Merge pull request #2358 from broadinstitute/jb-redacted-study-page

Adding redacted study page (SCP-6101)

Author: bistline

app/controllers/application_controller.rb

@@ -2,9 +2,10 @@ class ApplicationController < ActionController::Base
   include RealIpLogger
 
   # Error modal contact message
+  SCP_ZENDESK = 'scp-support@broadinstitute.zendesk.com'.freeze
   SCP_SUPPORT_EMAIL = "If this error persists, please contact support at:<br /><br />" \
-                      "<a href='mailto:scp-support@broadinstitute.zendesk.com' data-analytics-name='scp-support-email' " \
-                      "class='no-wrap'>scp-support@broadinstitute.zendesk.com</a>"
+                      "<a href='mailto:#{SCP_ZENDESK}' data-analytics-name='scp-support-email' " \
+                      "class='no-wrap'>#{SCP_ZENDESK}</a>"
 
   ###
   #

app/controllers/site_controller.rb

@@ -19,7 +19,7 @@ class SiteController < ApplicationController
                                      :reviewer_access, :validate_reviewer_access]
   before_action :set_cluster_group, only: [:study, :show_user_annotations_form]
   before_action :set_selected_annotation, only: [:show_user_annotations_form]
-  before_action :check_view_permissions, except: [:index, :legacy_study, :get_viewable_studies, :privacy_policy,
+  before_action :check_view_permissions, except: [:index, :legacy_study, :redacted_study, :get_viewable_studies, :privacy_policy,
                                                   :terms_of_service, :log_action, :get_taxon, :get_taxon_assemblies,
                                                   :covid19, :record_download_acceptance, :reviewer_access,
                                                   :validate_reviewer_access]
@@ -152,6 +152,13 @@ def study
     @explore_tab_default = @study.can_visualize?
   end
 
+  # show a landing page for a redacted study
+  def redacted_study
+    unless @study.redacted?
+      redirect_to view_study_path(accession: @study.accession, study_name: @study.url_safe_name) and return
+    end
+  end
+
   def record_download_acceptance
     @download_acceptance = DownloadAcceptance.new(download_acceptance_params)
     if @download_acceptance.save
@@ -383,6 +390,8 @@ def check_view_permissions
         end
       elsif !user_signed_in?
         authenticate_user!
+      elsif @study.redacted? && !@study.can_view?(current_user)
+        redirect_to merge_default_redirect_params(redacted_study_path(@study.accession), scpbr: params[:scpbr]) and return
       elsif user_signed_in? && !@study.can_view?(current_user)
         alert = "You do not have permission to perform that action.  #{SCP_SUPPORT_EMAIL}"
         redirect_to merge_default_redirect_params(site_path, scpbr: params[:scpbr]), alert: alert and return

app/javascript/lib/layout-utils.js

@@ -135,7 +135,8 @@ export function mitigateStudyOverviewTitleTruncation() {
  * Set global header end width, and mitigate long study titles on narrow screens
  */
 export function adjustGlobalHeader() {
-  if (window.SCP.analyticsPageName !== 'site-study') {return}
+  const allowedPages = ['site-study', 'site-redacted-study']
+  if (!allowedPages.includes(window.SCP.analyticsPageName)) {return}
 
   // Set min-width of container for menus on help, create study, and sign in / username
   const globalHeaderEnd = document.getElementById('scp-navbar-dropdown-collapse')

app/models/study.rb

@@ -1706,13 +1706,17 @@ def species_list
 
   # contact emails for questions about study data.  will only use corresponding authors (if present) or help email
   def data_custodians
-    authors.corresponding.pluck(:email).presence || ['scp-support@broadinstitute.zendesk.com']
+    authors.corresponding.pluck(:email).presence || [ApplicationController::SCP_ZENDESK]
   end
 
   def duos_study_url
     "#{DuosRegistrationService.duos_ui_url}/studies/#{duos_study_id}"
   end
 
