diff --git a/biodatacatalyst-ui/Dockerfile b/biodatacatalyst-ui/Dockerfile
index bc6eed02..209198b5 100644
--- a/biodatacatalyst-ui/Dockerfile
+++ b/biodatacatalyst-ui/Dockerfile
@@ -15,9 +15,6 @@ FROM httpd:2.4.53-alpine as base
ARG FILE_SUFFIX
ENV FILE_SUFFIX=${FILE_SUFFIX}
-# Replace virtual host config file with ours
-COPY httpd-vhosts.conf ${HTTPD_PREFIX}/conf/extra/httpd-vhosts.conf
-
# Enable virtual hosting config file
RUN sed -i '/^#Include conf.extra.httpd-vhosts.conf/s/^#//' ${HTTPD_PREFIX}/conf/httpd.conf
diff --git a/biodatacatalyst-ui/httpd-vhosts-dev.conf b/biodatacatalyst-ui/httpd-vhosts-dev.conf
deleted file mode 100644
index faefee38..00000000
--- a/biodatacatalyst-ui/httpd-vhosts-dev.conf
+++ /dev/null
@@ -1,101 +0,0 @@
-Listen 0.0.0.0:80
-Listen 0.0.0.0:443
-
-##
-## SSL Global Context
-##
-## All SSL configuration in this context applies both to
-## the main server and all SSL-enabled virtual hosts.
-##
-
-#
-# Some MIME-types for downloading Certificates and CRLs
-#
-AddType application/x-x509-ca-cert .crt
-AddType application/x-pkcs7-crl .crl
-
-SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
-SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
-
-
-SSLHonorCipherOrder on
-
-SSLProtocol all -SSLv2 -SSLv3
-SSLProxyProtocol all -SSLv2 -SSLv3
-SSLPassPhraseDialog builtin
-
-SSLSessionCache "shmcb:${HTTPD_PREFIX}/logs/ssl_scache(512000)"
-SSLSessionCacheTimeout 300
-
-Mutex "file:${HTTPD_PREFIX}/logs/ssl_mutex"
-
-ServerTokens Prod
-
-
- ServerName localhost
- RewriteEngine On
- ProxyPreserveHost On
- RewriteCond %{HTTPS} off [OR]
- RewriteCond %{HTTP_HOST} ^(?:)?(.+)$ [NC]
- RewriteRule ^ https://%{SERVER_NAME}/picsureui/ [L,NE,R=301]
-
-
-
- SSLProxyEngine on
- SSLProxyCheckPeerCN off
-
- SSLCertificateFile "${HTTPD_PREFIX}/cert/server.crt"
- SSLCertificateKeyFile "${HTTPD_PREFIX}/cert/server.key"
- SSLCertificateChainFile "${HTTPD_PREFIX}/cert/server.chain"
-
- # Content security policy:
- # frame-ancestors 'none' - Stops our application from being loaded in an iframe
- # default-src - Restricts loading resources to the same origin
- # script-src - Allows inline scripts but only from the same origin and unsafe-eval and unsafe-inline
- # unsafe-eval - Allows eval() and similar constructs
- # unsafe-inline - Allows inline JavaScript, CSS, and event handlers
- # style-src - Allows inline styles but only from the same origin
- # img-src - Allows images from the same origin and data: URIs
- Header always set Content-Security-Policy "frame-ancestors 'none'; default-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com; img-src 'self' data: https://public.era.nih.gov blob:;"
-
- # A fall back for legacy browsers that don't yet support CSP frame-ancestors.
- Header always set X-Frame-Options "DENY"
-
- # Attempt to prevent some MIME-type confusion attacks. There is no perfect solution to this problem.
- Header always set X-Content-Type-Options "nosniff"
-
- # Enables built-in XSS protection in modern web browsers.
- # If a XSS is detected mode=block will block the entire page.
- Header always set X-XSS-Protection "1; mode=block;"
-
- # Unset the Server header. Removes 1 approach to getting information about our server.
