feat: deprecate published for study_status

hpi-studyu · johannesvedder · Jun 19, 2024 · May 25, 2024 · May 25, 2024 · May 26, 2024
commit 3cf8804463bb10d8e5d8a25aa5cd99664e0a7cee
diff --git a/app/lib/screens/study/onboarding/study_selection.dart b/app/lib/screens/study/onboarding/study_selection.dart
@@ -159,10 +159,6 @@ class _StudySelectionScreenState extends State<StudySelectionScreen> {
  child: StudyTile.fromStudy(
  study: study,
  onTap: () async {
- if (study.isClosed) {
- await showStudyClosedDialog(context);
- return;
- }
  await navigateToStudyOverview(context, study);
  },
  ),

diff --git a/core/lib/src/models/tables/study.dart b/core/lib/src/models/tables/study.dart
@@ -54,10 +54,10 @@ class Study extends SupabaseObjectFunctions<Study> implements Comparable<Study>
  late Contact contact = Contact();
  @JsonKey(name: 'icon_name', defaultValue: 'accountHeart')
  late String iconName = 'accountHeart';
+ @Deprecated('Use status instead')
  @JsonKey(defaultValue: false)
  late bool published = false;
- @JsonKey(name: 'is_closed', defaultValue: false)
- bool isClosed = false;
+ late StudyStatus status = StudyStatus.draft;
  @JsonKey(fromJson: _questionnaireFromJson)
  late StudyUQuestionnaire questionnaire = StudyUQuestionnaire();
  @JsonKey(name: 'eligibility_criteria', fromJson: _eligibilityCriteriaFromJson)
@@ -231,7 +231,7 @@ class Study extends SupabaseObjectFunctions<Study> implements Comparable<Study>
  static Future<ExtractionResult<Study>> publishedPublicStudies() async {
  ExtractionResult<Study> result;
  try {
- final response = await env.client.from(tableName).select().eq('participation', 'open').eq("is_closed", false);
+ final response = await env.client.from(tableName).select().eq('participation', 'open').eq("closed", false);
  final extracted = SupabaseQuery.extractSupabaseList<Study>(List<Map<String, dynamic>>.from(response));
  result = ExtractionSuccess<Study>(extracted);
  } on ExtractionFailedException<Study> catch (error) {
@@ -292,26 +292,17 @@ class Study extends SupabaseObjectFunctions<Study> implements Comparable<Study>
 
  // - Status
 
- StudyStatus get status {
- if (isClosed) {
- return StudyStatus.closed;
- }
- if (published) {
- return StudyStatus.running;
- }
- return StudyStatus.draft;
- }
-
  bool get isDraft => status == StudyStatus.draft;
  bool get isRunning => status == StudyStatus.running;
+ bool get isClosed => status == StudyStatus.closed;
 
  bool isReadonly(User user) {
  return status != StudyStatus.draft || !canEdit(user);
  }
 
  @override
  String toString() {
- return 'Study{id: $id, title: $title, description: $description, userId: $userId, participation: $participation, resultSharing: $resultSharing, contact: $contact, iconName: $iconName, published: $published, questionnaire: $questionnaire, eligibilityCriteria: $eligibilityCriteria, consent: $consent, interventions: $interventions, observations: $observations, schedule: $schedule, reportSpecification: $reportSpecification, results: $results, collaboratorEmails: $collaboratorEmails, registryPublished: $registryPublished, participantCount: $participantCount, endedCount: $endedCount, activeSubjectCount: $activeSubjectCount, missedDays: $missedDays, repo: $repo, invites: $invites, participants: $participants, participantsProgress: $participantsProgress, createdAt: $createdAt}';
+ return 'Study{id: $id, title: $title, description: $description, userId: $userId, participation: $participation, resultSharing: $resultSharing, contact: $contact, iconName: $iconName, published: <deprecated>, status: $status, questionnaire: $questionnaire, eligibilityCriteria: $eligibilityCriteria, consent: $consent, interventions: $interventions, observations: $observations, schedule: $schedule, reportSpecification: $reportSpecification, results: $results, collaboratorEmails: $collaboratorEmails, registryPublished: $registryPublished, participantCount: $participantCount, endedCount: $endedCount, activeSubjectCount: $activeSubjectCount, missedDays: $missedDays, repo: $repo, invites: $invites, participants: $participants, participantsProgress: $participantsProgress, createdAt: $createdAt}';
  }
 
