bbmri-eric / negotiator Goto Github PK
View Code? Open in Web Editor NEWAn Open-source access negotation system for Research Infrastructures
Home Page: https://negotiator.bbmri-eric.eu
License: GNU Affero General Public License v3.0
An Open-source access negotation system for Research Infrastructures
Home Page: https://negotiator.bbmri-eric.eu
License: GNU Affero General Public License v3.0
Brief description.
Implement private posts functionality. This allows to exchange messages related to a specific resource that is part of a negotiation.
Desired functionality acceptance criteria
Brief description.
We need a way to get User roles from the backend.
Example DTO returned from /user: {roles : ["ADMIN", "RESEARCHER", "REPRESENTATIVE","biobank1:collection1"]}
Desired functionality acceptance criteria
Brief description.
We need to add support for priavte posts between a researcher and representatives of a specific resource. For now support only 1:1 communication.
Desired functionality acceptance criteria
Brief description.
We need to offer a way for representatives to override the state machine so they do not have to follow through all individual steps.
Desired functionality acceptance criteria
If the access token is expired, the user seems logged in (i.e., the AAI session is still valid), but the calls to the backend fail with 401 Unauthorized
The user is logged in (indeed the user name is shown in the header) but it is not possible to access the backend
The calls to the backend should succeed
Describe the bug
SQL script init inserts same datasource on each restart
How to reproduce
Spin up with a postgres DB and restart the app.
What happens
Same datasource was inserted for the second time.
What should happen
There should be only one datasource.
To remove unneeded complexity we should remove the nesting of resources in a request entity. Instead of this we should use a new nested Organization entity to handle additional information about parent institution.
Describe the bug
You can post anything to the create negotiation endpoint.
How to reproduce
Create request and negotiation using postman.
What happens
A negotiation is created even though you have provided a payload that does not match the access criteria.
What should happen
You should receive a 400 error.
Brief description.
For auditing and debuggin purposes it would be beneficial to store history of changes in the DB.
Desired functionality acceptance criteria
Create an endpoint that accepts POST from an outside service and responds with a redirect URL for filling out a form specific to this received request.
Brief description.
We need to add a way for administrators from NNs to add comments to Negotiations as reminders.
Brief description.
We currently have just a stub access criteria form and we need to copy over the default BBMRI-ERIC template from V2.
Desired functionality acceptance criteria
Brief description.
We need a way for the user to specify additional details to state changes.
Desired functionality acceptance criteria
The mapping between the internal Negotiator User and the User from the OIDC server is configured by indicating the token's claim that contains the authUser in negotiator.authorization.subjectClaim.
If the token doesn't have the configured claim, an error should be sent
Brief description.
We lack a way of verifying the health of the application.
Desired functionality acceptance criteria
A REST API endpoint reachable at v1/health, no auth needed.
https://testfully.io/blog/api-health-check-monitoring/#api-health-check-list
Brief description.
Currently, the metadata of an attachment in the Negotiation response is duplicated in the attachments
field and in the related field in the payload. We should think of a more effective way to represent the attachments
Describe the bug
When a Researcher tries to abandon a negotiation, it gets a 403 forbidden response
How to reproduce
/negotiations/{id}/lifecycle/ABANDON
)What happens
The backend returns a 403 Forbidden response
What should happen
The backend should return 204 No Content and the negotiation status should be updated
Notes
The bug is related to the condition in the NegotiationController for methods sendEvent
if (!NegotiatorUserDetailsService.isCurrentlyAuthenticatedUserAdmin()) {
throw new ResponseStatusException(HttpStatus.FORBIDDEN);
}
Probably, also as Biobanker the user would get a 403 Forbidden
Brief description.
We need to migrate data from v2 database.
Desired functionality acceptance criteria
Spring Framework 6
Spring boot 3.1
Spring security 6
Migrate javax to Jakarta
Describe the bug
When fetching negotiations from the backend the rep receives not approved Negotiations.
How to reproduce
Describe the bug
The REST controller does not verify validity of ENUM values.
How to reproduce
Send fake event to lifecycle endpoint.
What happens
500 server error.
What should happen
Wrong request with description.
Describe the bug
Negotiation state gets reset when getting all negotiations after restarting the database
How to reproduce
What happens
The negotiation state is reset.
What should happen
The negotiation state should not be reset.
Brief description.
Add more loging calls with a clear way how to specify logging level.
Desired functionality acceptance criteria
More concise logs with an env for logging level.
Brief description.
We need to add a way to group messages into threads. This should be possible for both private(1:1) and public messages/posts.
Desired functionality acceptance criteria
Brief description.
Add endpoint for all possible lifecycle stages
Desired functionality acceptance criteria
The goal is to have a working swagger UI for API documentation and testing
Brief description.
Create an endpoint for uploading file attachments such as PDFs.
Desired functionality acceptance criteria
An authenticated user can upload an attachemnt.
The attachment is linked to a negotiation.
The attachment can be pulled using HTTP Get.
Brief description.
Add system tests for dev and prod environment deployments testing running docker containers with H2 and PostgreSQL.
We need to add automatic login tests for validating the correct handling of JWT
Brief description.
ROLE: Researcher, Representative
Negotiator needs to send notifications for any changes to relevant requests, specifically comments and state changes. The implementation should maybe include a Notification entity: who, which request, What changed, when, wasRead.
Desired functionality acceptance criteria
Brief description.
We need a way to sync/verify resources with Molgenis (Potentionally other discovery services).
Desired functionality acceptance criteria
Describe the bug
https://negotiator-v3.bbmri-eric.eu/api/swagger-ui/index.html#/ shows too many internal entities that have nothing to do with REST and should be hidden.
How to reproduce
Brief description.
The system currently lacks a good e2e and integration tests setup verifying the functionality of the system as a whole.
Desired functionality acceptance criteria
Brief description.
We need a way for the Admin to get all Negotiations that are in state "SUBMITTED".
Desired functionality acceptance criteria
Describe the bug
If a new user that is not already present in the DB then getting roles fails with 500 for the first time because it's trying to also get all negotiations at the same time.
How to reproduce
Login as a new user.
What happens
HTTP 500
What should happen
HTTP 200 and the user should only see relevant tabs.
In order to make the test suite more flexible it's needed to rewrite most of the e2e tests into unit tests.
Brief description.
We need a way to model organizations managing negotiable resources.
Desired functionality acceptance criteria
Setup correct authentication flow. Keep in mind the capability to use multiple tabs.
Generalise the Perun classes.
Brief description.
Add code quality reporting and dependency tracking using github actions.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.