Skip to content

Commit

Permalink
replaced popovers with html=true to collapses in favor of security
Browse files Browse the repository at this point in the history
  • Loading branch information
@MarvinDo
MarvinDo committed May 24, 2024
1 parent f91cfef commit a466946
Show file tree
Hide file tree
Showing 8 changed files with 124 additions and 84 deletions.
2 changes: 1 addition & 1 deletion src/annotation_service/annotation_jobs/heredicare_job.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ def save_to_db(self, info, variant_id, conn):
conn.delete_external_id(vid, heredicare_vid_annotation_type_id, variant_id)
conn.delete_unknown_heredicare_annotations()
else:
print(heredicare_variant)
#print(heredicare_variant)
n_fam = heredicare_variant["N_FAM"]
n_pat = heredicare_variant["N_PAT"]
consensus_class = heredicare_variant["PATH_TF"] if heredicare_variant["PATH_TF"] != "-1" else None
Expand Down
2 changes: 2 additions & 0 deletions src/common/db_IO.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
import re
from functools import cmp_to_key
import os
import html # html.escape(s)


def get_db_connection(roles):
Expand All @@ -26,6 +27,7 @@ def get_db_connection(roles):
user, pw = get_db_user(roles)
conn = mysql.connector.connect(user=user, password=pw,
host=host,
port=os.environ.get("DB_PORT"),
database=os.environ.get("DB_NAME"),
charset = 'utf8', buffered = True) #
except Error as e:
Expand Down
6 changes: 1 addition & 5 deletions src/common/heredicare_interface.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -352,6 +352,7 @@ def get_submission_status(self, submission_id):
message = "ERROR: HerediCare API getsubmission id endpoint endpoint returned an HTTP " + str(resp.status_code) + " error: " + self.extract_error_message(resp.text)
status = "api_error"
else: # success
print(resp.text)
resp = resp.json(strict=False)
items = resp["items"]
print(items)
Expand Down Expand Up @@ -698,11 +699,6 @@ def post(self, variant, vid, options):



if __name__ == "__main__":
functions.read_dotenv()
heredicare_interface = Heredicare()
heredicare_interface.get_post_regexes()




Expand Down
10 changes: 10 additions & 0 deletions src/frontend_celery/webapp/static/css/utils.css
View file
Original file line number Diff line number Diff line change
Expand Up @@ -262,6 +262,16 @@
max-width: 50em !important;
}

.popover_collapse {
position: absolute;
z-index: 1000;
width: fit-content !important;
}

.popover_collapse > * {
font-size: 0.8rem;
}

/************** multicheck **************/
.multicheck {
display: inline-grid;
Expand Down
7 changes: 7 additions & 0 deletions src/frontend_celery/webapp/static/js/startup.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,12 +108,19 @@ $(document).ready(function()
$(document).click(function (e) {
close_popovers(e)
});

});

function close_popovers(e) {
if (($('.popover').has(e.target).length == 0) || $(e.target).is('.close')) {
$('[data-bs-toggle="popover"]').popover('hide');
}

if (($('.popover_collapse').has(e.target).length == 0) || $(e.target).is('.close')) {
$(".popover_collapse").collapse('hide')
}

//
}


Expand Down
55 changes: 29 additions & 26 deletions src/frontend_celery/webapp/templates/macros.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -147,33 +147,36 @@
{% if criteria | length == 0 %}
<div>None</div>
{% endif %}
{% for criterium in criteria %}
<span class="d-inline-block ssr criterium-display" data-bs-toggle="popover"
data-bs-placement="top" data-bs-custom-class="popover_fix" data-bs-html="true"
{% if source=="user" %} user_criterium_applied_id="{{ criterium.id }}" {% else %} consensus_criterium_applied_id="{{ criterium.id }}" {% endif %}
data-bs-content="
<div class='width_large'></div>
<div class='row gx-2 border-bottom bg-light'>
<div class='col-3 text-center'>Type</div>
<div class='col-8 text-center border-start'>Info</div>
</div>
<div class='row gx-2'>
<div class='col-3'>State</div>
<div class='col-8 text-center border-start'>{{ criterium.state }}</div>
</div>
<div class='row gx-2'>
<div class='col-3'>Strength</div>
<div class='col-8 text-center border-start'>{{ criterium.strength }}</div>
</div>
<div class='row gx-2'>
<div class='col-3'>Evidence</div>
<div class='col-8 text-center border-start'>{{ criterium.evidence }}</div>
<div class="d-flex margin_between_list_small">
{% for criterium in criteria %}
<div >
<button class="btn-{{ criterium.type }} light-hover acmg-button acmg-button-small {% if criterium.state == 'unselected' %}crossed{% endif %} text_align_center popover_collapse_toggle"
type="button" data-bs-toggle="collapse" data-bs-target=".popover_collapse_toggle:hover + .popover_collapse" aria-expanded="false">
{{ criterium.display_name() }}
</button>
<div class="popover_collapse collapse collapse-horizontal">
<div class="card card-body width_large">
<div class='row gx-2 border-bottom bg-light'>
<div class='col-3 text-center'>Type</div>
<div class='col-8 text-center border-start'>Info</div>
</div>
<div class='row gx-2'>
<div class='col-3'>State</div>
<div class='col-8 text-center border-start'>{{ criterium.state }}</div>
</div>
<div class='row gx-2'>
<div class='col-3'>Strength</div>
<div class='col-8 text-center border-start'>{{ criterium.strength }}</div>
</div>
<div class='row gx-2'>
<div class='col-3'>Evidence</div>
<div class='col-8 text-center border-start'>{{ criterium.evidence }}</div>
</div>
</div>
</div>
"
>
<div class="btn-{{ criterium.type }} light-hover acmg-button acmg-button-small {% if criterium.state == 'unselected' %}crossed{% endif %}">{{ criterium.display_name() }}</div>
</span>
{% endfor %}
</div>
{% endfor %}
</div>
{% endmacro %}


