From a4669462a0dfd4e28db8d4394ea3be403a8dfdb5 Mon Sep 17 00:00:00 2001 From: MarvinDo Date: Fri, 24 May 2024 14:46:10 +0200 Subject: [PATCH] replaced popovers with html=true to collapses in favor of security --- .../annotation_jobs/heredicare_job.py | 2 +- src/common/db_IO.py | 2 + src/common/heredicare_interface.py | 6 +- .../webapp/static/css/utils.css | 10 ++ .../webapp/static/js/startup.js | 7 ++ .../webapp/templates/macros.html | 55 +++++---- .../webapp/templates/variant/variant.html | 113 ++++++++++-------- .../webapp/user/user_routes.py | 13 +- 8 files changed, 124 insertions(+), 84 deletions(-) diff --git a/src/annotation_service/annotation_jobs/heredicare_job.py b/src/annotation_service/annotation_jobs/heredicare_job.py index 42e1626b..1727f3b2 100644 --- a/src/annotation_service/annotation_jobs/heredicare_job.py +++ b/src/annotation_service/annotation_jobs/heredicare_job.py @@ -67,7 +67,7 @@ def save_to_db(self, info, variant_id, conn): conn.delete_external_id(vid, heredicare_vid_annotation_type_id, variant_id) conn.delete_unknown_heredicare_annotations() else: - print(heredicare_variant) + #print(heredicare_variant) n_fam = heredicare_variant["N_FAM"] n_pat = heredicare_variant["N_PAT"] consensus_class = heredicare_variant["PATH_TF"] if heredicare_variant["PATH_TF"] != "-1" else None diff --git a/src/common/db_IO.py b/src/common/db_IO.py index 35561a84..e79b65ed 100644 --- a/src/common/db_IO.py +++ b/src/common/db_IO.py @@ -11,6 +11,7 @@ import re from functools import cmp_to_key import os +import html # html.escape(s) def get_db_connection(roles): @@ -26,6 +27,7 @@ def get_db_connection(roles): user, pw = get_db_user(roles) conn = mysql.connector.connect(user=user, password=pw, host=host, + port=os.environ.get("DB_PORT"), database=os.environ.get("DB_NAME"), charset = 'utf8', buffered = True) # except Error as e: diff --git a/src/common/heredicare_interface.py b/src/common/heredicare_interface.py index 1146d530..f14735eb 100644 --- a/src/common/heredicare_interface.py +++ b/src/common/heredicare_interface.py @@ -352,6 +352,7 @@ def get_submission_status(self, submission_id): message = "ERROR: HerediCare API getsubmission id endpoint endpoint returned an HTTP " + str(resp.status_code) + " error: " + self.extract_error_message(resp.text) status = "api_error" else: # success + print(resp.text) resp = resp.json(strict=False) items = resp["items"] print(items) @@ -698,11 +699,6 @@ def post(self, variant, vid, options): -if __name__ == "__main__": - functions.read_dotenv() - heredicare_interface = Heredicare() - heredicare_interface.get_post_regexes() - diff --git a/src/frontend_celery/webapp/static/css/utils.css b/src/frontend_celery/webapp/static/css/utils.css index 7a52a2a2..6bc6908a 100644 --- a/src/frontend_celery/webapp/static/css/utils.css +++ b/src/frontend_celery/webapp/static/css/utils.css @@ -262,6 +262,16 @@ max-width: 50em !important; } +.popover_collapse { + position: absolute; + z-index: 1000; + width: fit-content !important; +} + +.popover_collapse > * { + font-size: 0.8rem; +} + /************** multicheck **************/ .multicheck { display: inline-grid; diff --git a/src/frontend_celery/webapp/static/js/startup.js b/src/frontend_celery/webapp/static/js/startup.js index 7740280e..52446195 100644 --- a/src/frontend_celery/webapp/static/js/startup.js +++ b/src/frontend_celery/webapp/static/js/startup.js @@ -108,12 +108,19 @@ $(document).ready(function() $(document).click(function (e) { close_popovers(e) }); + }); function close_popovers(e) { if (($('.popover').has(e.target).length == 0) || $(e.target).is('.close')) { $('[data-bs-toggle="popover"]').popover('hide'); } + + if (($('.popover_collapse').has(e.target).length == 0) || $(e.target).is('.close')) { + $(".popover_collapse").collapse('hide') + } + + // } diff --git a/src/frontend_celery/webapp/templates/macros.html b/src/frontend_celery/webapp/templates/macros.html index 708bd76a..3820002a 100644 --- a/src/frontend_celery/webapp/templates/macros.html +++ b/src/frontend_celery/webapp/templates/macros.html @@ -147,33 +147,36 @@ {% if criteria | length == 0 %}
None
{% endif %} - {% for criterium in criteria %} - + {% for criterium in criteria %} +
+ +
+
+
+
Type
+
Info
+
+
+
State
+
{{ criterium.state }}
+
+
+
Strength
+
{{ criterium.strength }}
+
+
+
