1)
       base64
     language_server-protocol (3.17.0.5)
@@ -402,6 +405,21 @@ GEM
     rspec-retry (0.6.2)
       rspec-core (> 3.3)
     rspec-support (3.13.2)
+    rswag (2.17.0)
+      rswag-api (= 2.17.0)
+      rswag-specs (= 2.17.0)
+      rswag-ui (= 2.17.0)
+    rswag-api (2.17.0)
+      activesupport (>= 5.2, < 8.2)
+      railties (>= 5.2, < 8.2)
+    rswag-specs (2.17.0)
+      activesupport (>= 5.2, < 8.2)
+      json-schema (>= 2.2, < 7.0)
+      railties (>= 5.2, < 8.2)
+      rspec-core (>= 2.14)
+    rswag-ui (2.17.0)
+      actionpack (>= 5.2, < 8.2)
+      railties (>= 5.2, < 8.2)
     rubocop (1.81.7)
       json (~> 2.3)
       language_server-protocol (~> 3.17.0.2)
@@ -599,6 +617,7 @@ DEPENDENCIES
   rsolr (~> 2.5.0)
   rspec-rails (~> 7.0.0)
   rspec-retry (~> 0.6.0)
+  rswag
   sassc-rails (~> 2.1.2)
   seedbank (~> 0.5.0)
   selenium-webdriver (~> 4.26)

app/controllers/api/v1/committee_records_controller.rb

@@ -0,0 +1,111 @@
+module Api
+  module V1
+    class CommitteeRecordsController < ApplicationController
+      # Skip CSRF token verification for API requests
+      skip_before_action :verify_authenticity_token
+
+      # Authentication filter
+      before_action :authenticate_api_key
+
+      # POST /api/v1/committee_records/faculty_committees
+      # Expected params: { access_id: "xyz123" }
+      # Returns: JSON with all committee memberships for the faculty member
+      #
+      # Example request:
+      #   curl -X POST http://localhost:3000/api/v1/committee_records/faculty_committees \
+      #     -H "Content-Type: application/json" \
+      #     -H "Authorization: Bearer your_token_here"\
+      #     -d '{"access_id": "aab27"}'
+
+      def faculty_committees
+        access_id = params[:access_id]
+        # Validate required parameter
+        if access_id.blank?
+          render json: { error: 'access_id is required' }, status: :bad_request
+          return
+        end
+
+        # Find all committee memberships for this faculty member
+        # Note: We search by access_id which is the PSU ID
+        committee_memberships = CommitteeMember
+                                .joins(:submission).where('submissions.status LIKE "released for publication%" OR submissions.status = "waiting for publication release"')
+                                .includes(:committee_role, submission: [:author, :degree, :program])
+                                .where(access_id: access_id)
+
+        render json: {
+          faculty_access_id: access_id,
+          committees: format_committees(committee_memberships)
+        }, status: :ok
+      rescue StandardError => e
+        render json: { error: e.message }, status: :internal_server_error
+      end
+
+      private
+
+        # Authenticate using API Key from environment variable
+        # The API Key should be passed in the Authorization header
+        def authenticate_api_key
+          raw = request.headers["Authorization"].to_s.strip
+
+          token =
+            if raw.downcase.start_with?("bearer ")
+              raw.split(" ", 2).last.to_s.strip
+            else
+              raw
+            end
+
+          @api_token = ApiToken.includes(:external_app).find_by(token: token)
+          return unauthorized! unless @api_token
+
+          @external_app = @api_token.external_app
+          @api_token.update_column(:last_used_at, Time.current)
+
+          true
+        end
+
+        def unauthorized!
+          render json: { error: "Unauthorized" }, status: :unauthorized
+        end
+
+        def format_committees(committee_memberships)
+          committee_memberships.map { |membership| committee_payload(membership) }
+        end
+
+        def committee_payload(membership)
+          submission = membership.submission
+          author = submission&.author
+
+          # Build the committee data object
+          {
+            # Committee member info
+            committee_member_id: membership.id,
+
+            # Committee role
+            role: membership.committee_role&.name,
+            role_code: membership.committee_role&.code,
+
+            # Student information
+            student_fname: author&.first_name,
+            student_lname: author&.last_name,
+            student_access_id: author&.access_id,
+
+            # Submission information
+            submission_id: submission.id,
+            title: submission.title,
+            degree_name: submission.degree&.name,
+            program_name: submission.program&.name,
+            semester: submission.semester,
+            year: submission.year,
+
+            # Important dates
+            approval_started_at: membership.approval_started_at,
+            final_submission_approved_at: submission.final_submission_approved_at,
+
+            # Status information
+            submission_status: submission.status,
+            committee_member_status: membership.status
+          }
+        end
+    end
+  end
+end

app/views/author/submissions/_accessible_version_disclaimer.erb

@@ -0,0 +1,4 @@
+<div>
+  <h3 class='control-label mb-3'> <%= I18n.t("#{current_partner.id}.accessible_version_heading")%></h3>
+  <p> <%= I18n.t("#{current_partner.id}.accessible_version_notice")%> </p>
+</div>

app/views/author/submissions/edit_final_submission.html.erb

@@ -84,6 +84,10 @@
         <%= render partial: '/shared/federal_funding_checkbox', locals: {f: f} %>
       <% end %>
 