Expand Down
113 changes: 65 additions & 48 deletions src/frontend_celery/webapp/templates/variant/variant.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,52 +18,57 @@
{% endif %}
</div>

<!-- ClinVar submission status pills -->
<!-- ClinVar submission status -->



<div id="clinvar_status_pill_holder">
{% if clinvar_queue_entry is none %}
<span class="badge rounded-pill bg-secondary" tabindex="0" role="button" data-bs-toggle="popover" data-bs-placement="bottom" data-bs-custom-class="popover_fix_large"
data-bs-content="This variant was not yet submitted to ClinVar.">no ClinVar submission</span>
{% else %}
{% set status = clinvar_queue_entry[3] %}
{% set pill_color = "bg-secondary" %}
{% if status in ['processed'] %}
{% set pill_color = "bg-success" %}
{% endif %}
{% if status in ['error'] %}
{% set pill_color = "bg-danger" %}
{% set status = clinvar_queue_entry[3] %}
{% set pill_color = "bg-secondary" %}
{% if status in ['processed'] %}
{% set pill_color = "bg-success" %}
{% endif %}
{% if status in ['error'] %}
{% set pill_color = "bg-danger" %}
{% endif %}

<span class="badge rounded-pill {{pill_color}} popover_collapse_toggle" tabindex="0" role="button"
data-bs-toggle="collapse" data-bs-target=".popover_collapse_toggle:hover + .popover_collapse" aria-expanded="false">
{% if clinvar_queue_entry is not none %}
{% set mrcc = variant.get_recent_consensus_classification() %}
{% if mrcc is not none %}
{% if mrcc.needs_clinvar_upload and status not in ['progress', 'processing', 'submitted', 'pending'] %}
{{macros.draw_exclamation_mark("The consensus classification needs to be uploaded to ClinVar!")}}
{% endif %}
{% endif %}
ClinVar {{ clinvar_queue_entry[3] }}
{% else %}
no ClinVar submission
{% endif %}
</span>

<span class="badge rounded-pill {{pill_color}}" tabindex="0" role="button" data-bs-toggle="popover" data-bs-html="true" data-bs-placement="bottom" data-bs-custom-class="popover_fix_large"
data-bs-content="
<div class='row gx-2 border-bottom bg-light width_large'>
<div class="popover_collapse collapse collapse-horizontal">
<div class="card card-body width_very_large">
<div class='row gx-2 border-bottom bg-light'>
<div class='col-3'>Accession ID</div>
<div class='col-3 text-center border-start'>status</div>
<div class='col-6 text-center border-start'>message</div>
</div>
<div class='row gx-2 width_large'>
{% if clinvar_queue_entry is not none %}
<div class='row gx-2'>
<div class='col-3'>{{clinvar_queue_entry[6]}}</div>
<div class='col-3 text-center border-start'>{{clinvar_queue_entry[3]}}</div>
<div class='col-6 text-center border-start'>{{clinvar_queue_entry[4]}}</div>
</div>
">
{% set mrcc = variant.get_recent_consensus_classification() %}
{% if mrcc is not none %}
{% if mrcc.needs_clinvar_upload and status not in ['progress', 'processing', 'submitted', 'pending'] %}
{{macros.draw_exclamation_mark("The consensus classification needs to be uploaded to ClinVar!")}}
{% endif %}
{% endif %}
ClinVar {{ clinvar_queue_entry[3] }}
</span>
{% endif %}
</div>
</div>
</div>

