Merge pull request #148 from biocore/st_dh_metadata_pulldown_changes

Changes required for supporting metadata pulldown in admin tool

microsetta_private_api/admin/tests/test_admin.py

@@ -278,7 +278,8 @@ def test_get_survey(self):
             # And the meta survey should exist somewhere in all_meta
             found = False
             for survey in all_meta['survey_answers']:
-                if "DIET_TYPE" in survey:
+                if "1" in survey["response"] and \
+                        survey["response"]["1"][0] == 'DIET_TYPE':
                     found = True
                     self.assertDictEqual(meta['survey_answers'][0],
                                          survey)

microsetta_private_api/api/implementation.py

@@ -681,16 +681,29 @@ def verify_authrocket(token):
 def _validate_account_access(token_info, account_id):
     with Transaction() as t:
         account_repo = AccountRepo(t)
-        account = account_repo.get_account(account_id)
+        token_associated_account = account_repo.find_linked_account(
+            token_info['iss'],
+            token_info['sub'])
 
+        account = account_repo.get_account(account_id)
         if account is None:
             raise NotFound(ACCT_NOT_FOUND_MSG)
         else:
+            # Whether or not the token_info is associated with an admin acct
+            token_authenticates_admin = \
+                token_associated_account is not None and \
+                token_associated_account.account_type == 'admin'
+
+            # Enum of how closely token info matches requested account_id
             auth_match = account.account_matches_auth(
                 token_info[JWT_EMAIL_CLAIM_KEY],
                 token_info[JWT_ISS_CLAIM_KEY],
                 token_info[JWT_SUB_CLAIM_KEY])
-            if auth_match == AuthorizationMatch.NO_MATCH:
+
+            # If token doesn't match requested account id, and doesn't grant
+            # admin access to the system, deny.
+            if auth_match == AuthorizationMatch.NO_MATCH and \
+                    not token_authenticates_admin:
                 raise Unauthorized()
 
         return account

microsetta_private_api/repo/admin_repo.py

@@ -419,14 +419,18 @@ def get_survey_metadata(self, sample_barcode, survey_template_id=None):
         answer_ids = survey_answers_repo.list_answered_surveys_by_sample(
             account_id, source_id, sample_id)
 
+        answer_to_template_map = {}
+        for answer_id in answer_ids:
+            template_id = survey_answers_repo.find_survey_template_id(
+                answer_id)
+            answer_to_template_map[answer_id] = template_id
+
         # if a survey template is specified, filter the returned surveys
         if survey_template_id is not None:
             # TODO: This schema is so awkward for this type of query...
             answers = []
             for answer_id in answer_ids:
-                template_id = survey_answers_repo.find_survey_template_id(
-                    answer_id)
-                if template_id == survey_template_id:
+                if answer_to_template_map[answer_id] == survey_template_id:
                     answers.append(answer_id)
 
             if len(answers) == 0:
@@ -453,9 +457,13 @@ def get_survey_metadata(self, sample_barcode, survey_template_id=None):
             survey_answers = {}
             for k in answer_model:
                 new_k = metadata_map[int(k)]
-                survey_answers[new_k] = answer_model[k]
+                survey_answers[k] = [new_k, answer_model[k]]
 
-            all_survey_answers.append(survey_answers)
+            all_survey_answers.append(
+                {
+                    "template": answer_to_template_map[answer_id],
+                    "response": survey_answers
+                })
 
         pulldown = {
             "sample_barcode": sample_barcode,