From 432570bb244599034ac2c949ebcb8e85972419bf Mon Sep 17 00:00:00 2001
From: adkinsrs <sadkins@som.umaryland.edu>
Date: Tue, 20 Aug 2024 15:45:36 -0400
Subject: [PATCH] Added "group" ownership query (#787)

---
 www/cgi/search_datasets.cgi   | 14 +++++++++++++-
 www/cgi/search_gene_carts.cgi | 21 +++++++++++++++++++--
 2 files changed, 32 insertions(+), 3 deletions(-)

diff --git a/www/cgi/search_datasets.cgi b/www/cgi/search_datasets.cgi
index 7316eacc..abce2780 100755
--- a/www/cgi/search_datasets.cgi
+++ b/www/cgi/search_datasets.cgi
@@ -97,13 +97,25 @@ def main():
                 #  match.
                 ownership_bits.append("d.id IN ('XYZ')")
 
+            if 'group' in owners:
+                ownership_bits.append("d.owner_id IN \
+                                        (SELECT DISTINCT user_id FROM user_group_membership WHERE group_id IN \
+                                        (SELECT group_id FROM user_group_membership WHERE user_id = %s)) \
+                                        ")
+                qry_params.append(user.id)
+
         else:
             ownership_bits.append("d.is_public = 1")
             ownership_bits.append("d.owner_id = %s")
-            qry_params.append(user.id)
             if shared_dataset_id_str:
                 ownership_bits.append(f"d.id IN ({shared_dataset_id_str})")
 
+            ownership_bits.append("d.owner_id IN \
+                                    (SELECT DISTINCT user_id FROM user_group_membership WHERE group_id IN \
+                                    (SELECT group_id FROM user_group_membership WHERE user_id = %s)) \
+                                    ")
+            qry_params.extend([user.id, user.id])
+
         wheres.append(f"({' OR '.join(ownership_bits)})")   # OR accomodates the "not ownership" case
 
     else:
diff --git a/www/cgi/search_gene_carts.cgi b/www/cgi/search_gene_carts.cgi
index a0cbd270..c97fd4e7 100755
--- a/www/cgi/search_gene_carts.cgi
+++ b/www/cgi/search_gene_carts.cgi
@@ -79,12 +79,29 @@ def main():
             if 'public' in owners:
                 ownership_bits.append("gc.is_public = 1")
 
+            if 'shared' in owners:
+                # NOT IMPLEMENTED YET
+                pass
+
+            if 'group' in owners:
+                ownership_bits.append("gc.user_id IN \
+                        (SELECT DISTINCT user_id FROM user_group_membership WHERE group_id IN \
+                        (SELECT group_id FROM user_group_membership WHERE user_id = %s)) \
+                        ")
+                qry_params.append(user.id)
+
             wheres.append("AND ({0})".format(' OR '.join(ownership_bits)))
 
         # otherwise, give the usual self and public.
         else:
-            wheres.append("AND (gc.is_public = 1 OR gc.user_id = %s)")
-            qry_params.append(user.id)
+            wheres.append("AND (gc.is_public = 1 \
+                                OR gc.user_id = %s \
+                                OR (gc.user_id IN \
+                                    (SELECT DISTINCT user_id FROM user_group_membership WHERE group_id IN \
+                                        (SELECT group_id FROM user_group_membership WHERE user_id = %s)) \
+                                    ) \
+                                )")
+            qry_params.extend([user.id, user.id])
 
     if search_terms:
         selects.append(' MATCH(gc.label, gc.ldesc) AGAINST("%s" IN BOOLEAN MODE) as rscore')