// Authorize users to be curators or collaborators for this gene, and/or define the order in which they're shown.
$sID = rawurldecode($_PE[1]);
// 2015-07-22; 3.0-14; Drop usage of CURRENT_PATH in favor of fixed $sID which may have a gene symbol with incorrect case.
// Now fix possible issues with capitalization. inc-init.php does this for $_SESSION['currdb'], but we're using $sID.
$sVerifiedID = $_DB->query('SELECT id FROM ' . TABLE_GENES . ' WHERE id = ?', array($sID))->fetchColumn();
if (!$sVerifiedID) {
define('PAGE_TITLE', 'Manage curators for the ' . $sID . ' gene');
$_T->printHeader();
$_T->printTitle();
lovd_showInfoTable('No such ID!', 'stop');
$_T->printFooter();
exit;
}
$sID = $sVerifiedID;
// Load appropriate user level for this gene.
lovd_isAuthorized('gene', $sID);
if (ACTION == 'authorize' && $_AUTH['level'] < LEVEL_MANAGER) {
header('Location: ' . lovd_getInstallURL() . $_PE[0] . '/' . $sID . '?sortCurators');
exit;
}
if (ACTION == 'authorize') {
define('PAGE_TITLE', 'Authorize curators for the ' . $sID . ' gene');
define('LOG_EVENT', 'CuratorAuthorize');
// Require manager clearance.
lovd_requireAUTH(LEVEL_MANAGER);
} else {
define('PAGE_TITLE', 'Sort curators for the ' . $sID . ' gene');
define('LOG_EVENT', 'CuratorSort');
// Require manager clearance.
lovd_requireAUTH(LEVEL_CURATOR);
}
}
lovd_viewForm($aForm);
print '</FORM>' . "\n\n";
$_T->printFooter();
exit;
}
if (PATH_COUNT == 3 && ctype_digit($_PE[1]) && $_PE[2] == 'columns' && ACTION == 'order') {
// URL: /diseases/00001/columns?order
// Change order of enabled columns for this disease.
$nID = sprintf('%05d', $_PE[1]);
define('PAGE_TITLE', 'Change order of enabled custom data columns for disease #' . $nID);
define('LOG_EVENT', 'ColumnOrder');
$_T->printHeader();
$_T->printTitle();
// Load appropriate user level for this disease.
lovd_isAuthorized('disease', $nID);
// This call will make database queries if necessary.
lovd_requireAUTH(LEVEL_CURATOR);
$sUnit = 'disease';
$sCategory = 'Phenotype';
if (POST) {
$_DB->beginTransaction();
foreach ($_POST['columns'] as $nOrder => $sColID) {
$nOrder++;
// Since 0 is the first key in the array.
$_DB->query('UPDATE ' . TABLE_SHARED_COLS . ' SET col_order = ? WHERE ' . $sUnit . 'id = ? AND colid = ?', array($nOrder, $nID, $sCategory . '/' . $sColID));
}
$_DB->commit();
// Write to log...
lovd_writeLog('Event', LOG_EVENT, 'Updated the column order for ' . $sUnit . ' ' . $nID);
// Thank the user...
$_DB->beginTransaction();
if ($_AUTH['level'] == LEVEL_OWNER) {
// If the user is not a curator or a higher, then the status will be set from "In Progress" to "Pending".
if (!empty($aSubmit['variants'])) {
$q = $_DB->query('UPDATE ' . TABLE_VARIANTS . ' SET statusid = ? WHERE id IN (?' . str_repeat(', ?', count($aSubmit['variants']) - 1) . ')', array_merge(array(STATUS_PENDING), $aSubmit['variants']));
}
if (!empty($aSubmit['phenotypes'])) {
$q = $_DB->query('UPDATE ' . TABLE_PHENOTYPES . ' SET statusid = ? WHERE id IN (?' . str_repeat(', ?', count($aSubmit['phenotypes']) - 1) . ')', array_merge(array(STATUS_PENDING), $aSubmit['phenotypes']));
}
if ($_PE[2] == 'individual') {
$q = $_DB->query('UPDATE ' . TABLE_INDIVIDUALS . ' SET statusid = ? WHERE id = ?', array(STATUS_PENDING, $nID));
}
} elseif ($_AUTH['level'] == LEVEL_CURATOR && !empty($aSubmit['variants'])) {
foreach ($aSubmit['variants'] as $nVariantID) {
// $_AUTH['level'] will be set here to properly check the level for this variant. We have to keep in mind that the $_AUTH['level'] of the individual/screening check is overwritten.
lovd_isAuthorized('variant', $nVariantID, true);
if ($_AUTH['level'] == LEVEL_OWNER) {
$q = $_DB->query('UPDATE ' . TABLE_VARIANTS . ' SET statusid = ? WHERE id = ?', array_merge(array(STATUS_PENDING), array($nVariantID)));
}
}
}
$_DB->commit();
// Remove the submission information from $_SESSION and close the session file, so that other scripts can use it without having to wait for this script to finish.