- Header always unset Server
-
- RewriteEngine On
- ProxyPreserveHost On
-
- RewriteRule ^/picsure/(.*)$ "https://biodatacatalyst.integration.hms.harvard.edu.actual/picsure/$1" [P]
- RewriteRule ^/psama/(.*)$ "https://biodatacatalyst.integration.hms.harvard.edu.actual/psama/$1" [P]
-
- RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
- RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-d
-
- RewriteRule /picsureui/(.*) /picsureui/index.html [C]
- RewriteRule ^/static/(.*)$ /static/$1 [L]
- RewriteRule ^/psamaui/(.*)$ /picsureui/index.html [C]
-
- RedirectMatch ^/$ /picsureui/
- ErrorDocument 404 /index.html
-
- DocumentRoot "${HTTPD_PREFIX}/htdocs"
-
- ErrorLog "${HTTPD_PREFIX}/logs/error_log"
- TransferLog "${HTTPD_PREFIX}/logs/access_log"
- CustomLog "${HTTPD_PREFIX}/logs/ssl_request_log" \
- "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
-
- BrowserMatch "MSIE [2-5]" \
- nokeepalive ssl-unclean-shutdown \
- downgrade-1.0 force-response-1.0
-
-
diff --git a/biodatacatalyst-ui/httpd-vhosts.conf b/biodatacatalyst-ui/httpd-vhosts.conf
deleted file mode 100644
index 911fe284..00000000
--- a/biodatacatalyst-ui/httpd-vhosts.conf
+++ /dev/null
@@ -1,113 +0,0 @@
-Listen 0.0.0.0:80
-Listen 0.0.0.0:443
-
-##
-## SSL Global Context
-##
-## All SSL configuration in this context applies both to
-## the main server and all SSL-enabled virtual hosts.
-##
-
-#
-# Some MIME-types for downloading Certificates and CRLs
-#
-AddType application/x-x509-ca-cert .crt
-AddType application/x-pkcs7-crl .crl
-
-SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-SHA384 AES128-GCM-SHA256 AES128-SHA256 AES256-GCM-SHA384 AES256-SHA256
-SSLProxyCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-SHA384 AES128-GCM-SHA256 AES128-SHA256 AES256-GCM-SHA384 AES256-SHA256
-
-
-SSLHonorCipherOrder on
-
-SSLProtocol all -TLSv1.2
-SSLProxyProtocol all -TLSv1.2
-SSLPassPhraseDialog builtin
-
-SSLSessionCache "shmcb:${HTTPD_PREFIX}/logs/ssl_scache(512000)"
-SSLSessionCacheTimeout 300
-
-Mutex "file:${HTTPD_PREFIX}/logs/ssl_mutex"
-
-ServerTokens Prod
-
-
- ServerName localhost
- RewriteEngine On
- ProxyPreserveHost On
-
- #Dont allow httpd debug methods
- RewriteCond %{REQUEST_METHOD} ^TRACK
- RewriteRule .* - [F]
- RewriteCond %{REQUEST_METHOD} ^TRACE
- RewriteRule .* - [F]
-
- RewriteCond %{HTTPS} off [OR]
- RewriteCond %{HTTP_HOST} ^(?:)?(.+)$ [NC]
- RewriteRule ^ https://%{SERVER_NAME}/picsureui/ [L,NE,R=301]
-
-
-
- SSLProxyEngine on
- SSLProxyCheckPeerCN off
-
- SSLCertificateFile "${HTTPD_PREFIX}/cert/server.crt"
- SSLCertificateKeyFile "${HTTPD_PREFIX}/cert/server.key"
- SSLCertificateChainFile "${HTTPD_PREFIX}/cert/server.chain"
-
- Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"
-
- # Content security policy:
- # frame-ancestors 'none' - Stops our application from being loaded in an iframe
- # default-src - Restricts loading resources to the same origin
- # script-src - Allows inline scripts but only from the same origin and unsafe-eval and unsafe-inline
- # unsafe-eval - Allows eval() and similar constructs
- # unsafe-inline - Allows inline JavaScript, CSS, and event handlers
- # style-src - Allows inline styles but only from the same origin
- # img-src - Allows images from the same origin and data: URIs
- Header always set Content-Security-Policy "frame-ancestors 'none'; default-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googletagmanager.com; img-src 'self' data: https://public.era.nih.gov blob: https://*.google-analytics.com https://*.googletagmanager.com; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;"
-
- # A fall back for legacy browsers that don't yet support CSP frame-ancestors.
- Header always set X-Frame-Options "DENY"
-
- # Attempt to prevent some MIME-type confusion attacks. There is no perfect solution to this problem.
- Header always set X-Content-Type-Options "nosniff"
-
- # Enables built-in XSS protection in modern web browsers.
- # If a XSS is detected mode=block will block the entire page.