<!-- HerediCaRe upload status pill -->
<div id="heredicare_status_pill_holder">
{% if heredicare_queue_entries is none %}
<span class="badge rounded-pill bg-secondary" tabindex="0" role="button" data-bs-toggle="popover" data-bs-placement="bottom" data-bs-custom-class="popover_fix_large"
data-bs-content="This variant was not submitted to HerediCaRe, yet. This however does not mean that the variant is unknown to HerediCaRe (it might be though).">no HerediCaRe submission</span>
{% else %}
{% set pill_color = "bg-secondary" %}
{% set pill_color = "bg-secondary" %}
{% if heredicare_queue_entries is not none %}
{% if heredicare_queue_entry_summary["status"] == "multiple stati" %}
{% set pill_color = "bg-warning" %}
{% endif %}
Expand All @@ -73,32 +78,44 @@
{% if heredicare_queue_entry_summary["status"] == "error" or heredicare_queue_entry_summary["status"] == "api_error" %}
{% set pill_color = "bg-danger" %}
{% endif %}

<span class="badge rounded-pill {{pill_color}}" tabindex="0" role="button" data-bs-toggle="popover" data-bs-html="true" data-bs-placement="bottom" data-bs-custom-class="popover_fix_large"
data-bs-content="
<div class='row gx-2 border-bottom bg-light width_large'>
<div class='col-3'>HerediCare VID</div>
<div class='col-3 text-center border-start'>status</div>
<div class='col-6 text-center border-start'>message</div>
</div>
{% for heredicare_queue_entry in heredicare_queue_entries %}
<div class='row gx-2 width_large'>
<div class='col-3'>{{heredicare_queue_entry[5]}}</div>
<div class='col-3 text-center border-start'>{{heredicare_queue_entry[1]}}</div>
<div class='col-6 text-center border-start'>{{heredicare_queue_entry[4]}}</div>
</div>
{% endfor %}
">
{% endif %}
<span class="badge rounded-pill {{pill_color}} popover_collapse_toggle" tabindex="0" role="button" data-bs-toggle="collapse"
data-bs-target=".popover_collapse_toggle:hover + .popover_collapse" aria-expanded="false">
{% if heredicare_queue_entries is not none %}
{% set mrcc = variant.get_recent_consensus_classification() %}
{% if mrcc is not none %}
{% if mrcc.needs_heredicare_upload and heredicare_queue_entry_summary["status"] in ["error", "api_error", "success"] %}
{{macros.draw_exclamation_mark("The consensus classification needs to be uploaded to HerediCaRe!")}}
{% endif %}
{% endif %}
HerediCaRe {{heredicare_queue_entry_summary["status"]}}
</span>
{% endif %}
{% else %}
no HerediCaRe submission
{% endif %}
</span>
<div class="popover_collapse collapse collapse-horizontal">
<div class="card card-body width_very_large">
<div class='row gx-2 border-bottom bg-light'>
<div class='col-3'>HerediCare VID</div>
<div class='col-3 text-center border-start'>status</div>
<div class='col-6 text-center border-start'>message</div>
</div>
{% if heredicare_queue_entries is not none %}
{% for heredicare_queue_entry in heredicare_queue_entries %}
<div class='row gx-2'>
<div class='col-3'>{{heredicare_queue_entry[5]}}</div>
<div class='col-3 text-center border-start'>{{heredicare_queue_entry[1]}}</div>
<div class='col-6 text-center border-start'>{{heredicare_queue_entry[4]}}</div>
</div>
{% endfor %}
{% endif %}
</div>
</div>
</div>




</div>


Expand Down
13 changes: 9 additions & 4 deletions src/frontend_celery/webapp/user/user_routes.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,8 @@ def my_lists():

if not public_read and public_edit:
flash("You can not add a public list which is not publicly readable but publicly editable. List was not created.", 'alert-danger')
elif ';' in list_name:
flash("List names can not contain a semicolon ';' character.", 'alert-danger')
else:
conn.insert_user_variant_list(user_id, list_name, public_read, public_edit)
flash("Successfully created new list: \"" + list_name + "\"", "alert-success flash_id:list_add_success")
Expand All @@ -106,10 +108,13 @@ def my_lists():
list_permissions = conn.check_list_permission(user_id, list_id)
if not list_permissions['owner']:
return abort(403)
conn.update_user_variant_list(list_id, list_name, public_read, public_edit)
flash("Successfully changed list settings.", "alert-success flash_id:list_edit_permissions_success")
current_app.logger.info(session['user']['preferred_username'] + " successfully adopted settings for list: " + str(list_id))
return redirect(url_for('user.my_lists', view=list_id))
if ';' in list_name:
flash("List names can not contain a semicolon ';' character.", 'alert-danger')
else:
conn.update_user_variant_list(list_id, list_name, public_read, public_edit)
flash("Successfully changed list settings.", "alert-success flash_id:list_edit_permissions_success")
current_app.logger.info(session['user']['preferred_username'] + " successfully adopted settings for list: " + str(list_id))
return redirect(url_for('user.my_lists', view=list_id))
if request_type == 'delete_list':
list_id = request.form['list_id']
if list_id == "":
Expand Down

0 comments on commit a466946

Please sign in to comment.