unset($_SESSION['work']['submits'][$_PE[2]][$nID]);
if (isset($_AUTH['saved_work']['submissions'][$_PE[2]][$nID])) {
unset($_AUTH['saved_work']['submissions'][$_PE[2]][$nID]);
lovd_saveWork();
}
} else {
if ($_PE[2] != 'individual') {
$aSubmit[$_PE[2] . 's'] = array($nID);
if (empty($_GET['id']) || empty($_GET['object']) || !preg_match('/^[A-Z_]+$/i', $_GET['object'])) {
die(AJAX_DATA_ERROR);
}
// The required security to load the viewEntry() depends on the data that is shown.
// To prevent security problems if we forget to set a requirement here, we default to LEVEL_ADMIN.
$aNeededLevel = array('Transcript_Variant' => 0);
if (isset($aNeededLevel[$_GET['object']])) {
$nNeededLevel = $aNeededLevel[$_GET['object']];
} else {
$nNeededLevel = LEVEL_ADMIN;
}
// Call isAuthorized() on the object. NB: isAuthorized() modifies the global
// $_AUTH for curators, owners and colleagues.
if ($_GET['object'] == 'Transcript_Variant') {
list($nVariantID, $nTranscriptID) = explode(',', $_GET['id']);
lovd_isAuthorized('variant', $nVariantID);
}
// FIXME; other lovd_isAuthorized() calls?
// Require special clearance?
if ($nNeededLevel && (!$_AUTH || $_AUTH['level'] < $nNeededLevel)) {
// If not authorized, die with error message.
die(AJAX_NO_AUTH);
}
if (FORMAT == 'text/plain' && !defined('FORMAT_ALLOW_TEXTPLAIN')) {
die(AJAX_NO_AUTH);
}
$sFile = ROOT_PATH . 'class/object_' . strtolower($_GET['object']) . 's.php';
if (!file_exists($sFile)) {
header('HTTP/1.0 404 Not Found');
exit;
}
* along with LOVD. If not, see <http://www.gnu.org/licenses/>.
*
*************/
define('ROOT_PATH', './');
require ROOT_PATH . 'inc-init.php';
if ($_AUTH) {
// If authorized, check for updates.
require ROOT_PATH . 'inc-upgrade.php';
}
if (!ACTION && !empty($_PE[1]) && !ctype_digit($_PE[1])) {
// URL: /view/DMD
// URL: /view/DMD/NM_004006.2
// View all entries in a specific gene, affecting a specific trancript, with all joinable data.
$sGene = $_DB->query('SELECT id FROM ' . TABLE_GENES . ' WHERE id = ?', array(rawurldecode($_PE[1])))->fetchColumn();
if ($sGene) {
lovd_isAuthorized('gene', $sGene);
// To show non public entries.
// Curators are allowed to download this list...
if ($_AUTH['level'] >= LEVEL_CURATOR) {
define('FORMAT_ALLOW_TEXTPLAIN', true);
}
// Overview is given per transcript. If there is only one, it will be mentioned. If there are more, you will be able to select which one you'd like to see.
$aTranscripts = $_DB->query('SELECT t.id, t.id_ncbi FROM ' . TABLE_TRANSCRIPTS . ' AS t LEFT JOIN ' . TABLE_VARIANTS_ON_TRANSCRIPTS . ' AS vot ON (t.id = vot.transcriptid) WHERE t.geneid = ? AND vot.id IS NOT NULL', array($sGene))->fetchAllCombine();
$nTranscripts = count($aTranscripts);
// If NM is mentioned, check if exists for this gene. If not, reload page without NM. Otherwise, restrict $aTranscripts.
if (!empty($_PE[2])) {
$nTranscript = array_search($_PE[2], $aTranscripts);
if ($nTranscript === false) {
// NM does not exist. Throw error or just simply redirect?
header('Location: ' . lovd_getInstallURL() . $_PE[0] . '/' . $_PE[1]);
exit;
print ' <FORM action="' . CURRENT_PATH . '?edit" method="post">' . "\n";
// Array which will make up the form table.
$aForm = array_merge($_DATA->getForm(), array(array('', '', 'print', '<INPUT type="submit" value="Edit individual information entry">' . ($bSubmit ? ' <INPUT type="submit" value="Cancel" onclick="window.location.href=\'' . lovd_getInstallURL() . 'submit/individual/' . $nID . '\'; return false;" style="border : 1px solid #FF4422;">' : ''))));
lovd_viewForm($aForm);
print '</FORM>' . "\n\n";
$_T->printFooter();
exit;
}
if (PATH_COUNT == 2 && ctype_digit($_PE[1]) && ACTION == 'delete') {
// URL: /individuals/00000001?delete
// Drop specific entry.