  @override

diff --git a/database/migration/20240526_migrate_close_study.sql b/database/migration/20240526_migrate_close_study.sql
@@ -0,0 +1,146 @@
+-- todo move to studyu-schema.sql
+
+CREATE TYPE public.study_status AS ENUM (
+ 'draft',
+ 'running',
+ 'closed'
+);
+
+ALTER TABLE public.study
+ADD COLUMN status public.study_status DEFAULT 'draft'::public.study_status NOT NULL;
+
+-- Migrate existing studies from published to study_status
+UPDATE public.study SET status = CASE
+ WHEN status != 'draft'::public.study_status THEN status
+ WHEN published THEN 'running'::public.study_status
+ ELSE status
+END;
+
+-- Migrate policy
+DROP POLICY "Editors can do everything with their studies" ON public.study;
+
+CREATE POLICY "Editors can view their studies" ON public.study FOR SELECT USING (auth.uid() = user_id);
+
+CREATE POLICY "Editor can control their draft studies" ON public.study
+ USING (public.can_edit(auth.uid(), study.*) AND status = 'draft'::public.study_status);
+
+-- Editors can only update registry_published and resultSharing
+--grant update (registry_published, result_sharing) on public.study USING (public.can_edit(auth.uid(), study.*);
+--CREATE POLICY "Editors can only update registry_published and resultSharing" ON public.study
+-- FOR UPDATE
+-- USING (public.can_edit(auth.uid(), study.*))
+-- WITH CHECK ((new.*) IS NOT DISTINCT FROM (old.* EXCEPT registry_published, result_sharing));
+-- todo solve with trigger or function
+-- or create view with only updatable columns and provide permission on view see https://dba.stackexchange.com/questions/298931/allow-users-to-modify-only-some-but-not-all-fields-in-a-postgresql-table-with
+
+-- https://stackoverflow.com/questions/72756376/supabase-solutions-for-column-level-security
+
+-- https://github.com/orgs/supabase/discussions/656#discussioncomment-5594653
+CREATE OR REPLACE FUNCTION public.allow_updating_only()
+ RETURNS trigger
+ LANGUAGE plpgsql
+AS $function$
+DECLARE
+ whitelist TEXT[] := TG_ARGV::TEXT[];
+ schema_table TEXT;
+ column_name TEXT;
+ rec RECORD;
+ new_value TEXT;
+ old_value TEXT;
+BEGIN
+ schema_table := concat(TG_TABLE_SCHEMA, '.', TG_TABLE_NAME);
+
+ -- If RLS is not active on current table for function invoker, early return
+ IF NOT row_security_active(schema_table) THEN
+ RETURN NEW;
+ END IF;
+
+ -- Otherwise, loop on all columns of the table schema
+ FOR rec IN (
+ SELECT col.column_name
+ FROM information_schema.columns as col
+ WHERE table_schema = TG_TABLE_SCHEMA
+ AND table_name = TG_TABLE_NAME
+ ) LOOP
+ -- If the current column is whitelisted, early continue
+ column_name := rec.column_name;
+ IF column_name = ANY(whitelist) THEN
+ CONTINUE;
+ END IF;
+
+ -- If not whitelisted, execute dynamic SQL to get column value from OLD and NEW records
+ EXECUTE format('SELECT ($1).%I, ($2).%I', column_name, column_name)
+ INTO new_value, old_value
+ USING NEW, OLD;
+
+ -- Raise exception if column value changed
+ IF new_value IS DISTINCT FROM old_value THEN
+ RAISE EXCEPTION 'Unauthorized change to "%"', column_name;
+ END IF;
+ END LOOP;
+
+ -- RLS active, but no exception encountered, clear to proceed.
