update api security config

bprize15 · bprize15 · commit e6e6b67c671a · 2025-03-03T14:24:17.000-05:00
diff --git a/src/main/java/org/mskcc/cbio/oncokb/config/SecurityConfiguration.java b/src/main/java/org/mskcc/cbio/oncokb/config/SecurityConfiguration.java
@@ -94,7 +94,7 @@ public void configure(HttpSecurity http) throws Exception {
             .antMatchers("/api/slack").permitAll()
             // Permits the api swagger definitions through proxy
             .antMatchers("/api/v1/v2/api-docs").permitAll()
-            .antMatchers("/api/private/utils/data/**").hasAnyAuthority(AuthoritiesConstants.DATA_DOWNLOAD)
+            .antMatchers("/api/private/utils/data/**").hasAnyAuthority(AuthoritiesConstants.DATA_DOWNLOAD, AuthoritiesConstants.PREMIUM_USER)
 
             .antMatchers("/api/v1/annotate/sample").hasAnyAuthority(AuthoritiesConstants.PREMIUM_USER, AuthoritiesConstants.ADMIN) // Order matters here
             .antMatchers("/api/v1/annotate/**").hasAnyAuthority(AuthoritiesConstants.API, AuthoritiesConstants.ROLE_SERVICE_ACCOUNT)
@@ -113,9 +113,9 @@ public void configure(HttpSecurity http) throws Exception {
             .antMatchers("/api/v1/annotation/search").hasAnyAuthority(AuthoritiesConstants.PREMIUM_USER, AuthoritiesConstants.ADMIN)
             .antMatchers("/api/v1/drugs").hasAnyAuthority(AuthoritiesConstants.PREMIUM_USER, AuthoritiesConstants.ADMIN)
             .antMatchers("/api/v1/utils/allActionableVariants").hasAnyAuthority(AuthoritiesConstants.PREMIUM_USER, AuthoritiesConstants.ADMIN)
-            .antMatchers("/api/v1/utils/allActionableVariants.txt").hasAnyAuthority(AuthoritiesConstants.PREMIUM_USER, AuthoritiesConstants.ADMIN)
+            .antMatchers("/api/v1/utils/allActionableVariants.txt").hasAnyAuthority(AuthoritiesConstants.PREMIUM_USER, AuthoritiesConstants.ADMIN, AuthoritiesConstants.DATA_DOWNLOAD)
             .antMatchers("/api/v1/utils/allAnnotatedVariants").hasAnyAuthority(AuthoritiesConstants.PREMIUM_USER, AuthoritiesConstants.ADMIN)
-            .antMatchers("/api/v1/utils/allAnnotatedVariants.txt").hasAnyAuthority(AuthoritiesConstants.PREMIUM_USER, AuthoritiesConstants.ADMIN)
+            .antMatchers("/api/v1/utils/allAnnotatedVariants.txt").hasAnyAuthority(AuthoritiesConstants.PREMIUM_USER, AuthoritiesConstants.ADMIN, AuthoritiesConstants.DATA_DOWNLOAD)
             .antMatchers("/api/v1/utils/allVariantsOfUnknownSignificance").hasAnyAuthority(AuthoritiesConstants.PREMIUM_USER, AuthoritiesConstants.ADMIN)
             .antMatchers("/api/v1/utils/allVariantsOfUnknownSignificance.txt").hasAnyAuthority(AuthoritiesConstants.PREMIUM_USER, AuthoritiesConstants.ADMIN)
 
diff --git a/src/main/webapp/app/pages/apiAccessGroup/APIAccessPage.tsx b/src/main/webapp/app/pages/apiAccessGroup/APIAccessPage.tsx
@@ -83,41 +83,35 @@ const DownloadButtonGroups: React.FunctionComponent<{
           buttonText="Cancer Gene List"
         />
       ) : null}
-      {props.authenticationStore.account?.authorities.includes(
-        USER_AUTHORITY.ROLE_PREMIUM_USER
-      ) && (
-        <>
-          {props.data.hasAllActionableVariants && (
-            <AuthDownloadButton
-              className={BUTTON_CLASS_NAME}
-              fileName={`all_actionable_variants_${props.data.version}.tsv`}
-              getDownloadData={async () => {
-                const data = await oncokbClient.utilsAllActionableVariantsTxtGetUsingGET(
-                  {
-                    version: props.data.version,
-                  }
-                );
-                return data;
-              }}
-              buttonText="All Actionable Variants"
-            />
-          )}
-          {props.data.hasAllAnnotatedVariants && (
-            <AuthDownloadButton
-              className={BUTTON_CLASS_NAME}
-              fileName={`all_annotated_variants_${props.data.version}.tsv`}
-              getDownloadData={async () => {
-                const data = await oncokbClient.utilsAllAnnotatedVariantsTxtGetUsingGET(
-                  {
-                    version: props.data.version,
-                  }
-                );
-                return data;
-              }}
-              buttonText="All Annotated Variants"
-            />
-          )}
-        </>
+      {props.data.hasAllActionableVariants && (
+        <AuthDownloadButton
+          className={BUTTON_CLASS_NAME}
+          fileName={`all_actionable_variants_${props.data.version}.tsv`}
+          getDownloadData={async () => {
+            const data = await oncokbClient.utilsAllActionableVariantsTxtGetUsingGET(
+              {
+                version: props.data.version,
+              }
+            );
+            return data;
+          }}
+          buttonText="All Actionable Variants"
+        />
+      )}
+      {props.data.hasAllAnnotatedVariants && (
+        <AuthDownloadButton
+          className={BUTTON_CLASS_NAME}
+          fileName={`all_annotated_variants_${props.data.version}.tsv`}
+          getDownloadData={async () => {
+            const data = await oncokbClient.utilsAllAnnotatedVariantsTxtGetUsingGET(
+              {
+                version: props.data.version,
+              }
+            );
+            return data;
+          }}
+          buttonText="All Annotated Variants"
+        />
       )}
       {props.data.hasSqlDump ? (
         <>
@@ -288,9 +282,12 @@ export default class APIAccessPage extends React.Component<{
                   </div>
                 </div>
                 {this.props.authenticationStore.account &&
-                this.props.authenticationStore.account.authorities.includes(
+                (this.props.authenticationStore.account.authorities.includes(
                   USER_AUTHORITY.ROLE_DATA_DOWNLOAD
-                ) ? (
+                ) ||
+                  this.props.authenticationStore.account.authorities.includes(
+                    USER_AUTHORITY.ROLE_PREMIUM_USER
+                  )) ? (
                   <>
                     <div className={'mb-3'}>
                       <h5 className="title">Data Download</h5>