$nID = sprintf('%08d', $_PE[1]);
define('PAGE_TITLE', 'Delete individual information entry ' . $nID);
define('LOG_EVENT', 'IndividualDelete');
// FIXME: What if individual also contains other user's data?
lovd_isAuthorized('individual', $nID);
lovd_requireAUTH(LEVEL_CURATOR);
require ROOT_PATH . 'class/object_individuals.php';
$_DATA = new LOVD_Individual();
$zData = $_DATA->loadEntry($nID);
require ROOT_PATH . 'inc-lib-form.php';
if (!empty($_POST)) {
lovd_errorClean();
// Mandatory fields.
if (empty($_POST['password'])) {
lovd_errorAdd('password', 'Please fill in the \'Enter your password for authorization\' field.');
}
// User had to enter his/her password for authorization.
if ($_POST['password'] && !lovd_verifyPassword($_POST['password'], $_AUTH['password'])) {
lovd_errorAdd('password', 'Please enter your correct password for authorization.');
}
// No problems left, just check now if insert is necessary or not.
if (!$bIndInDB || !$bDiseaseInDB || $sMode == 'insert' && ($bIndInFile || $bDiseaseInFile)) {
// Individual not in database, Disease not in database or we're inserting and one of the two is in the file, so flag this to be inserted!
$aLine['todo'] = 'insert';
} else {
// Individual & Disease are already in the DB, check if we can't find this combo in the DB, it needs to be inserted. Otherwise, we'll ignore it.
$bInDB = $_DB->query('SELECT COUNT(*) FROM ' . TABLE_IND2DIS . ' WHERE individualid = ? AND diseaseid = ?', array($aLine['individualid'], $aLine['diseaseid']))->fetchColumn();
if (!$bInDB) {
$aLine['todo'] = 'insert';
}
}
}
if (isset($aLine['todo']) && $aLine['todo'] == 'insert') {
// Inserting, check rights, but only if we're handling an individual *not* in the file, but in the database.
// Note: file gets preference over database, so we can't just check for $bIndInDB.
if ($_AUTH['level'] < LEVEL_MANAGER && !$bIndInFile && !lovd_isAuthorized('individual', $aLine['individualid'], false)) {
lovd_errorAdd('import', 'Error (' . $sCurrentSection . ', line ' . $nLine . '): Access denied, you are not authorized to connect this individual to this disease.');
}
}
break;
case 'Phenotypes':
// FIXME: Check references only if we don't have a $zData OR $zData['referenceid'] is different from now?
// Actually, do we allow references to change during an edit?
// Check references.
$nNewID = !isset($aParsed['Diseases']['data'][(int) $aLine['diseaseid']]['newID']) ? false : $aParsed['Diseases']['data'][(int) $aLine['diseaseid']]['newID'];
if ($nNewID !== false) {
$bDiseaseInDB = isset($aParsed['Diseases']['ids'][(int) $nNewID]);
} else {
$bDiseaseInDB = isset($aParsed['Diseases']['ids'][(int) $aLine['diseaseid']]);
}
$bDiseaseInFile = isset($aParsed['Diseases']['data'][(int) $aLine['diseaseid']]);
// URL: /columns/Phenotype/Blood_pressure/Systolic?remove
// Disable specific custom column.
$aCol = $_PE;
unset($aCol[0]);
// 'columns';
$sColumnID = implode('/', $aCol);
$sCategory = $aCol[1];
define('PAGE_TITLE', 'Remove custom data column ' . $sColumnID);
define('LOG_EVENT', 'ColRemove');
// Require form & column functions.
require ROOT_PATH . 'inc-lib-form.php';
require_once ROOT_PATH . 'inc-lib-columns.php';
// Required clearance depending on which type of column is being added.
$aTableInfo = lovd_getTableInfoByCategory($sCategory);
if ($aTableInfo['shared']) {
lovd_isAuthorized('gene', $_AUTH['curates']);
// Any gene will do.
lovd_requireAUTH(LEVEL_CURATOR);
} else {
lovd_requireAUTH(LEVEL_MANAGER);
}
$zData = $_DB->query('SELECT c.*, SUBSTRING(c.id, LOCATE("/", c.id)+1) AS colid FROM ' . TABLE_COLS . ' AS c INNER JOIN ' . TABLE_ACTIVE_COLS . ' AS ac ON (c.id = ac.colid) WHERE c.id = ? AND c.hgvs = 0', array($sColumnID))->fetchAssoc();
if (!$zData) {
$_T->printHeader();
$_T->printTitle();
lovd_showInfoTable('No such ID!', 'stop');
$_T->printFooter();
exit;
}
if (!POST && !empty($_GET['target'])) {
$_POST['target'] = $_GET['target'];
function checkFields($aData, $zData = false)
{
// Checks fields before submission of data.
global $_AUTH, $_DB;
$bImport = lovd_getProjectFile() == '/import.php';
$bCreate = ACTION && ACTION == 'create' || $bImport && !$zData;
// Mandatory fields.