+      <% unless current_partner.sset? %>
+        <%= render partial: 'accessible_version_disclaimer' %>
+      <% end %>
+
       <%= render 'shared/copyright_statement' %>
       <%= f.input :has_agreed_to_terms, label: 'I agree to copyright statement', as: :boolean, wrapper: :vertical_boolean, required: true %>
 

config/initializers/rswag_api.rb

@@ -0,0 +1,14 @@
+Rswag::Api.configure do |c|
+
+  # Specify a root folder where Swagger JSON files are located
+  # This is used by the Swagger middleware to serve requests for API descriptions
+  # NOTE: If you're using rswag-specs to generate Swagger, you'll need to ensure
+  # that it's configured to generate files in the same folder
+  c.openapi_root = Rails.root.to_s + '/swagger'
+
+  # Inject a lambda function to alter the returned Swagger prior to serialization
+  # The function will have access to the rack env for the current request
+  # For example, you could leverage this to dynamically assign the "host" property
+  #
+  #c.swagger_filter = lambda { |swagger, env| swagger['host'] = env['HTTP_HOST'] }
+end

config/initializers/rswag_ui.rb

@@ -0,0 +1,16 @@
+Rswag::Ui.configure do |c|
+
+  # List the Swagger endpoints that you want to be documented through the
+  # swagger-ui. The first parameter is the path (absolute or relative to the UI
+  # host) to the corresponding endpoint and the second is a title that will be
+  # displayed in the document selector.
+  # NOTE: If you're using rspec-api to expose Swagger files
+  # (under openapi_root) as JSON or YAML endpoints, then the list below should
+  # correspond to the relative paths for those endpoints.
+
+  c.swagger_endpoint '/api-docs/v1/swagger.yaml', 'API V1 Docs'
+
+  # Add Basic Auth in case your API is private
+  # c.basic_auth_enabled = true
+  # c.basic_auth_credentials 'username', 'password'
+end

config/locales/partners/en/graduate/graduate.en.yml

@@ -370,6 +370,11 @@ en:
         message: "Before proceeding to your final submission, you must pay the $10 thesis fee.  The fee can be paid at the <a href='https://secure.gradsch.psu.edu/paymentportal/' target='_blank'>Payment Section</a> of the Fox Graduate School Thesis and Dissertation Information <a href='https://gradschool.psu.edu/completing-your-degree/thesis-and-dissertation-information/' target='_blank'>webpage</a>."
       dissertation:
         message: "Before proceeding to your final submission, you must pay the $50 dissertation fee.  The fee can be paid at the <a href='https://secure.gradsch.psu.edu/paymentportal/' target='_blank'>Payment Section</a> of the Fox Graduate School Thesis and Dissertation Information <a href='https://gradschool.psu.edu/completing-your-degree/thesis-and-dissertation-information/' target='_blank'>webpage</a>."
+    accessible_version_heading: 'Accessible Version Generation Privacy Notice'
+    accessible_version_notice: |
+      When your PDF is downloaded for the first time, an accessible version will be created to meet ADA Title II requirements.
+      Your file will be temporarily processed by Adobe to generate an accessible format.
+      Images will be temporarily sent to AWS Bedrock for AI-generated alt-text.
     admin:
       umg: 'cn=umg/psu.sas.etda-graduate-admins,dc=psu,dc=edu'
       submission:

config/locales/partners/en/honors/honors.en.yml

@@ -232,6 +232,11 @@ en:
       restricted_attr:
         description_html: 'The option selected secures the body of the thesis for a period of two years. Selection of this option requires that an invention disclosure (ID) be filed with the Office of Technology Management (OTM) prior to submission of the final honors thesis and confirmed by OTM. At the end of the two-year period, the work will be released automatically for open access unless a written request is made to extend this option for an additional year. The written request for an extension should be sent 30 days prior to the end of the two-year period to the Honors College Records Department, 10 Schreyer Honors College, The Pennsylvania State University, University Park, PA 16802, or by e-mail to %{link}. Please note: No one will be able to view your work under this option.'
         scope: final_withheld
+    accessible_version_heading: 'Accessible Version Generation Privacy Notice'
+    accessible_version_notice: |
+      When your PDF is downloaded for the first time, an accessible version will be created to meet ADA Title II requirements.
+      Your file will be temporarily processed by Adobe to generate an accessible format.
+      Images will be temporarily sent to AWS Bedrock for AI-generated alt-text.
     download:
       login_html: 'Login using your Penn State access account to view the paper.'
     approver:

config/locales/partners/en/milsch/milsch.en.yml

@@ -235,6 +235,11 @@ en:
          scope: final_withheld
     download:
       login_html: 'Login using your Penn State access account to view the paper.'
+    accessible_version_heading: 'Accessible Version Generation Privacy Notice'
+    accessible_version_notice: |
+      When your PDF is downloaded for the first time, an accessible version will be created to meet ADA Title II requirements.
+      Your file will be temporarily processed by Adobe to generate an accessible format.
+      Images will be temporarily sent to AWS Bedrock for AI-generated alt-text.
     approver:
       review_form:
         file_list_heading: "Files I need to review:"

config/routes.rb

@@ -2,6 +2,8 @@
 require 'sidekiq/web'
 
 Rails.application.routes.draw do
+  mount Rswag::Api::Engine => '/api-docs'
+  mount Rswag::Ui::Engine => '/api-docs'
 
   devise_for :approvers, path: 'approver'
   devise_for :authors, path: 'author'
@@ -18,10 +20,14 @@
 
   get '/', to: redirect(path: '/main')
 
-  mount Sidekiq::Web => '/sidekiq'
-
   mount OkComputer::Engine, at: "/healthcheck"
 
+  namespace :api do
+    namespace :v1 do
+        post "committee_records/faculty_committees"
+    end
+  end
+
   ## works: get '/committee_members/autocomplete', to: 'ldap_lookup#autocomplete', as: :committee_members_autocomplete
   get '/committee_members/autocomplete', to: 'application#autocomplete', as: :committee_members_autocomplete
 
@@ -43,6 +49,10 @@
     resources :approval_configurations, except: [:new, :create, :destroy]
     resources :authors,  except: [:new, :create, :show, :destroy]
 
+    authenticate :admin do
+      mount Sidekiq::Web => '/sidekiq'
+    end
+
     get '/custom_report', to: 'reports#custom_report_index', as: :custom_report_index
     patch '/custom_report_export', to: 'reports#custom_report_export', defaults: { format: 'csv' }, as: :custom_report_export
     get '/committee_report', to: 'reports#committee_report_index', as: :committee_report_index
@@ -53,7 +63,6 @@
     patch '/committee_member_report_export', to: 'reports#committee_member_report_export', defaults: { format: 'csv' }, as: :committee_member_report_export
     patch '/graduate_data_report_export', to: 'reports#graduate_data_report_export', defaults: { format: 'json' }, as: :graduate_data_report_export
 
-
     get '/authors/contact_list', to: 'authors#email_contact_list', as: :email_contact_list
 
     get '/submissions/:id/edit', to: 'submissions#edit', as: :edit_submission

db/schema.rb

@@ -195,7 +195,7 @@
     t.index ["name"], name: "index_degrees_on_name", unique: true
   end
 
-  create_table "external_apps", charset: "utf8mb4", collation: "utf8mb4_unicode_ci", force: :cascade do |t|
+  create_table "external_apps", charset: "utf8mb4", force: :cascade do |t|
     t.string "name"
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
@@ -277,7 +277,7 @@
     t.index ["name", "code"], name: "index_programs_on_name_and_code", unique: true
   end
 
-  create_table "remediated_final_submission_files", charset: "utf8mb4", collation: "utf8mb4_unicode_ci", force: :cascade do |t|
+  create_table "remediated_final_submission_files", charset: "utf8mb4", force: :cascade do |t|
     t.bigint "submission_id", null: false
     t.bigint "final_submission_file_id", null: false
     t.text "asset"
@@ -342,9 +342,9 @@
     t.string "lionpath_semester"
     t.string "academic_program"
     t.string "degree_checkout_status"
-    t.datetime "author_release_warning_sent_at", precision: nil
-    t.datetime "acknowledgment_page_submitted_at", precision: nil
     t.string "candidate_number"
+    t.datetime "acknowledgment_page_submitted_at", precision: nil
+    t.datetime "author_release_warning_sent_at", precision: nil
     t.string "extension_token"
     t.datetime "last_lionpath_export_at", precision: nil
     t.index ["author_id"], name: "submissions_author_id_fk"