Merge pull request #115 from broadinstitute/development

Ideogram.js, Cell Ranger upgrades

Author: bistline

.gitignore

@@ -26,3 +26,4 @@ ssmtp.conf
 
 # Ignore hidden macOS files
 .DS_Store
+/config/.read_only_service_account.json

Dockerfile

@@ -1,5 +1,5 @@
 # use KDUX base Rails image, configure only project-specific items here
-FROM broadinstitute/kdux-rails-baseimage:1.0
+FROM broadinstitute/kdux-rails-baseimage:1.1
 
 # Set ruby version
 RUN bash -lc 'rvm --default use ruby-2.3.6'
@@ -11,7 +11,8 @@ COPY Gemfile.lock /home/app/webapp/Gemfile.lock
 WORKDIR /home/app/webapp
 RUN bundle install
 COPY set_user_permissions.bash /etc/my_init.d/01_set_user_permissions.bash
-COPY rails_startup.bash /etc/my_init.d/02_rails_startup.bash
+COPY generate_dh_parameters.bash /etc/my_init.d/02_generate_dh_parameters.bash
+COPY rails_startup.bash /etc/my_init.d/03_rails_startup.bash
 
 # Configure NGINX
 RUN rm /etc/nginx/sites-enabled/default

README.rdoc

@@ -54,6 +54,10 @@ portal is configured and ready to use:
   * For 'Authorized Javascript Origins', enter <code>https://(your hostname)/single_cell</code>
   * For 'Authorized redirect URIs', enter <code>https://(your hostname)/single_cell/users/auth/google_oauth2/callback</code>
   * Save the client id
+* <b>Whitelisting your OAuth Audience</b>
+	* Once you have exported your OAuth credentials, you will need to have your client id whitelisted to allow it to make
+	  authenticated requests into the FireCloud API as per {OpenID Connect 1.0}[http://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation]
+	* Send an email to <b>dsp-devops@broadinstitute.org</b> with your OAuth2 client ID so it can be added to the whitelist
 * <b>GCP Service Account keys</b>: Regardless of where the portal is deployed, it requires a Google Cloud Platform Service Account in order to make authenticated calls into FireCloud and Google Cloud Storage.  Therefore, you must export the default service account key.  See https://developers.google.com/identity/protocols/OAuth2ServiceAccount for more information about service accounts.  To export the credentials:
   * Log into your new GCP project
   * Click the navigation menu in the top left and select 'IAM & Admin	' > 'Service Accounts'
@@ -71,7 +75,7 @@ portal is configured and ready to use:
   * Log in with the admin account, and select 'Admin Configurations' from the profile menu (top righthand corner)
   * At the bottom of the page, in the 'Other Tasks' dropdown, select 'Manage Service Account FireCloud Registration' and click 'Execute Task'
   * Fill out all form fields and submit
-* <b>Creating a FireCloud Project</b>: Before you can create studies, you will need to create a FireCloud project that will own all the workspaces created in the portal.  To do this:
+* <b>Creating a FireCloud Project</b>: Once your OAuth audience has been whitelisted, and before you can create studies, you will need to create a FireCloud project that will own all the workspaces created in the portal.  To do this:
   * Create a {Google Billing Project}[https://software.broadinstitute.org/firecloud/documentation/article?id=9762].
   * Using the same Google account that owns the billing project, log into the portal and select 'My Billing Projects' from the profile menu.
   * Click 'New Billing Project' at the bottom of the page

app/assets/javascripts/application.js

@@ -53,11 +53,13 @@
 //= require sheather_jones
 //= require jquery.stickyPanel
 //= require clipboard.min
+//= require ideogram.min
 
 var fileUploading = false;
 var PAGE_RENDERED = false;
 var OPEN_MODAL = '';
 var CLUSTER_TYPE = '3d';
+var UNSAFE_CHARACTERS = /[\;\/\?\:\@\=\&\'\"\<\>\#\%\{\}\|\\\^\~\[\]\`]/g;
 
 // Minimum width of plot + legend
 // Addresses https://github.com/broadinstitute/single_cell_portal/issues/20
@@ -863,6 +865,20 @@ function validateUnique(formId, textFieldClass) {
     });
 }
 