$this->aCheckMandatory = array('symbol', 'name');
$aData = parent::checkFields($aData);
if (!empty($aData['id_omim']) && !preg_match('/^[1-9]\\d{5}$/', $aData['id_omim'])) {
lovd_errorAdd('id_omim', 'The OMIM ID has to be six digits long and cannot start with a \'0\'.');
}
// Two diseases with the same OMIM ID are not allowed.
if (!empty($aData['id_omim']) && ($bCreate || $aData['id_omim'] != $zData['id_omim'])) {
$bExists = $_DB->query('SELECT id FROM ' . TABLE_DISEASES . ' WHERE id_omim = ?', array($aData['id_omim']))->fetchColumn();
if ($bExists) {
// IMPORTANT: when you change this message, also change the array_search argument in import.php in the Disease section.
lovd_errorAdd('id_omim', 'Another disease already exists with this OMIM ID!');
}
}
// We don't like two diseases with the exact same name, either.
if (!empty($aData['name']) && ($bCreate || $aData['name'] != $zData['name'])) {
$bExists = $_DB->query('SELECT id FROM ' . TABLE_DISEASES . ' WHERE name = ?', array($aData['name']))->fetchColumn();
if ($bExists && ($bCreate || $zData['id'] != $bExists)) {
// IMPORTANT: when you change this message, also change the array_search argument in import.php in the Disease section.
lovd_errorAdd('name', 'Another disease already exists with the same name!');
}
}
if (!$bImport && $_AUTH['level'] < LEVEL_MANAGER && empty($aData['genes'])) {
lovd_errorAdd('genes', 'You should at least select one of the genes you are curator of.');
}
$_POST['genes'] = array();
if (is_array($aData['genes'])) {
foreach ($aData['genes'] as $sGene) {
if (!lovd_isAuthorized('gene', $sGene, false) && $bCreate) {
lovd_errorAdd('genes', 'You are not authorized to add this disease to gene ' . htmlspecialchars($sGene) . '.');
} else {
$_POST['genes'][] = $sGene;
}
}
}
if (!$bCreate) {
if (is_array($aData['genes']) && isset($zData['genes']) && is_array($zData['genes'])) {
foreach ($zData['genes'] as $sGene) {
if ($sGene && !in_array($sGene, $aData['genes']) && !lovd_isAuthorized('gene', $sGene, false)) {
lovd_errorAdd('genes', 'You are not authorized to remove this disease from gene ' . htmlspecialchars($sGene) . '.');
$_POST['genes'][] = $sGene;
}
}
}
}
// XSS attack prevention. Deny input of HTML.
lovd_checkXSS();
}
function prepareData($zData = '', $sView = 'list')
{
// Prepares the data by "enriching" the variable received with links, pictures, etc.
global $_DB, $_SETT;
if (!in_array($sView, array('list', 'entry'))) {
$sView = 'list';
}
// Makes sure it's an array and htmlspecialchars() all the values.
$zData = parent::prepareData($zData, $sView);
$zData['active'] = file_exists(session_save_path() . '/sess_' . $zData['phpsessid']);
if ($sView == 'list') {
$zData['orcid_id_'] = !$zData['orcid_id'] ? ' ' : '<IMG src="gfx/check.png" alt="' . $zData['orcid_id'] . '" title="' . $zData['orcid_id'] . '">';
$zData['name'] = '<A href="' . $zData['row_link'] . '" class="hide">' . $zData['name'] . '</A>';
$sAlt = $zData['active'] ? 'Online' : ($zData['locked'] ? 'Locked' : 'Offline');
$zData['status_'] = $zData['locked'] || $zData['active'] ? '<IMG src="gfx/' . ($zData['locked'] ? 'status_locked' : 'status_online') . '.png" alt="' . $sAlt . '" title="' . $sAlt . '" width="14" height="14">' : '';
$zData['last_login_'] = substr($zData['last_login'], 0, 10);
$zData['created_date_'] = substr($zData['created_date'], 0, 10);
$zData['level_'] = substr($zData['level_'], 1);
} else {
$zData['orcid_id_'] = '';
if ($zData['orcid_id']) {
$zData['orcid_id_'] = '<A href="http://orcid.org/' . $zData['orcid_id'] . '" target="_blank">' . $zData['orcid_id'] . '</A>';
}
$zData['password_force_change_'] = $zData['password_force_change'] ? '<IMG src="gfx/mark_1.png" alt="" width="11" height="11"> Yes' : 'No';
if (!empty($zData['saved_work'])) {
$zData['saved_work'] = unserialize(htmlspecialchars_decode($zData['saved_work']));
if (!empty($zData['saved_work']['submissions']['individual']) || !empty($zData['saved_work']['submissions']['screening'])) {
$zData['saved_work_'] = '<A href="users/' . $zData['id'] . '?submissions">Unfinished submissions</A>';
} else {
$zData['saved_work_'] = 'N/A';
}
} else {
$zData['saved_work_'] = 'N/A';
}
// Provide links to gene symbols this user is curator and collaborator for. Easy access to one's own genes.