Evidence
+
{{ criterium.evidence }}
+
+
- " - > -
{{ criterium.display_name() }}
- - {% endfor %} +
+ {% endfor %} + {% endmacro %} diff --git a/src/frontend_celery/webapp/templates/variant/variant.html b/src/frontend_celery/webapp/templates/variant/variant.html index 0ba507fa..682ab824 100644 --- a/src/frontend_celery/webapp/templates/variant/variant.html +++ b/src/frontend_celery/webapp/templates/variant/variant.html @@ -18,52 +18,57 @@ {% endif %} - + + + +
- {% if clinvar_queue_entry is none %} - no ClinVar submission - {% else %} - {% set status = clinvar_queue_entry[3] %} - {% set pill_color = "bg-secondary" %} - {% if status in ['processed'] %} - {% set pill_color = "bg-success" %} - {% endif %} - {% if status in ['error'] %} - {% set pill_color = "bg-danger" %} + {% set status = clinvar_queue_entry[3] %} + {% set pill_color = "bg-secondary" %} + {% if status in ['processed'] %} + {% set pill_color = "bg-success" %} + {% endif %} + {% if status in ['error'] %} + {% set pill_color = "bg-danger" %} + {% endif %} + + - +
+
Accession ID
status
message
-
+ {% if clinvar_queue_entry is not none %} +
{{clinvar_queue_entry[6]}}
{{clinvar_queue_entry[3]}}
{{clinvar_queue_entry[4]}}
- "> - {% set mrcc = variant.get_recent_consensus_classification() %} - {% if mrcc is not none %} - {% if mrcc.needs_clinvar_upload and status not in ['progress', 'processing', 'submitted', 'pending'] %} - {{macros.draw_exclamation_mark("The consensus classification needs to be uploaded to ClinVar!")}} - {% endif %} {% endif %} - ClinVar {{ clinvar_queue_entry[3] }} - - {% endif %} +
+
- {% if heredicare_queue_entries is none %} - no HerediCaRe submission - {% else %} - {% set pill_color = "bg-secondary" %} + {% set pill_color = "bg-secondary" %} + {% if heredicare_queue_entries is not none %} {% if heredicare_queue_entry_summary["status"] == "multiple stati" %} {% set pill_color = "bg-warning" %} {% endif %} @@ -73,22 +78,10 @@ {% if heredicare_queue_entry_summary["status"] == "error" or heredicare_queue_entry_summary["status"] == "api_error" %} {% set pill_color = "bg-danger" %} {% endif %} - - + {% endif %} + - {% endif %} + {% else %} + no HerediCaRe submission + {% endif %} + +
+
+
+
HerediCare VID
+
status
+
message
+
+ {% if heredicare_queue_entries is not none %} + {% for heredicare_queue_entry in heredicare_queue_entries %} +
+
{{heredicare_queue_entry[5]}}
+
{{heredicare_queue_entry[1]}}
+
{{heredicare_queue_entry[4]}}
+
+ {% endfor %} + {% endif %} +
+
+ + + + diff --git a/src/frontend_celery/webapp/user/user_routes.py b/src/frontend_celery/webapp/user/user_routes.py index 4efeaefb..becb433c 100644 --- a/src/frontend_celery/webapp/user/user_routes.py +++ b/src/frontend_celery/webapp/user/user_routes.py @@ -91,6 +91,8 @@ def my_lists(): if not public_read and public_edit: flash("You can not add a public list which is not publicly readable but publicly editable. List was not created.", 'alert-danger') + elif ';' in list_name: + flash("List names can not contain a semicolon ';' character.", 'alert-danger') else: conn.insert_user_variant_list(user_id, list_name, public_read, public_edit) flash("Successfully created new list: \"" + list_name + "\"", "alert-success flash_id:list_add_success") @@ -106,10 +108,13 @@ def my_lists(): list_permissions = conn.check_list_permission(user_id, list_id) if not list_permissions['owner']: return abort(403) - conn.update_user_variant_list(list_id, list_name, public_read, public_edit) - flash("Successfully changed list settings.", "alert-success flash_id:list_edit_permissions_success") - current_app.logger.info(session['user']['preferred_username'] + " successfully adopted settings for list: " + str(list_id)) - return redirect(url_for('user.my_lists', view=list_id)) + if ';' in list_name: + flash("List names can not contain a semicolon ';' character.", 'alert-danger') + else: + conn.update_user_variant_list(list_id, list_name, public_read, public_edit) + flash("Successfully changed list settings.", "alert-success flash_id:list_edit_permissions_success") + current_app.logger.info(session['user']['preferred_username'] + " successfully adopted settings for list: " + str(list_id)) + return redirect(url_for('user.my_lists', view=list_id)) if request_type == 'delete_list': list_id = request.form['list_id'] if list_id == "":