Improved permission checks and test coverage

Author: labkey-jeckels

resources/queries/targetedms/InstrumentBilling.sql

@@ -28,8 +28,9 @@ SELECT
     TIMESTAMPDIFF('SQL_TSI_HOUR', StartTime, EndTime) * ir.Fee + ir.rateType.setupFee AS TotalCost,
     iup.PaymentMethod.UWBudgetNumber AS Payment_Method,
     iup.PaymentMethod.Name AS Payment_Method_Name,
-    iup.PercentPayment
+    iup.PercentPayment,
+    ((TIMESTAMPDIFF('SQL_TSI_HOUR', StartTime, EndTime) * Fee + ir.rateType.setupFee) * PercentPayment / 100) AS AmountBilled
 
 FROM targetedms.InstrumentSchedule i
-LEFT OUTER JOIN targetedms.InstrumentRate ir ON i.Instrument = ir.Instrument
-LEFT OUTER JOIN targetedms.InstrumentUsagePayment iup ON i.Id = iup.InstrumentScheduleId
+INNER JOIN targetedms.InstrumentRate ir ON i.Instrument = ir.Instrument
+INNER JOIN targetedms.InstrumentUsagePayment iup ON i.Id = iup.InstrumentScheduleId

resources/queries/targetedms/InstrumentBillingByMonth.sql

@@ -31,7 +31,8 @@ SELECT
     Payment_Method,
     Payment_Method_Name,
     PercentPayment,
-    ((HoursInRange * Fee + Setup_Cost) * PercentPayment / 100) AS AmountBilled
+    -- Only include the setup fee when the beginning of the reservation falls within the report's time window
+    ((HoursInRange * Fee + (CASE WHEN StartDate <= StartBillDate THEN 0 ELSE Setup_Cost END)) * PercentPayment / 100) AS AmountBilled
 
 FROM
     (SELECT

resources/queries/targetedms/instrumentBilling.query.xml

@@ -2,13 +2,17 @@
     <metadata>
         <tables xmlns="http://labkey.org/data/xml">
             <table tableName="instrumentBilling" tableDbType="TABLE">
+                <tableTitle>Instrument Billing</tableTitle>
                 <columns>
                     <column columnName="Hours">
                         <formatString>0.0</formatString>
                     </column>
                     <column columnName="TotalCost">
                         <formatString>$#,##0.00</formatString>
                     </column>
+                    <column columnName="AmountBilled">
+                        <formatString>$#,##0.00</formatString>
+                    </column>
                 </columns>
             </table>
         </tables>

resources/queries/targetedms/instrumentBillingByMonth.query.xml

@@ -2,6 +2,7 @@
     <metadata>
         <tables xmlns="http://labkey.org/data/xml">
             <table tableName="instrumentBillingByMonth" tableDbType="TABLE">
+                <tableTitle>Instrument Billing by Month</tableTitle>
                 <columns>
                     <column columnName="HoursInRange">
                         <formatString>0.0</formatString>

src/org/labkey/targetedms/TargetedMSSchema.java

@@ -105,6 +105,7 @@
 import org.labkey.targetedms.query.PeptideTableInfo;
 import org.labkey.targetedms.query.PrecursorChromInfoTable;
 import org.labkey.targetedms.query.PrecursorTableInfo;
+import org.labkey.targetedms.query.ProjectAddUserTrigger;
 import org.labkey.targetedms.query.QCAnnotationTable;
 import org.labkey.targetedms.query.QCAnnotationTypeTable;
 import org.labkey.targetedms.query.QCEnabledMetricsTable;
@@ -1631,7 +1632,7 @@ public DisplayColumn createRenderer(ColumnInfo colInfo)
                 TABLE_PROJECT_RESEARCHER.equalsIgnoreCase(name) ||
                 TABLE_INSTRUMENT_USAGE_PAYMENT.equalsIgnoreCase(name))
         {
-            var result = new OwnProjectSchedulingTable(name, this, cf, TABLE_MS_PROJECT.equalsIgnoreCase(name));
+            var result = new OwnProjectSchedulingTable(name, this, cf, !TABLE_MS_PROJECT.equalsIgnoreCase(name));
             if (TABLE_INSTRUMENT_USAGE_PAYMENT.equalsIgnoreCase(name))
             {
                 result.addTriggerFactory((c, table, extraContext) -> List.of(new InstrumentUsagePaymentTrigger("InstrumentScheduleId")));
@@ -1654,17 +1655,19 @@ public DisplayColumn createRenderer(ColumnInfo colInfo)
                 {
                     result.addCondition(projectMemberSql, FieldKey.fromParts("Id"));
                 }
+                result.addTriggerFactory((c, table, extraContext) -> List.of(new ProjectAddUserTrigger()));
             }
             else if (TABLE_INSTRUMENT_USAGE_PAYMENT.equalsIgnoreCase(name))
             {
                 // For non-admins, completely hide payment data for projects they're not associated with
                 if (!getContainer().hasPermission(getUser(), AdminPermission.class))
                 {
-                    SQLFragment projectMemberSql = new SQLFragment("EXISTS (SELECT Project FROM ");
+                    SQLFragment projectMemberSql = new SQLFragment("InstrumentScheduleId IN (SELECT i.Id FROM ");
+                    projectMemberSql.append(TargetedMSManager.getTableInfoInstrumentSchedule(), "i");
+                    projectMemberSql.append(" INNER JOIN ");
                     projectMemberSql.append(TargetedMSManager.getTableInfoProjectResearcher(), "pr");
-                    projectMemberSql.append(" WHERE pr.researcher = ? AND pr.project = ");
+                    projectMemberSql.append(" ON i.Project = pr.Project AND pr.researcher = ?)");
                     projectMemberSql.add(getUser().getUserId());
-                    projectMemberSql.append(ExprColumn.STR_TABLE_ALIAS).append(".Project)");
                     result.addCondition(projectMemberSql, FieldKey.fromParts("Project"));
                 }
 