$this->aColumnsViewEntry['curates_'] .= ' ' . count($zData['curates']) . ' gene' . (count($zData['curates']) == 1 ? '' : 's');
if (isset($this->aColumnsViewEntry['collaborates_'])) {
// This is only visible for Curators, so we don't want to mess around with aColumnsViewEntry when this field is no longer there.
$this->aColumnsViewEntry['collaborates_'][0] .= ' ' . count($zData['collaborates']) . ' gene' . (count($zData['collaborates']) == 1 ? '' : 's');
}
// Get HTML links for genes curated by current user.
$zData['curates_'] = $this->lovd_getObjectLinksHTML($zData['curates'], 'genes/%s');
$zData['collaborates_'] = '';
foreach ($zData['collaborates'] as $key => $sGene) {
$zData['collaborates_'] .= (!$key ? '' : ', ') . '<A href="genes/' . $sGene . '">' . $sGene . '</A>';
}
// Submissions...
if (lovd_isAuthorized('user', $zData['id']) === false) {
// Not authorized to view hidden data for this user; so we're not manager and we're not viewing ourselves. Nevermind then.
unset($this->aColumnsViewEntry['ownes_']);
} else {
// Either we're viewing ourselves, or we're manager or up. Like this is easy, because now we don't need to check for the data status of the data.
$nOwnes = 0;
$sOwnes = '';
// FIXME: Phenotypes is not included, because we don't have a phenotypes overview to link to (must be disease-specific).
foreach (array('individuals', 'screenings', 'variants') as $sDataType) {
$n = $_DB->query('SELECT COUNT(*) FROM ' . constant('TABLE_' . strtoupper($sDataType)) . ' WHERE owned_by = ?', array($zData['id']))->fetchColumn();
if ($n) {
$nOwnes += $n;
$sOwnes .= (!$sOwnes ? '' : ', ') . '<A href="' . $sDataType . '?search_owned_by_=%3D%22' . rawurlencode(html_entity_decode($zData['name'])) . '%22">' . $n . ' ' . ($n == 1 ? substr($sDataType, 0, -1) : $sDataType) . '</A>';
}
}
$this->aColumnsViewEntry['ownes_'] .= ' ' . $nOwnes . ' data entr' . ($nOwnes == 1 ? 'y' : 'ies');
$zData['ownes_'] = $sOwnes;
}
$this->aColumnsViewEntry['colleagues_'] = 'Shares access with ' . count($zData['colleagues']) . ' user' . (count($zData['colleagues']) == 1 ? '' : 's');
$zData['colleagues_'] = $this->lovd_getObjectLinksHTML($zData['colleagues'], 'users/%s');
$zData['allowed_ip_'] = preg_replace('/[;,]+/', '<BR>', $zData['allowed_ip']);
$zData['status_'] = $zData['active'] ? '<IMG src="gfx/status_online.png" alt="Online" title="Online" width="14" height="14" align="top"> Online' : 'Offline';
$zData['locked_'] = $zData['locked'] ? '<IMG src="gfx/status_locked.png" alt="Locked" title="Locked" width="14" height="14" align="top"> Locked' : 'No';
$zData['level_'] = $_SETT['user_levels'][$zData['level']];
}
return $zData;
}
exit;
}
if (isset($_GET['sent'])) {
// Verification of the sequence.
// Error check.
lovd_errorClean();
// Mandatory fields with their names.
// 2009-06-22; 2.0-19; Removed gene.
$aCheck = array('symbol' => 'Gene symbol', 'sequence' => 'Input sequence');
foreach ($aCheck as $key => $val) {
if (empty($_POST[$key])) {
lovd_errorAdd($key, 'Please fill in the \'' . $val . '\' field.');
}
}
// Check on avoidance of selection lists.
if (!empty($_POST['symbol']) && !lovd_isAuthorized('gene', $_POST['symbol'])) {
lovd_errorAdd('symbol', 'You do not have rights to run this script for this gene!');
}
// 2009-12-07; 2.0-23; check the format of the link to the GenBank record
if ($_POST['version_id'] && !preg_match('/(N[CG]_[0-9]+\\.[0-9]+)/', $_POST['version_id'])) {
// Error in GenBank accession number.
lovd_errorAdd('file', 'Incorrect GenBank link. This field can only contain accession numbers starting with NC or NG appended with an underscore followed by numbers, a dot and the version number.');
}
if (!lovd_error()) {
// All fields filled in, go ahead
$sSeq = str_replace("\r", '', $_POST['sequence']);
$sSeq = str_replace("\n", '', $sSeq);
// Needed variables
$nNuclPreTranslStart = 0;
// Number of nucleotides before the translation starts
$nNuclPostTranslStart = 0;
// What header to put in the file? "<header> download".