- Header always set X-XSS-Protection "1; mode=block;"
-
- RewriteEngine On
- ProxyPreserveHost On
-
- #Dont allow httpd debug methods
- RewriteCond %{REQUEST_METHOD} ^TRACK
- RewriteRule .* - [F]
- RewriteCond %{REQUEST_METHOD} ^TRACE
- RewriteRule .* - [F]
-
- RewriteRule ^/picsure/(.*)$ "http://wildfly:8080/pic-sure-api-2/PICSURE/$1" [P]
- RewriteRule ^/psama/(.*)$ "http://wildfly:8080/pic-sure-auth-services/auth/$1" [P]
-
- RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
- RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-d
-
- RewriteRule /picsureui/(.*) /picsureui/index.html [C]
- RewriteRule ^/static/(.*)$ /static/$1 [L]
- RewriteRule ^/psamaui/(.*)$ /picsureui/index.html [C]
-
- RedirectMatch ^/$ /picsureui/
- ErrorDocument 404 /index.html
-
- DocumentRoot "${HTTPD_PREFIX}/htdocs"
-
- ErrorLog "${HTTPD_PREFIX}/logs/error_log"
- TransferLog "${HTTPD_PREFIX}/logs/access_log"
- CustomLog "${HTTPD_PREFIX}/logs/ssl_request_log" \
- "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
-
- BrowserMatch "MSIE [2-5]" \
- nokeepalive ssl-unclean-shutdown \
- downgrade-1.0 force-response-1.0
-
-
diff --git a/biodatacatalyst-ui/pom.xml b/biodatacatalyst-ui/pom.xml
index 725377eb..c430b235 100644
--- a/biodatacatalyst-ui/pom.xml
+++ b/biodatacatalyst-ui/pom.xml
@@ -19,7 +19,7 @@
junitjunit
- 4.12
+ 4.13.2test
diff --git a/biodatacatalyst-ui/src/main/webapp/picsureui/common/terms-of-use.hbs b/biodatacatalyst-ui/src/main/webapp/picsureui/common/terms-of-use.hbs
new file mode 100644
index 00000000..26a4eaf9
--- /dev/null
+++ b/biodatacatalyst-ui/src/main/webapp/picsureui/common/terms-of-use.hbs
@@ -0,0 +1,119 @@
+
+
NHLBI BioData Catalyst® (BDC)
+ Powered by PIC-SURE Terms of Use
+
Terms as of 22 November 2023
+
These Terms of Service constitute a legally binding agreement
+ made between you, whether personally or on behalf of an entity (“you”, “your”)
+ and Harvard Medical School (“University”, “we”,
+ “our”), concerning your access to and use of BDC Powered by PIC-SURE
+ (“PIC-SURE”). You agree to access and use PIC-SURE for lawful purposes only. By accessing
+ PIC-SURE, you expressly consent to the monitoring of your actions, content, data transiting and storage
+ therein
+
+
By accessing and using PIC-SURE, you agree that you
+ must:
+
+
Conduct only authorized business on the system.
+
Follow all laws and regulations regarding research involving human
+ data and data privacy that are applicable in the area where the research is conducted.
+
+
+
In the United States, this includes all applicable federal, state,
+ and local laws.
+
Outside of the United States, other laws will apply.
+
+
+
Safeguard system resources against waste, loss, abuse, unauthorized
+ use or disclosure, and misappropriation.
+
Respect the privacy of research participants at all times.
+
+
+
+
Do not use or disclose any information that directly identifies one
+ or more participants.
+
If you become aware of any information that directly identifies one or more
+ participants, notify the PIC-SURE team immediately using the BDC
+ Powered by PIC-SURE Help Desk.
+
+
+
Do not attempt to re-identify research participants or their
+ relatives.
+
+
+
If you unintentionally re-identify participants through the process of my work,
+ contact the PIC-SURE team immediately using the BDC
+ Powered by PIC-SURE Help Desk.
+
If you become aware of any uses or disclosures of BDC data that could endanger
+ the security or privacy of research participants, contact the PIC-SURE team immediately using the
+ BDC
+ Powered by PIC-SURE Help Desk.
+
+
+
Report all security incidents or suspected incidents (e.g., improper
+ or suspicious acts) related to PIC-SURE using the BDC
+ Powered by PIC-SURE Help Desk.