src/org/labkey/targetedms/query/InstrumentScheduleOverlapTrigger.java

@@ -15,46 +15,49 @@
 import java.util.Map;
 
 /**
- * Prevents overlapping instrument schedule entries for the same instrument.
+ * Prevents overlapping instrument schedule entries for the same instrument and that the instrument is active.
  */
 public class InstrumentScheduleOverlapTrigger implements Trigger
 {
     @Override
-    public void beforeInsert(TableInfo table, Container c, User user, Map<String, Object> newRow, ValidationException errors, Map<String, Object> extraContext)
+    public void beforeInsert(TableInfo table, Container c, User user, Map<String, Object> newRow, ValidationException errors, Map<String, Object> extraContext) throws ValidationException
     {
-        validateNoOverlap(newRow, null, errors);
+        validateNoOverlap(newRow, null);
+        Number instrument = (Number) newRow.get("Instrument");
+        SqlSelector selector = new SqlSelector(TargetedMSManager.getSchema(), "SELECT Id FROM " + TargetedMSManager.getTableInfoMSInstrument() + " WHERE Id = ? AND Active = ?", instrument, true);
+        if (!selector.exists())
+        {
+            throw new ValidationException("Instrument does not exist or is not active");
+        }
     }
 
     @Override
-    public void beforeUpdate(TableInfo table, Container c, User user, @Nullable Map<String, Object> newRow, @Nullable Map<String, Object> oldRow, ValidationException errors, Map<String, Object> extraContext)
+    public void beforeUpdate(TableInfo table, Container c, User user, @Nullable Map<String, Object> newRow, @Nullable Map<String, Object> oldRow, ValidationException errors, Map<String, Object> extraContext) throws ValidationException
     {
         // Use the Id from either newRow or oldRow to exclude the current record
         Integer id = getId(newRow);
         if (id == null)
             id = getId(oldRow);
-        validateNoOverlap(newRow, id, errors);
+        validateNoOverlap(newRow, id);
     }
 
-    private void validateNoOverlap(Map<String, Object> row, @Nullable Integer excludeId, ValidationException errors)
+    private void validateNoOverlap(Map<String, Object> row, @Nullable Integer excludeId) throws ValidationException
     {
         Number instrument = (Number) row.get("Instrument");
         Date start = (Date) row.get("StartTime");
         Date end = (Date) row.get("EndTime");
 
         if (instrument == null)
         {
-            errors.addGlobalError("Instrument is required");
-            return;
+            throw new ValidationException("Instrument is required");
         }
         if (start == null || end == null)
         {
-            errors.addGlobalError("StartTime and EndTime are required");
-            return;
+            throw new ValidationException("StartTime and EndTime are required");
         }
         if (!start.before(end))
         {
-            errors.addGlobalError("StartTime must be before EndTime");
-            return;
+            throw new ValidationException("StartTime must be before EndTime");
         }
 