$sFilter = '';
// Do you want to filter the data? If so, put some string here, that marks this type of filter.
$ID = '';
if ($_PE[1] == 'all' && empty($_PE[2])) {
// Download all.
$sFileName = 'full_download';
$sHeader = 'Full data';
lovd_requireAuth(LEVEL_MANAGER);
} elseif ($_PE[1] == 'all' && $_PE[2] == 'gene' && PATH_COUNT == 4 && preg_match('/^[a-z][a-z0-9#@-]*$/i', rawurldecode($_PE[3]))) {
// Gene database contents.
$sFileName = 'full_download_' . $_PE[3];
$sHeader = 'Full data';
$sFilter = 'gene';
$ID = $_PE[3];
lovd_isAuthorized('gene', $_PE[3]);
lovd_requireAuth(LEVEL_CURATOR);
} elseif ($_PE[1] == 'all' && $_PE[2] == 'mine' && PATH_COUNT == 3) {
// Own data.
$sFileName = 'owned_data';
$sHeader = 'Owned data';
$sFilter = 'owner';
$ID = $_AUTH['id'];
lovd_requireAuth();
} elseif ($_PE[1] == 'all' && $_PE[2] == 'user' && PATH_COUNT == 4 && ctype_digit($_PE[3])) {
// Data owned by other.
$sFileName = 'owned_data';
$sHeader = 'Owned data';
$sFilter = 'owner';
$ID = $_PE[3];
lovd_requireAuth(LEVEL_MANAGER);
function lovd_setUpdatedDate($aGenes)
{
// Updates the updated_date field of the indicated gene.
global $_AUTH, $_DB;
if (!$aGenes) {
return false;
} elseif (!is_array($aGenes)) {
$aGenes = array($aGenes);
}
// Check if this user have rights on this gene? It doesn't really matter that much, but still.
foreach ($aGenes as $nKey => $sGene) {
if (!lovd_isAuthorized('gene', $sGene)) {
unset($aGenes[$nKey]);
}
}
// So perhaps now no gene is left.
if (!$aGenes) {
return false;
}
// Just update the database and we'll see what happens.
$q = $_DB->query('UPDATE ' . TABLE_GENES . ' SET updated_by = ?, updated_date = NOW() WHERE id IN (?' . str_repeat(', ?', count($aGenes) - 1) . ')', array_merge(array($_AUTH['id']), $aGenes), false);
return $q->rowCount();
}
print ' <FORM action="' . CURRENT_PATH . '?' . ACTION . '" method="post">' . "\n";
// Array which will make up the form table.
$aForm = array_merge($_DATA->getForm(), array(array('', '', 'submit', 'Edit transcript information entry')));
lovd_viewForm($aForm);
print '</FORM>' . "\n\n";
$_T->printFooter();
exit;
}
if (PATH_COUNT == 2 && ctype_digit($_PE[1]) && ACTION == 'delete') {
// URL: /transcripts/00001?delete
// Drop specific entry.
$nID = sprintf('%08d', $_PE[1]);
define('PAGE_TITLE', 'Delete transcript information entry #' . $nID);
define('LOG_EVENT', 'TranscriptDelete');
// Load appropriate user level for this transcript.
lovd_isAuthorized('transcript', $nID);
// This call will make database queries if necessary.
lovd_requireAUTH(LEVEL_CURATOR);
require ROOT_PATH . 'class/object_transcripts.php';
$_DATA = new LOVD_Transcript();
$zData = $_DATA->loadEntry($nID);
require ROOT_PATH . 'inc-lib-form.php';
if (!empty($_POST)) {
lovd_errorClean();
// Mandatory fields.
if (empty($_POST['password'])) {
lovd_errorAdd('password', 'Please fill in the \'Enter your password for authorization\' field.');
}
// User had to enter his/her password for authorization.
if ($_POST['password'] && !lovd_verifyPassword($_POST['password'], $_AUTH['password'])) {
lovd_errorAdd('password', 'Please enter your correct password for authorization.');
*
* This file is part of LOVD.
*
* LOVD is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* LOVD is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with LOVD. If not, see <http://www.gnu.org/licenses/>.
*
*************/
define('ROOT_PATH', './');
require ROOT_PATH . 'inc-init.php';
// Send manager and database administrator to setup, curators to the config, with selected database to the gene homepage, the rest to the gene listing.
if ($_AUTH && $_AUTH['level'] >= LEVEL_MANAGER) {
$sFile = 'setup';
} elseif ($_AUTH && $_SESSION['currdb'] && lovd_isAuthorized('gene', $_SESSION['currdb'], false)) {
$sFile = 'configuration';
} elseif ($_SESSION['currdb']) {
$sFile = 'genes/' . $_SESSION['currdb'];
} else {
$sFile = 'genes';
}
header('Location: ' . lovd_getInstallURL() . $sFile);
exit;
print ' <BR><BR>' . "\n\n";
// Table.
print ' <FORM id="removeVariants" action="' . CURRENT_PATH . '?' . ACTION . '" method="post">' . "\n";
// Array which will make up the form table.