+// validate a name that will be used as a URL query string parameter (remove unsafe characters)
+function validateName(value, selector) {
+    if ( value.match(UNSAFE_CHARACTERS) ) {
+        alert('You have entered invalid characters for cluster/gene list names: \"' + value.match(UNSAFE_CHARACTERS).join(', ') + '\".  These have been automatically removed from the entered value.');
+        sanitizedName = value.replace(UNSAFE_CHARACTERS, '');
+        selector.val(sanitizedName);
+        selector.parent().addClass('has-error');
+        return false
+    } else {
+        selector.parent().removeClass('has-error');
+        return true
+    }
+}
+
 function validateCandidateUpload(formId, filename, classSelector) {
     var names = [];
     classSelector.each(function(index, name) {

app/assets/javascripts/ideogram.min.js

@@ -320,7 +320,7 @@ def set_admin_configuration
 
   # Never trust parameters from the scary internet, only allow the white list through.
   def admin_configuration_params
-    params.require(:admin_configuration).permit(:config_type, :value_type, :value, :multiplier)
+    params.require(:admin_configuration).permit(:config_type, :value_type, :value, :multiplier, configuration_options_attributes: [:id, :name, :value, :_destroy])
   end
 
   def user_params

app/assets/javascripts/ideogram.min.js.map

@@ -32,7 +32,7 @@ def index
     billing_accounts = @fire_cloud_client.get_billing_accounts
     @accounts = billing_accounts.map {|account| [account['displayName'], account['accountName']]}
     @projects = {}
-    billing_projects = @fire_cloud_client.get_billing_projects
+    billing_projects = @fire_cloud_client.get_billing_projects.keep_if {|project| project['role'] == 'Owner'}
 
     # load user list for each project
     billing_projects.each do |project|
@@ -198,7 +198,7 @@ def load_service_account
 
   # check to make sure that the current user has access to the current project
   def check_project_permissions
-    projects = @fire_cloud_client.get_billing_projects
+    projects = @fire_cloud_client.get_billing_projects.keep_if {|project| project['role'] == 'Owner'}
     unless projects.map {|project| project['projectName']}.include?(params[:project_name])
       redirect_to merge_default_redirect_params(billing_projects_path, scpbr: params[:scpbr]), alert: 'You do not have permission to perform that action.' and return
     end

app/controllers/admin_configurations_controller.rb

@@ -154,6 +154,9 @@ def index
           when /cell-ranger/
             pipeline_inputs = analysis.payload['inputs'].detect {|input| input['name'] == 'cellranger.fastqs'}
             @inputs = pipeline_inputs['value']
+          when /infercnv/
+            pipeline_inputs = analysis.payload['inputs'].detect {|input| input['name'] == 'infercnv.expression_file'}
+            @inputs = [pipeline_inputs['value']]
           else
             # make a guess, we have no idea
             pipeline_inputs = analysis.payload['inputs'].select {|input| input['name'] =~ /fastq/}
@@ -162,19 +165,27 @@ def index
             end
             @inputs.flatten!
         end
-        fastq_files = @inputs.map {|input| input.gsub(/gs:\/\/#{study.bucket_id}\//, '')}
+        input_files = @inputs.map {|input| input.gsub(/gs:\/\/#{study.bucket_id}\//, '')}
         # we need to now find the size of the files for the plot
-        fastq_files.each do |fastq|
-          directory = fastq.include?('/') ? fastq.split('/').first : '/'
-          study_directory = study.directory_listings.find_by(name: directory)
-          if study_directory.present?
-            study_directory_file = study_directory.files.detect {|f| f['name'] == fastq}
-            input_size += study_directory_file['size']
-          else
-            study_file = study.study_files.by_type('Fastq').detect {|f| f.name == fastq}
-            if study_file.present? && !study_file.human_data?
-              input_size += study_file.upload_file_size
-            end
+        input_files.each do |file|
+          case pipeline_name
+            when /infercnv/
+              study_file = study.study_files.by_type('Expression Matrix').detect {|f| f.name == file}
+              if study_file.present? && !study_file.human_data?
+                input_size += study_file.upload_file_size
+              end
+            else
+              directory = file.include?('/') ? file.split('/').first : '/'
+              study_directory = study.directory_listings.find_by(name: directory)
+              if study_directory.present?
+                study_directory_file = study_directory.files.detect {|f| f['name'] == file}
+                input_size += study_directory_file['size']
+              else
+                study_file = study.study_files.by_type('Fastq').detect {|f| f.name == file}
+                if study_file.present? && !study_file.human_data?
+                  input_size += study_file.upload_file_size
+                end
+              end
           end
         end
         if @pipeline_runtimes[pipeline_name].present?