Fix view access for genomes

Author: lmrodriguezr

app/controllers/genomes_controller.rb

@@ -84,9 +84,14 @@ def sample_map
   end
 
   private
-    # Use callbacks to share common setup or constraints between actions.
+    # Use callbacks to share common setup or constraints between actions
     def set_genome
       @genome = Genome.find(params[:id])
+
+      if @genome && !@genome.can_view?(current_user, cookies[:reviewer_token])
+        flash[:alert] = 'User cannot see genome'
+        redirect_to(root_path)
+      end
     end
 
     def set_name

app/models/genome.rb

@@ -318,6 +318,14 @@ def can_edit?(user)
       names.all? { |name| name.can_edit?(user) }
   end
 
+  def can_view?(user, token = nil)
+    if names.empty?
+      database == 'pending' ? user&.curator? : true
+    else
+      names.any? { |n| n.can_view?(user, token) }
+    end
+  end
+
   # MiGA Checks
 
   def miga_name

app/views/genomes/_genome.html.erb

@@ -216,7 +216,8 @@ end
         </div>
       <% else %>
         <%=
-          @genome.auto_check ? 'Complete' :
+          @genome.database == 'pending' ? 'Postponed' :
+            @genome.auto_check ? 'Complete' :
             @genome.kind? ? 'Scheduled' : 'Missing information'
         %>
       <% end %>

lib/tasks/evaluate_genomes.rake

@@ -35,7 +35,7 @@ namespace :genomes do
     p_path = File.join(Rails.root, '..', 'miga_check')
     genomes = Genome.where(
       auto_check: false, auto_scheduled_at: nil, auto_failed: nil
-    ).where.not(kind: nil)
+    ).where.not(database: 'pending').where.not(kind: nil)
 
     genomes.each_with_index do |genome, k|
       $stderr.puts 'Download genomes:' if k == 0