By agreeing to the Terms of Service you understand and agree to
+ the following:
+
+
+ If the University provides links that are
+ maintained or controlled by external organizations, the listing of links are not an endorsement of
+ information, products, or services, and do not imply a direct association between the University and
+ the operators of the outside resource links.
+
+
Neither the University nor its employees warrant that PIC-SURE will
+ be uninterrupted, problem-free, free of omissions, or error-free; nor do they make any warranty as to
+ the results that may be obtained from PIC-SURE. You expressly understand and agree that your use of
+ PIC-SURE, or any material available through it, is at your own risk.
+
In no event will the University, its affiliates or participating
+ institutions, or their respective directors, officers, employees, faculty members or students be liable
+ for any damages, include incidental, indirect, special, punitive, exemplary, or consequential damages,
+ arising out of your use of or inability to use of PIC-SURE, including without limitation, loss of
+ revenue or anticipated profits, loss of goodwill, loss of data, computer failure or malfunction, or any
+ and all other damages.
+
The University maintains the right to modify these Terms of Service
+ at any time, and may do so by posting notice of such modifications to the PIC-SURE website.
+
Any modification made is effective immediately upon posting the modification
+ (unless otherwise stated). You should visit this page periodically to review the current Terms of
+ Service.
+
+
By accessing and using PIC-SURE, you agree that you must
+ NOT:
+
+
Use PIC-SURE to commit a criminal offense or engage in inappropriate or
+ malicious behavior, or to encourage others to conduct acts that would constitute a criminal offense or
+ give rise to civil liability.
+
Browse, search or reveal any protected data except in accordance with that
+ which is required to perform your legitimate tasks or assigned duties.
+
Retrieve protected data or information, or in any other way disclose
+ information, for someone who does not have authority to access that information.
+
Establish any unauthorized interfaces between systems, networks, and
+ applications owned by the University.
+
+
+
PIC-SURE is hosted on a FISMA (Federal Information Security
+ Management Act) website. You are accessing a secure and restricted system that is provided for FISMA
+ authorized use only.
+
By accepting these Terms of Service, you acknowledge:
+
+
+
Harvard Medical School, for their FISMA service, routinely
+ intercepts and monitors communications on this System for purposes including, but not limited to,
+ penetration testing, network operations and defense, and/or personnel misconduct (PM).
+
Communications using, or data stored on, this platform are
+ not private, are subject to routine monitoring, interception, and search, and may be disclosed or used
+ for any Harvard Medical School FISMA service authorized purpose.
+
This Harvard Medical School FISMA system includes security
+ measures to protect Harvard Medical School interests--not for your personal benefit or privacy.
+
Log Out
{{/contains}}
diff --git a/biodatacatalyst-ui/src/main/webapp/picsureui/overrides/header.js b/biodatacatalyst-ui/src/main/webapp/picsureui/overrides/header.js
index 25fca6b8..a3a9851a 100644
--- a/biodatacatalyst-ui/src/main/webapp/picsureui/overrides/header.js
+++ b/biodatacatalyst-ui/src/main/webapp/picsureui/overrides/header.js
@@ -3,13 +3,15 @@ define([
"common/pic-dropdown",
"common/menu-nav-controls",
"common/modal",
- "common/redirect-modal"
+ "common/redirect-modal",
+ "common/terms-of-use"
],function (
keyboardNav,
dropdown,
menuNavControls,
modal,
- redirectModal
+ redirectModal,
+ tos,
) {
let headerTabs = undefined;
@@ -47,6 +49,19 @@ define([
redirect.render(event);
};
+ let openTermsOfUse = function(event) {
+ event.preventDefault();
+ const tosView = new tos();
+ modal.displayModal(
+ tosView,
+ "BDC PIC-SURE Terms of Use",
+ () => {
+ $('#help-dropdown-toggle').focus();
+ },
+ {isHandleTabs: true}
+ );
+ }
+
return {
/*
* The path to a logo image incase you don't want the default PrecisionLink one.