         // Overlap condition: existing.start < new.end AND existing.end > new.start
@@ -75,7 +78,7 @@ private void validateNoOverlap(Map<String, Object> row, @Nullable Integer exclud
         boolean overlapExists = new SqlSelector(TargetedMSManager.getSchema(), sql).exists();
         if (overlapExists)
         {
-            errors.addGlobalError("Instrument schedule overlaps with an existing reservation for this instrument");
+            throw new ValidationException("Instrument schedule overlaps with an existing reservation for this instrument");
         }
     }
 

src/org/labkey/targetedms/query/InstrumentScheduleTable.java

@@ -24,7 +24,7 @@ public class InstrumentScheduleTable extends OwnProjectSchedulingTable
 {
     public InstrumentScheduleTable(TargetedMSSchema schema, ContainerFilter cf)
     {
-        super(TargetedMSSchema.TABLE_INSTRUMENT_SCHEDULE, schema, cf, false);
+        super(TargetedMSSchema.TABLE_INSTRUMENT_SCHEDULE, schema, cf, true);
         addTriggerFactory((c, table, extraContext) -> List.of(
             new InstrumentUsagePaymentTrigger("Id"),
             new InstrumentScheduleOverlapTrigger()

src/org/labkey/targetedms/query/InstrumentUsagePaymentTrigger.java

@@ -81,6 +81,26 @@ public void complete(TableInfo table, Container c, User user, TableInfo.TriggerT
             {
                 throw new ApiUsageException("Instrument usage payments do not add up to 100%");
             }
+
+            for (int scheduleId : _schedulesToCheck)
+            {
+                SQLFragment wrongProjectSql = new SQLFragment("SELECT * FROM ");
+                wrongProjectSql.append(TargetedMSManager.getTableInfoInstrumentUsagePayment(), "iup");
+                wrongProjectSql.append(" INNER JOIN ");
+                wrongProjectSql.append(TargetedMSManager.getTableInfoInstrumentSchedule(), "s");
+                wrongProjectSql.append(" ON iup.InstrumentScheduleId = s.Id\n");
+                wrongProjectSql.append(" WHERE iup.InstrumentScheduleId = ? AND iup.PaymentMethod NOT IN (SELECT PaymentMethod FROM ");
+                wrongProjectSql.add(scheduleId);
+                wrongProjectSql.append(TargetedMSManager.getTableInfoProjectPaymentMethod(), "ppm");
+                wrongProjectSql.append(" WHERE ppm.Project = s.Project)");
+
+                if (new SqlSelector(TargetedMSManager.getSchema(), wrongProjectSql).exists())
+                {
+                    throw new ApiUsageException("Instrument usage payments are not using a payment method that is configured for the project.");
+                }
+            }
+
+
         }, DbScope.CommitTaskOption.PRECOMMIT);
     }
 }

src/org/labkey/targetedms/query/ProjectAddUserTrigger.java

@@ -0,0 +1,32 @@
+package org.labkey.targetedms.query;
+
+import org.jetbrains.annotations.Nullable;
+import org.labkey.api.data.Container;
+import org.labkey.api.data.Table;
+import org.labkey.api.data.TableInfo;
+import org.labkey.api.data.triggers.Trigger;
+import org.labkey.api.query.ValidationException;
+import org.labkey.api.security.User;
+import org.labkey.targetedms.TargetedMSManager;
+
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.Map;
+
+public class ProjectAddUserTrigger implements Trigger
+{
+
+    @Override
+    public void afterInsert(TableInfo table, Container c,
+                             User user, @Nullable Map<String, Object> newRow,
+                             ValidationException errors, Map<String, Object> extraContext, @Nullable Map<String, Object> existingRecord) throws ValidationException
+    {
+        // Add the creating user to the membership list
+        Map<String, Object> membership = new HashMap<>();
+        membership.put("Project", newRow.get("Id"));
+        membership.put("Researcher", user.getUserId());
+        membership.put("Container", c.getId());
+
+        Table.insert(user, TargetedMSManager.getTableInfoProjectResearcher(), membership);
+    }
+}

src/org/labkey/targetedms/query/SimpleTargetedMSTable.java

@@ -3,17 +3,17 @@
 import org.jetbrains.annotations.NotNull;
 import org.labkey.api.data.ContainerFilter;
 import org.labkey.api.query.DefaultQueryUpdateService;
-import org.labkey.api.query.FilteredTable;
 import org.labkey.api.query.QueryUpdateService;
+import org.labkey.api.query.SimpleUserSchema;
 import org.labkey.api.security.UserPrincipal;
 import org.labkey.api.security.permissions.Permission;
 import org.labkey.targetedms.TargetedMSSchema;
 
-public class SimpleTargetedMSTable extends FilteredTable<TargetedMSSchema>
+public class SimpleTargetedMSTable extends SimpleUserSchema.SimpleTable<TargetedMSSchema>
 {
     public SimpleTargetedMSTable(String name, TargetedMSSchema schema, ContainerFilter cf)
     {
-        super(TargetedMSSchema.getSchema().getTable(name), schema, cf);
+        super(schema, TargetedMSSchema.getSchema().getTable(name), cf);
         wrapAllColumns(true);
     }