Skip to content

fix: Search filters returned all possible options, not just values for which uset had permissions #632

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
bencap wants to merge 3 commits into
base: release-2025.5.1
Choose a base branch
from
Open

fix: Search filters returned all possible options, not just values for which uset had permissions #632

bencap wants to merge 3 commits into from

Conversation

@bencap
Copy link
Collaborator

@bencap bencap commented Dec 24, 2025
edited
Loading

This pull request adds permission checks to score sets when generating filter options to ensure users can only see filters for which they have permissions to read. To support this change and prevent circular imports, it also refactors the handling of the UserData type throughout the codebase.

Score set search filter logic update:

  • Updated the signature of fetch_score_set_search_filter_options in src/mavedb/lib/score_sets.py to accept a requester parameter of type UserData, and added per-score-set permission checks to ensure only permitted score sets are included in the filter options. ([1], [2])
  • Added performance notes and suggestions for future optimization in the score set filter construction loop. (src/mavedb/lib/score_sets.pyL301-R335)

Type definition refactoring:

  • Moved the definition of the UserData dataclass from src/mavedb/lib/authentication.py to a new module, src/mavedb/lib/types/authentication.py, and removed its previous definition. ([1], [2])
  • Updated all imports of UserData in various files (including authorization, permissions, experiments, routers, and utilities) to reference src/mavedb/lib/types/authentication.py instead of src/mavedb/lib/authentication.py. ([1], [2], [3], [4], [5], [6], [7], [8], [9], [10], [11], [12], [13], [14], [15], [16], [17], [18], [19], [20], [21], [22], [23])

@bencap
refactor: move UserData class to types module and update imports acro…
7f3ee78 
…ss the codebase

This change makes circular imports stemming from the import of this dataclass more unlikely.
@bencap
fix: score set filter options were giving back options for score sets…
f5a7578 
… the reqesting user did not have permissions on
@bencap
refactor: optimize loops in score set search filter options
6d8fc26
@bencap bencap requested a review from jstone-dev December 24, 2025 19:33
@bencap bencap linked an issue Dec 24, 2025 that may be closed by this pull request
Search filters are populated from all score sets, not just a users viewable subset #614
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jstone-dev jstone-dev Awaiting requested review from jstone-dev

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Search filters are populated from all score sets, not just a users viewable subset

2 participants

@bencap