Versions Compared

Old Version 4

changes.mady.by.user Nick Grosenbacher

Saved on

compared with

New Version 5

changes.mady.by.user Nick Grosenbacher

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Endpoint

Parameters/Object

Returns

Notes/Questions

Stories

???

Need a way to identify the caller as a reviewer so we can determine if we should show the navbar item in the web client.

This could be

  • Manually enabled/disabled as a profile setting

  • Request to see if any ARs exist with the caller having access via ACL (boolean or return the list of ARs)

As a reviewer, I need an intuitive way to access the ACT/Reviewer dashboard so I can review pending requests, troubleshoot user access, and perform other data access tasks.

POST /accessRequirement/search

AccessRequirementSearchRequest

AccessRequirementSearchResponse

For all services, when to allow array filters?

No auth required; ARs are public info

Special behavior if the reviewerID is the ACT?

Is this good enough for search?

As an ACT member, I want to be able to query for existing access requirements so I can inspect or modify them without having to navigate to a specific entity controlled by the AR.

As an ACT member, I want to be able to find an AR ID using the AR name so that I can filter other queries by AR without knowing the AR ID.

POST /dataAccessSubmission/search

DataAccessSubmissionSearchRequest

DataAccessSubmissionSearchResponse

Auth required

ACT member will see all submissions.

If the caller is not ACT, they will only see submissions on ARs for which they have the “REVIEW_SUBMISSIONS” permission.

What to do about https://docs.synapse.org/rest/GET/dataAccessSubmission/openSubmissions.html ? Deprecate?

See https://sagebionetworks.jira.com/wiki/spaces/~557058fa14d697877047ec802a3e459a04898e/pages/edit-v2/2617442828?draftShareId=316dfb35-cc6b-4dc2-9e97-c6a4bf025f02 – need to refine

This will support both the “Submissions” tab for all reviewers and the “Access History” tab for ACT

POST /accessApproval/history

AccessApprovalHistoryRequest

AccessApprovalHistoryResponse

Is POST /accessApproval/group enough? Only difference is no history and sort, but sort could probably be added to that service.

As an ACT user, I want to see the entire history of Access Approvals so I can understand why a user may have gained or lost access on an access requirement.

GET/POST /accessRequirement/{id}/bundle

We could also just do a service to get the related projects for an AR, since a service already exists for fetching the ACL

Objects

AccessRequirementBundleAccessRequirementSearchResultItem

Code Block
languagejson
{
    "title":"Access Requirement Search Result BundleItem",
    "description":"Access Requirement and related objects",
    "properties": {
        "accessRequirementaccessRequirementId":{
            "$reftype":"org.sagebionetworks.repo.model.AccessRequirement "string"
        },
        "accessControlListname": {
            "$reftype": "org.sagebionetworks.repo.model.AccessControlListstring"
        },
        "relatedProjectsreviewerIds":{
            "type": "array",
  // array of principal ids
        },
"items":         "relatedProjectIds":{
            "type": "array",
            "items": {
              "type": "string" // synIds
            }
        },
        "modifiedOn": {
            // ...
        }
    }
}

AccessRequirementSearchRequest

...