+ RETURN NEW;
+END;
+$function$;
+
+CREATE OR REPLACE FUNCTION public.check_study_update_permissions()
+ RETURNS trigger
+ LANGUAGE plpgsql
+AS $function$
+BEGIN
+ -- todo check if this is needed, because the policy should already prevent modification of foreign studies
+ --IF study_param.user_id != auth.uid() THEN
+ -- RAISE EXCEPTION 'Only the owner can update the status';
+ --END IF;
+
+ -- check if old.status is not draft and if yes check if allow_updating_only includes registry_published and result_sharing otherwise raise exception
+ IF OLD.status != 'draft'::public.study_status THEN
+ PERFORM public.allow_updating_only(ARRAY['registry_published', 'result_sharing']);
+ -- dont allow to update status directly
+ IF NEW.status != OLD.status THEN
+ RAISE EXCEPTION 'Study.status can only be updated using the `public.update_study_status` function';
+ END IF;
+ END IF;
+
+ RETURN NEW;
+END;
+$function$;
+
+CREATE OR REPLACE TRIGGER study_status_update_permissions
+ BEFORE UPDATE
+ ON public.study
+ FOR EACH ROW
+ EXECUTE FUNCTION public.check_study_update_permissions();
+
+-- todo use this function to update status in designer
+-- Owners can update status
+CREATE FUNCTION public.update_study_status(study_param public.study) RETURNS VOID
+ LANGUAGE plpgsql -- SECURITY DEFINER
+ AS $$
+BEGIN
+ --IF study_param.user_id != auth.uid() THEN
+ -- RAISE EXCEPTION 'Only the owner can update the status';
+ --END IF;
+ -- Increment the study.status
+ UPDATE public.study
+ SET status = CASE
+ WHEN study_param.status = 'draft'::public.study_status THEN 'running'::public.study_status
+ WHEN study_param.status = 'running'::public.study_status THEN 'closed'::public.study_status
+ ELSE study_param.status
+ END
+ WHERE id = study_param.id;
+END;
+$$;
+
+ALTER FUNCTION public.update_study_status(public.study) OWNER TO postgres;
+
+CREATE POLICY "Joining a closed study should not be possible" ON public.study_subject
+ AS RESTRICTIVE
+ FOR INSERT
+ WITH CHECK (NOT EXISTS (
+ SELECT 1
+ FROM public.study
+ WHERE study.id = study_subject.study_id
+ AND study.status = 'closed'::public.study_status
+));
diff --git a/database/migration/migrate-close_study.sql b/database/migration/migrate-close_study.sql
diff --git a/database/studyu-schema.sql b/database/studyu-schema.sql
@@ -80,8 +80,8 @@ CREATE TABLE public.study (
  title text NOT NULL,
  description text NOT NULL,
  icon_name text NOT NULL,
+ -- published is deprecated, use status instead
  published boolean DEFAULT false NOT NULL,
- is_closed boolean DEFAULT false NOT NULL,
  registry_published boolean DEFAULT false NOT NULL,
  questionnaire jsonb NOT NULL,
  eligibility_criteria jsonb NOT NULL,
@@ -836,20 +836,6 @@ CREATE POLICY "Editors can see subjects from their studies" ON public.study_subj
 CREATE POLICY "Invite code needs to be valid (not possible in the app)" ON public.study_subject AS RESTRICTIVE FOR INSERT WITH CHECK (((invite_code IS NULL) OR (study_id IN ( SELECT code_fun.study_id
  FROM public.get_study_from_invite(study_subject.invite_code) code_fun(study_id, preselected_intervention_ids)))));
 
