Merge pull request #95 from c3g/public-table-search

Add public table search
bento-platform · Mar 6, 2020 · 19ce0c1 · 19ce0c1
2 parents ae93f4a + 15f3812
commit 19ce0c1
Show file tree

Hide file tree

Showing 3 changed files with 54 additions and 17 deletions.
diff --git a/chord_metadata_service/chord/tests/test_api_search.py b/chord_metadata_service/chord/tests/test_api_search.py
@@ -193,25 +193,48 @@ def test_private_search(self):
 
     def test_private_table_search_1(self):
         # No body
-        r = self.client.post(reverse("table-search", args=[str(self.dataset.identifier)]))
+
+        r = self.client.post(reverse("public-table-search", args=[str(self.dataset.identifier)]))
+        self.assertEqual(r.status_code, status.HTTP_400_BAD_REQUEST)
+
+        r = self.client.post(reverse("private-table-search", args=[str(self.dataset.identifier)]))
         self.assertEqual(r.status_code, status.HTTP_400_BAD_REQUEST)
 
     def test_private_table_search_2(self):
         # No query
-        r = self.client.post(reverse("table-search", args=[str(self.dataset.identifier)]), data=json.dumps({}),
+
+        r = self.client.post(reverse("public-table-search", args=[str(self.dataset.identifier)]), data=json.dumps({}),
+                             content_type="application/json")
+        self.assertEqual(r.status_code, status.HTTP_400_BAD_REQUEST)
+
+        r = self.client.post(reverse("private-table-search", args=[str(self.dataset.identifier)]), data=json.dumps({}),
                              content_type="application/json")
         self.assertEqual(r.status_code, status.HTTP_400_BAD_REQUEST)
 
     def test_private_table_search_3(self):
         # Bad syntax for query
-        r = self.client.post(reverse("table-search", args=[str(self.dataset.identifier)]), data=json.dumps({
+
+        r = self.client.post(reverse("public-table-search", args=[str(self.dataset.identifier)]), data=json.dumps({
+            "query": ["hello", "world"]
+        }), content_type="application/json")
+        self.assertEqual(r.status_code, status.HTTP_400_BAD_REQUEST)
+
+        r = self.client.post(reverse("private-table-search", args=[str(self.dataset.identifier)]), data=json.dumps({
             "query": ["hello", "world"]
         }), content_type="application/json")
         self.assertEqual(r.status_code, status.HTTP_400_BAD_REQUEST)
 
     def test_private_table_search_4(self):
         # Valid query with one result
-        r = self.client.post(reverse("table-search", args=[str(self.dataset.identifier)]), data=json.dumps({
+
+        r = self.client.post(reverse("public-table-search", args=[str(self.dataset.identifier)]), data=json.dumps({
+            "query": TEST_SEARCH_QUERY_1
+        }), content_type="application/json")
+        self.assertEqual(r.status_code, status.HTTP_200_OK)
+        c = r.json()
+        self.assertEqual(c, True)
+
+        r = self.client.post(reverse("private-table-search", args=[str(self.dataset.identifier)]), data=json.dumps({
             "query": TEST_SEARCH_QUERY_1
         }), content_type="application/json")
         self.assertEqual(r.status_code, status.HTTP_200_OK)

diff --git a/chord_metadata_service/chord/views_search.py b/chord_metadata_service/chord/views_search.py
@@ -324,16 +324,9 @@ def fhir_private_search(request):
     return fhir_search(request, internal_data=True)
 
 
-# Mounted on /private/, so will get protected anyway; this allows for access from federation service
-# TODO: Ugly and misleading permissions
-@api_view(["POST"])
-@permission_classes([AllowAny])
-def chord_private_table_search(request, table_id):
-    # Search phenopacket data types in specific tables
-    # Private search endpoints are protected by URL namespace, not by Django permissions.
-
+def chord_table_search(request, table_id, internal=False):
     start = datetime.now()
-    debug_log("Started private table search")
+    debug_log(f"Started {'private' if internal else 'public'} table search")
 
     if request.data is None or "query" not in request.data:
         # TODO: Better error
@@ -357,7 +350,27 @@ def chord_private_table_search(request, table_id):
 
     debug_log(f"Finished running query in {datetime.now() - start}")
 
-    serialized_data = PhenopacketSerializer(query_results, many=True).data
-    debug_log(f"Finished running query and serializing in {datetime.now() - start}")
+    if internal:
+        serialized_data = PhenopacketSerializer(query_results, many=True).data
+        debug_log(f"Finished running query and serializing in {datetime.now() - start}")
+
+        return Response(build_search_response(serialized_data, start))
+
+    return Response(len(query_results) > 0)
+
 
-    return Response(build_search_response(serialized_data, start))
+@api_view(["POST"])
+@permission_classes([AllowAny])
+def chord_public_table_search(request, table_id):
+    # Search phenopacket data types in specific tables without leaking internal data
+    return chord_table_search(request, table_id, internal=False)
+
+
+# Mounted on /private/, so will get protected anyway; this allows for access from federation service
+# TODO: Ugly and misleading permissions
+@api_view(["POST"])
+@permission_classes([AllowAny])
+def chord_private_table_search(request, table_id):
+    # Search phenopacket data types in specific tables
+    # Private search endpoints are protected by URL namespace, not by Django permissions.
+    return chord_table_search(request, table_id, internal=True)
diff --git a/chord_metadata_service/metadata/urls.py b/chord_metadata_service/metadata/urls.py
@@ -50,9 +50,10 @@
     path('tables', views_search.table_list, name="table-list"),
     path('tables/<str:table_id>', views_search.table_detail, name="table-detail"),
     path('tables/<str:table_id>/summary', views_search.chord_table_summary, name="table-summary"),
+    path('tables/<str:table_id>/search', views_search.chord_public_table_search, name="public-table-search"),
     path('search', views_search.chord_search, name="search"),
     path('fhir-search', views_search.fhir_public_search, name="fhir-search"),
     path('private/fhir-search', views_search.fhir_private_search, name="fhir-private-search"),
     path('private/search', views_search.chord_private_search, name="private-search"),
-    path('private/tables/<str:table_id>/search', views_search.chord_private_table_search, name="table-search"),
+    path('private/tables/<str:table_id>/search', views_search.chord_private_table_search, name="private-table-search"),
 ] + ([path('admin/', admin.site.urls)] if DEBUG else [])