Skip to content

[DT-3258] Ensure that FSOs are limited to DAAs for this DAO.#2902

Open
otchet-broad wants to merge 1 commit into
developfrom
otchet-dt-3258-DAA-FSOs-only
Open

[DT-3258] Ensure that FSOs are limited to DAAs for this DAO.#2902
otchet-broad wants to merge 1 commit into
developfrom
otchet-dt-3258-DAA-FSOs-only

Conversation

@otchet-broad
Copy link
Copy Markdown
Contributor

@otchet-broad otchet-broad commented May 12, 2026

Addresses

https://broadworkbench.atlassian.net/browse/DT-3258

Summary

Limits retrieval of FSOs to data access agreements when including FSOs.

Have you read CONTRIBUTING.md lately? If not, do that first.

  • Label PR with a Jira ticket number and include a link to the ticket
  • Label PR with a security risk modifier [no, low, medium, high]
  • PR describes scope of changes
  • Get a minimum of one thumbs worth of review, preferably two if enough team members are available
  • Get PO sign-off for all non-trivial UI or workflow changes
  • Verify all tests go green
  • Test this change deployed correctly and works on dev environment after deployment

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 12, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@otchet-broad otchet-broad marked this pull request as ready for review May 12, 2026 12:39
@otchet-broad otchet-broad requested a review from a team as a code owner May 12, 2026 12:39
@otchet-broad otchet-broad requested review from Copilot, fboulnois, kevinmarete and rushtong and removed request for a team May 12, 2026 12:39
rushtong
rushtong approved these changes May 12, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@rushtong rushtong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you 👍🏽

Comment thread src/test/java/org/broadinstitute/consent/http/db/DaaDAOTest.java
Instant.now());
fileStorageObjectDAO.insertNewFile(
randomAlphabetic(10),
FileCategory.ALTERNATIVE_DATA_SHARING_PLAN.getValue(),
Copy link
Copy Markdown
Contributor

@rushtong rushtong May 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice 👍🏽

Copilot AI reviewed May 12, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses DT-3258 by ensuring DaaDAO only attaches FileStorageObjects (FSOs) that represent Data Access Agreements when DAAs are fetched, preventing unrelated file categories from being returned as the DAA “file”.

Changes:

  • Updated DaaDAO SQL queries to scope the file_storage_object join to category = 'dataAccessAgreement'.
  • Added/extended DAO tests to validate that DAAs only return the correct-category FSO even when other FSOs exist for the same entity_id.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 5 comments.

File Description
src/main/java/org/broadinstitute/consent/http/db/DaaDAO.java Restricts FSO joins to the dataAccessAgreement category when fetching DAAs.
src/test/java/org/broadinstitute/consent/http/db/DaaDAOTest.java Adds coverage to ensure only the DAA-category file is returned when multiple FSOs exist.

Comment thread src/main/java/org/broadinstitute/consent/http/db/DaaDAO.java
Comment on lines 68 to 72
dac.description
FROM data_access_agreement daa
LEFT JOIN file_storage_object fso ON daa.daa_id::text = fso.entity_id
LEFT JOIN file_storage_object fso ON daa.daa_id::text = fso.entity_id AND fso.category = 'dataAccessAgreement'
LEFT JOIN dac_daa dd ON daa.daa_id = dd.daa_id
LEFT JOIN dac ON dd.dac_id = dac.dac_id AND dac.deleted IS NOT TRUE
Comment thread src/main/java/org/broadinstitute/consent/http/db/DaaDAO.java
Comment on lines 109 to 113
dac.description
FROM data_access_agreement daa
LEFT JOIN file_storage_object fso ON daa.daa_id::text = fso.entity_id
LEFT JOIN file_storage_object fso ON daa.daa_id::text = fso.entity_id AND fso.category = 'dataAccessAgreement'
LEFT JOIN dac_daa dd ON daa.daa_id = dd.daa_id
LEFT JOIN dac ON dd.dac_id = dac.dac_id AND dac.deleted IS NOT TRUE
Comment thread src/main/java/org/broadinstitute/consent/http/db/DaaDAO.java
dac.description
FROM data_access_agreement daa
LEFT JOIN file_storage_object fso ON daa.daa_id::text = fso.entity_id
LEFT JOIN file_storage_object fso ON daa.daa_id::text = fso.entity_id AND fso.category = 'dataAccessAgreement'
Comment thread src/main/java/org/broadinstitute/consent/http/db/DaaDAO.java
dac.description
FROM data_access_agreement daa
LEFT JOIN file_storage_object fso ON daa.daa_id::text = fso.entity_id
LEFT JOIN file_storage_object fso ON daa.daa_id::text = fso.entity_id AND fso.category = 'dataAccessAgreement'
Comment thread src/test/java/org/broadinstitute/consent/http/db/DaaDAOTest.java
}

@Test
void testFindAllDacOnlyProperFileCategory() {
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@rushtong rushtong rushtong approved these changes

@fboulnois fboulnois Awaiting requested review from fboulnois fboulnois is a code owner automatically assigned from DataBiosphere/dsp-data-team-eng

@kevinmarete kevinmarete Awaiting requested review from kevinmarete

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@otchet-broad @rushtong