Merge pull request #137 from VEuPathDB/bearer-tokens

Bearer tokens
VEuPathDB · Mar 17, 2024 · d6e5014 · d6e5014
2 parents 83cd82b + 0af32d7
commit d6e5014
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 8 deletions.
diff --git a/Site/src/main/java/org/clinepi/service/accessRequest/AccessRequestService.java b/Site/src/main/java/org/clinepi/service/accessRequest/AccessRequestService.java
@@ -68,7 +68,7 @@ public Response buildAccessRequest(
       @PathParam("dataset-id") String datasetId) throws WdkModelException, ConflictException, DataValidationException {
     LOG.info("Handling an access request for user id " + userId + " and dataset id " + datasetId + "...");
 
-    if (userId != this.getSessionUser().getUserId() || this.getSessionUser().isGuest()) {
+    if (userId != this.getRequestingUser().getUserId() || this.getRequestingUser().isGuest()) {
       return Response.status(Status.UNAUTHORIZED).build();
     }
 
@@ -102,7 +102,7 @@ public DatasetAccessRequestAttributes retrieveDatasetRecordInstance(String datas
     RecordClass datasetRecordClass = getRecordClassOrNotFound(DATASET_RECORD_CLASS);
 
     List<RecordInstance> records = RecordClass.getRecordInstances(
-      getSessionUser(), 
+      getRequestingUser(),
       createPrimaryKeyValue(datasetRecordClass, datasetId)
     );
 

diff --git a/Site/src/main/java/org/clinepi/service/accessRequest/AccessRequestSubmitter.java b/Site/src/main/java/org/clinepi/service/accessRequest/AccessRequestSubmitter.java
@@ -30,11 +30,12 @@ public static SubmissionResult submitAccessRequest(AccessRequestParams params, W
     // In one transaction...
     //   (1) insert a DB record for the new request and
     //   (2) email the request to the appropriate parties
+    String acctDbLink = wdkModel.getModelConfig().getAppDB().getAcctDbLink();
     try (
-        Connection conn = wdkModel.getAccountDb().getDataSource().getConnection();
+        Connection conn = wdkModel.getAppDb().getDataSource().getConnection();
     ) {
       conn.setAutoCommit(false);
-      String sql = insertRequestPreparedStatementBody();
+      String sql = insertRequestPreparedStatementBody(acctDbLink);
 
       try (
           PreparedStatement ps = insertRequestPreparedStatement(conn, sql, params);
@@ -65,9 +66,9 @@ public static SubmissionResult submitAccessRequest(AccessRequestParams params, W
     return requestInitiated || params.inTestMode() ? SubmissionResult.SUCCESSFUL : SubmissionResult.ALREADY_REQUESTED;
   }
 
-  private static String insertRequestPreparedStatementBody() {
+  private static String insertRequestPreparedStatementBody(String acctDbLink) {
     return "INSERT INTO\n"
-      + "  studyaccess.end_users (\n"
+      + "  studyaccess.end_users" + acctDbLink + " (\n"
       + "    user_id\n"
       + "  , dataset_presenter_id\n"
       + "  , purpose\n"
@@ -88,14 +89,14 @@ private static String insertRequestPreparedStatementBody() {
       + ", ? -- prior_auth\n"
       + ", (\n"
       + "    SELECT restriction_level_id\n"
-      + "    FROM studyaccess.restriction_level"
+      + "    FROM studyaccess.restriction_level" + acctDbLink
       + "    WHERE name = ?"
       + "  ) -- restriction_level\n"
       + ", ? -- approval_status\n"
       + "FROM dual\n"
       + "WHERE NOT EXISTS (\n"
       + "  SELECT user_id, dataset_presenter_id\n"
-      + "  FROM studyaccess.end_users\n"
+      + "  FROM studyaccess.end_users" + acctDbLink + "\n"
       + "  WHERE user_id = ?\n"
       + "    AND dataset_presenter_id = ?\n"
       + ")";