+  def redaction_contact_emails
+    [user.email, user.organizational_email, authors.corresponding.pluck(:email)].flatten.compact.uniq
+  end
+
   ###
   #
   # DELETE METHODS
@@ -1944,6 +1948,11 @@ def was_just_initialized?(cutoff: nil)
     field_changed_from?(track, :initialized, false) && track.created_at >= (cutoff || 1.second.ago)
   end
 
+  def redacted?
+    last_public_change = last_change_for(:public)
+    !public && field_changed_from?(last_public_change, :public, true)
+  end
+
   # basic Mixpanel props for study state tracking
   def mixpanel_state_props
     {

app/views/site/redacted_study.html.erb

@@ -0,0 +1,23 @@
+<h3 id="redaction-notice"><%= @study.accession %> has been redacted by the owner.</h3>
+<p>
+  If you are seeing this notice and are attempting to access this study, please contact the study owner(s) for more
+  information.
+</p>
+<p>
+  Click to view contact: <% @study.redaction_contact_emails.each do |email| %>
+    <%= link_to '#',
+                class: 'corresponding-study-owner',
+                data: {
+                  email: Base64.encode64(email), placement: 'top',
+                },
+                title: "Send email to contact" do %>
+    <% end %>
+    &nbsp;
+  <% end %>
+</p>
+
+<script type="text/javascript" nonce="<%= content_security_policy_script_nonce %>">
+  $('.corresponding-study-owner').each( function(index) {
+    window.SCP.renderComponent(this, 'AuthorEmailPopup', { dataEl: this })
+  })
+</script>

config/routes.rb

@@ -234,6 +234,7 @@
 
     # data viewing actions
     get 'study/:identifier', to: 'site#legacy_study', as: :legacy_study
+    get 'redacted/:accession', to: 'site#redacted_study', as: :redacted_study
     get 'study/:accession/:study_name', to: 'site#study', as: :view_study
     get 'study/:accession/:study_name/edit_study_description', to: 'site#edit_study_description', as: :edit_study_description
     match 'study/:accession/:study_name/update_settings', to: 'site#update_study_settings', via: [:post, :patch], as: :update_study_settings

test/controllers/site_controller_test.rb

@@ -111,7 +111,7 @@ def teardown
     get view_study_path(accession: @study.accession, study_name: @study.url_safe_name)
     assert_response 302
     follow_redirect!
-    assert_equal site_path, path
+    assert_equal redacted_study_path(@study.accession), path
   end
 
   test 'should control access to files in private studies' do
@@ -273,4 +273,21 @@ def teardown
     assert_select '#home-page-link', 1
     HomePageLink.delete_all
   end
+
+  test 'should load study redaction page' do
+    # should redirect to study if not redacted
+    get redacted_study_path(accession: @study.accession)
+    follow_redirect!
+    assert_equal view_study_path(accession: @study.accession, study_name: @study.url_safe_name),
+                 path,
+                 'Did not redirect to home page for non-redacted study'
+    Study.stub :find_by, @study do
+      @study.stub :redacted?, true do
+        get redacted_study_path(accession: @study.accession)
+        assert_response :success
+        assert_equal redacted_study_path(accession: @study.accession), path
+        assert_select '#redaction-notice', 1, 'Redacted study message not found on page'
+      end
+    end
+  end
 end

test/models/study_test.rb

@@ -39,6 +39,7 @@ class StudyTest < ActiveSupport::TestCase
 
   teardown do
     @user.update(organizational_email: @user.email)
+    @study.update(public: true) unless @study.public
   end
 
   after(:all) do
@@ -286,6 +287,12 @@ class StudyTest < ActiveSupport::TestCase
     assert_equal [new_name, new_cluster.name], study.default_cluster_order
   end
 
+  test 'should indicate study is redacted' do
+    assert_not @study.redacted?
+    @study.update(public: false)
+    assert @study.redacted?
+  end
+
   test 'should enforce organizational email requirement' do
     @study.public = false
     assert @study.valid?