$aForm = array(array('POST', '', '', '', '0%', '0', '100%'), array('', '', 'print', 'Enter your password for authorization'), array('', '', 'password', 'password', 20), array('', '', 'print', '<INPUT type="submit" value="Save variant list" onclick="lovd_AJAX_viewListSubmit(\'Screenings_' . $nID . '_removeVariants\', function () { $(\'#removeVariants\').submit(); }); return false;"> <INPUT type="submit" value="Cancel" onclick="window.location.href=\'' . lovd_getInstallURL() . ($bSubmit ? 'submit/screening/' : 'screenings/') . $nID . '\'; return false;" style="border : 1px solid #FF4422;">'));
lovd_viewForm($aForm);
$_T->printFooter();
exit;
}
if (PATH_COUNT == 2 && ctype_digit($_PE[1]) && ACTION == 'delete') {
// URL: /screenings/0000000001?delete
// Drop specific entry.
$nID = sprintf('%010d', $_PE[1]);
define('PAGE_TITLE', 'Delete screening information entry ' . $nID);
define('LOG_EVENT', 'ScreeningDelete');
lovd_isAuthorized('screening', $nID);
lovd_requireAUTH(LEVEL_CURATOR);
require ROOT_PATH . 'class/object_screenings.php';
$_DATA = new LOVD_Screening();
$zData = $_DATA->loadEntry($nID);
require ROOT_PATH . 'inc-lib-form.php';
$a = $_DB->query('SELECT variantid, screeningid FROM ' . TABLE_SCR2VAR . ' GROUP BY variantid HAVING COUNT(screeningid) = 1 AND screeningid = ?', array($nID))->fetchAllColumn();
$aVariantsRemovable = array();
if (!empty($a)) {
$aVariantsRemovable = $_DB->query('SELECT variantid FROM ' . TABLE_SCR2VAR . ' WHERE screeningid = ? AND variantid IN (?' . str_repeat(', ?', count($a) - 1) . ')', array_merge(array($nID), $a))->fetchAllColumn();
}
$nVariantsRemovable = count($aVariantsRemovable);
if (!empty($_POST)) {
lovd_errorClean();
// Mandatory fields.
if (empty($_POST['password'])) {
function lovd_isAuthorized($sType, $Data, $bSetUserLevel = true)
{
// Checks whether a user is allowed to view or edit a certain data type.
// $Data may be a (list of) IDs.
// If $bSetUserLevel is true, the $_AUTH['level'] field will be edited
// according to the result of this function.
// Returns false, 0 or 1, depending on the authorization level of the user.
// False: not allowed to view hidden data, not allowed to edit.
// 0 : allowed to view hidden data, not allowed to edit (LEVEL_COLLABORATOR).
// 1 : allowed to view hidden data, allowed to edit (LEVEL_OWNER || LEVEL_CURATOR).
// Returns 1 by default for any user with level LEVEL_MANAGER or higher for non-user based authorization requests.
global $_AUTH, $_DB, $_CONF;
if (!$_AUTH) {
return false;
} elseif ($sType != 'user' && $_AUTH['level'] >= LEVEL_MANAGER) {
return 1;
}
// Check data type.
if (!$Data) {
return false;
} elseif (!in_array($sType, array('user', 'gene', 'disease', 'transcript', 'variant', 'individual', 'phenotype', 'screening'))) {
lovd_writeLog('Error', 'LOVD-Lib', 'lovd_isAuthorized() - Function didn\'t receive a valid datatype (' . $sType . ').');
return false;
}
if ($sType == 'user') {
// Base authorization on own level and other's level, if not requesting authorization on himself.
if (is_array($Data)) {
// Not supported on this data type.
return false;
} else {
// If viewing himself, always get authorization.
if ($Data == $_AUTH['id']) {
return 1;
// FIXME: We're not supporting $bSetUserLevel at the moment (not required right now, either).
} elseif ($_AUTH['level'] < LEVEL_MANAGER) {
// Lower than managers never get access to hidden data of other users.
return false;
} else {
$nLevelData = $_DB->query('SELECT level FROM ' . TABLE_USERS . ' WHERE id = ?', array($Data))->fetchColumn();
return (int) ($_AUTH['level'] > $nLevelData);
}
}
}
if ($sType == 'gene') {
// Base authorization on (max of) $_AUTH['curates'] and/or $_AUTH['collaborates'].
if (is_array($Data)) {
// Gets authorization if one gene matches.