@@ -81,6 +96,7 @@ define([
}
view.events['click #open-access-btn'] = goToOpen;
+ view.events['click #terms-of-use-option'] = openTermsOfUse;
view.delegateEvents();
},
diff --git a/biodatacatalyst-ui/src/main/webapp/picsureui/overrides/styles.css b/biodatacatalyst-ui/src/main/webapp/picsureui/overrides/styles.css
index 1e5dcc5d..ad21fd29 100644
--- a/biodatacatalyst-ui/src/main/webapp/picsureui/overrides/styles.css
+++ b/biodatacatalyst-ui/src/main/webapp/picsureui/overrides/styles.css
@@ -269,8 +269,8 @@ body {
#studies-access {
margin-top: 30px;
- margin-left: 15px;
- width: fit-content;
+ margin-left: 8px;
+ margin-right: 4px;
border: 1px solid #aaa;
border-radius: 8px;
padding: 8px 0px;
@@ -298,7 +298,7 @@ body {
margin: 20px 0px;
}
-#studies-access > div > div {
+#studies-access > div > div:not(#data-access-table_wrapper) {
margin: 5px 20px
}
@@ -327,6 +327,16 @@ body {
#data-access-table {
width: 100%;
+ font-size: 14px;
+}
+
+#data-access-table_filter {
+ margin: 0 8px;
+}
+
+#data-access-table td, #data-access-table th {
+ padding: 8px 0px;
+ vertical-align: middle;
}
.btn-blue {
diff --git a/biodatacatalyst-ui/src/main/webapp/picsureui/search-interface/search-util.js b/biodatacatalyst-ui/src/main/webapp/picsureui/search-interface/search-util.js
index 81a32314..fc482d89 100644
--- a/biodatacatalyst-ui/src/main/webapp/picsureui/search-interface/search-util.js
+++ b/biodatacatalyst-ui/src/main/webapp/picsureui/search-interface/search-util.js
@@ -91,6 +91,15 @@ define(["jquery", "underscore", "text!studyAccess/studies-data.json", "text!sett
}
},
+ /*
+ This function detects if the user should see the dcc tag and variables in search results.
+ */
+ shouldShowDCCDataSets: function() {
+ const queryScopes = JSON.parse(sessionStorage.getItem("session"))?.queryScopes;
+ const harmonizedStudies = queryScopes.filter(scope => this.isStudyHarmonized(scope.replace(/\\/g, '')));
+ return harmonizedStudies?.length > 1;
+ },
+
/**
* This function returns the study id from the study abbreviation or study name. If the study id is not found
* then the study abbreviation is returned.
@@ -99,7 +108,6 @@ define(["jquery", "underscore", "text!studyAccess/studies-data.json", "text!sett
*/
getAntiScopeTags: function() {
let queryScopes = JSON.parse(sessionStorage.getItem("session")).queryScopes;
-
// tell the back end to exclude concepts from studies not in the user's scope'
let antiScopeStudies = _.filter(studiesData.bio_data_catalyst, function(studyData){
//if this study is NOT in the query scopes, _.find will return NULL
@@ -115,6 +123,8 @@ define(["jquery", "underscore", "text!studyAccess/studies-data.json", "text!sett
antiScopeTags.add(study.study_identifier.toUpperCase());
antiScopeTags.add((study.study_identifier + "." + study.study_version).toLowerCase());
});
+ // add dcc harmonized tag if user does not have access to more than one harmonized study
+ !this.shouldShowDCCDataSets() && antiScopeTags.add(dccHarmonizedTag)
// convert set to array
return Array.from(antiScopeTags);
diff --git a/biodatacatalyst-ui/src/main/webapp/picsureui/search-interface/seven-bridges-export-view.hbs b/biodatacatalyst-ui/src/main/webapp/picsureui/search-interface/seven-bridges-export-view.hbs
index a6b01ff9..dbc93f6a 100644
--- a/biodatacatalyst-ui/src/main/webapp/picsureui/search-interface/seven-bridges-export-view.hbs
+++ b/biodatacatalyst-ui/src/main/webapp/picsureui/search-interface/seven-bridges-export-view.hbs
@@ -41,14 +41,13 @@
-
After copying the PIC-SURE API Public Project to your own workspace in Seven Bridges, you will need the
- following to export the data:
+
After copying the Data Export from the PIC-SURE UI Public Project to your own workspace in Seven Bridges, you can copy and paste the following into fields of the “Data Export from PIC-SURE UI” task:
-
Save the personalized user token to a file called “token.txt” in your copied PIC-SURE API project in Seven Bridges.
+
-
Copy the query ID and paste in the “0_Export_from_UI.ipynb” notebook where instructed.
+
@@ -56,11 +55,11 @@
-
Run the “0_Export_from_UI.ipynb” notebook to export the dataframe.
+
Run the “Data Export from PIC-SURE UI” task to export the dataframe into your project.