---
--- Name: study_subject Joining a closed study should not be possible; Type: POLICY; Schema: public; Owner: postgres
---
-
-CREATE POLICY "Joining a closed study should not be possible" ON public.study_subject
-AS RESTRICTIVE
-FOR INSERT
-WITH CHECK (NOT EXISTS (
- SELECT 1
- FROM public.study
- WHERE study.id = study_subject.study_id
- AND study.is_closed
-));
-
 --
 -- Name: subject_progress Editors can see their study subjects progress; Type: POLICY; Schema: public; Owner: postgres
 --

diff --git a/designer_v2/lib/domain/study.dart b/designer_v2/lib/domain/study.dart
@@ -113,8 +113,7 @@ extension StudyDuplicateX on Study {
  copy.resetJsonIgnoredAttributes();
  copy.title = (copy.title ?? '').withDuplicateLabel();
  copy.userId = userId;
- copy.published = false;
- copy.isClosed = false;
+ copy.status = StudyStatus.draft;
  copy.resultSharing = ResultSharing.private;
  copy.registryPublished = false;
  copy.results = [];
@@ -141,7 +140,7 @@ extension StudyDuplicateX on Study {
  final copy = Study.fromJson(toJson());
  copy.copyJsonIgnoredAttributes(from: this, createdAt: true);
  copy.resetParticipantData();
- copy.published = true;
+ copy.status = StudyStatus.running;
  return copy;
  }
 

diff --git a/designer_v2/lib/features/recruit/study_recruit_page.dart b/designer_v2/lib/features/recruit/study_recruit_page.dart
@@ -55,7 +55,7 @@ class StudyRecruitScreen extends StudyPageWidget {
  @override
  Widget? banner(BuildContext context, WidgetRef ref) {
  final state = ref.watch(studyRecruitControllerProvider(studyId));
- final isStudyClosed = state.studyWithMetadata?.model.isClosed == true;
+ final isStudyClosed = state.studyWithMetadata!.model.isClosed;
 
  if (isStudyClosed) {
  return BannerBox(
@@ -74,7 +74,6 @@ class StudyRecruitScreen extends StudyPageWidget {
  ]),
  style: BannerStyle.info);
  }
-
  return null;
  }
 

diff --git a/designer_v2/lib/features/study/study_controller_state.dart b/designer_v2/lib/features/study/study_controller_state.dart
@@ -15,7 +15,7 @@ class StudyControllerState extends StudyControllerBaseState implements IStudyApp
  this.lastSynced,
  });
 
- bool get isPublished => study.value != null && study.value!.published;
+ bool get isPublished => study.value != null && study.value!.status == StudyStatus.running;
 
  // - ISyncIndicatorViewModel
 

diff --git a/designer_v2/lib/repositories/model_repository.dart b/designer_v2/lib/repositories/model_repository.dart
@@ -304,7 +304,7 @@ abstract class ModelRepository<T> extends IModelRepository<T> {
  if (fetchOnSubscribe) {
  if (!(wrappedModel != null && wrappedModel.isLocalOnly)) {
  fetch(modelId).catchError((e) {
- if (!modelController.isClosed) {
+ if (!modelController.closed) {
  modelController.addError(e);
  }
  return e;

diff --git a/designer_v2/lib/repositories/study_repository.dart b/designer_v2/lib/repositories/study_repository.dart
@@ -106,7 +106,7 @@ class StudyRepository extends ModelRepository<Study> implements IStudyRepository
  }
 
  Future<void> onCloseCallback() {
- model.isClosed = true;
+ model.status = StudyStatus.closed;
  return save(model).then((value) => ref.read(routerProvider).dispatch(RoutingIntents.studies)).then((value) =>
  Future.delayed(const Duration(milliseconds: 200),
  () => ref.read(notificationServiceProvider).show(Notifications.studyClosed)));