$AuthMax = false;
foreach ($Data as $sID) {
$Auth = lovd_isAuthorized('gene', $sID, $bSetUserLevel);
if ($Auth !== false) {
$AuthMax = $Auth;
if ($AuthMax == 1) {
return 1;
// Level, if needed, has been set by the recursive call.
}
}
}
return $AuthMax;
// Level, if needed, has been set by the recursive call.
} else {
// These arrays are built up in inc-auth.php for users with level < LEVEL_MANAGER.
$Auth = in_array($Data, $_AUTH['curates']) ? 1 : (in_array($Data, $_AUTH['collaborates']) ? 0 : false);
if ($Auth !== false && $bSetUserLevel) {
$_AUTH['level'] = $Auth ? LEVEL_CURATOR : LEVEL_COLLABORATOR;
}
return $Auth;
}
}
// Makes it easier to check the data.
if (!is_array($Data)) {
$Data = array($Data);
}
switch ($sType) {
// Queries for every data type.
case 'transcript':
$aGenes = $_DB->query('SELECT DISTINCT geneid FROM ' . TABLE_TRANSCRIPTS . ' WHERE id IN (?' . str_repeat(', ?', count($Data) - 1) . ')', $Data)->fetchAllColumn();
return lovd_isAuthorized('gene', $aGenes, $bSetUserLevel);
case 'disease':
$aGenes = $_DB->query('SELECT DISTINCT geneid FROM ' . TABLE_GEN2DIS . ' WHERE diseaseid IN (?' . str_repeat(', ?', count($Data) - 1) . ')', $Data)->fetchAllColumn();
return lovd_isAuthorized('gene', $aGenes, $bSetUserLevel);
case 'variant':
$aGenes = $_DB->query('SELECT DISTINCT t.geneid FROM ' . TABLE_VARIANTS_ON_TRANSCRIPTS . ' AS vot LEFT OUTER JOIN ' . TABLE_TRANSCRIPTS . ' AS t ON (vot.transcriptid = t.id) WHERE vot.id IN (?' . str_repeat(', ?', count($Data) - 1) . ')', $Data)->fetchAllColumn();
break;
case 'individual':
$aGenes = $_DB->query('SELECT DISTINCT t.geneid FROM ' . TABLE_TRANSCRIPTS . ' AS t LEFT OUTER JOIN ' . TABLE_VARIANTS_ON_TRANSCRIPTS . ' AS vot ON (vot.transcriptid = t.id) LEFT OUTER JOIN ' . TABLE_SCR2VAR . ' AS s2v ON (vot.id = s2v.variantid) LEFT OUTER JOIN ' . TABLE_SCREENINGS . ' AS s ON (s2v.screeningid = s.id) WHERE s.individualid IN (?' . str_repeat(', ?', count($Data) - 1) . ')', $Data)->fetchAllColumn();
break;
case 'phenotype':
$aGenes = $_DB->query('SELECT DISTINCT t.geneid FROM ' . TABLE_TRANSCRIPTS . ' AS t LEFT OUTER JOIN ' . TABLE_VARIANTS_ON_TRANSCRIPTS . ' AS vot ON (vot.transcriptid = t.id) LEFT OUTER JOIN ' . TABLE_SCR2VAR . ' AS s2v ON (vot.id = s2v.variantid) LEFT OUTER JOIN ' . TABLE_SCREENINGS . ' AS s ON (s2v.screeningid = s.id) LEFT OUTER JOIN ' . TABLE_PHENOTYPES . ' AS p ON (s.individualid = p.individualid) WHERE p.id IN (?' . str_repeat(', ?', count($Data) - 1) . ')', $Data)->fetchAllColumn();
break;
case 'screening':
$aGenes = $_DB->query('SELECT DISTINCT t.geneid FROM ' . TABLE_TRANSCRIPTS . ' AS t LEFT OUTER JOIN ' . TABLE_VARIANTS_ON_TRANSCRIPTS . ' AS vot ON (vot.transcriptid = t.id) LEFT OUTER JOIN ' . TABLE_SCR2VAR . ' AS s2v ON (vot.id = s2v.variantid) WHERE s2v.screeningid IN (?' . str_repeat(', ?', count($Data) - 1) . ')', $Data)->fetchAllColumn();
break;
default:
return false;
}
// Run the authorization on genes.
$Auth = lovd_isAuthorized('gene', $aGenes, $bSetUserLevel);
if ($Auth) {
// Level has already been set by recursive call.
return 1;
}
$bOwner = lovd_isOwner($sType, $Data);
if (($bOwner || lovd_isColleagueOfOwner($sType, $Data, true)) && $_CONF['allow_submitter_mods']) {
if ($bSetUserLevel) {
$_AUTH['level'] = LEVEL_OWNER;
}
return 1;
}
// Collaborator OR Owner, but not allowed to edit own entries.
if ($Auth === 0 || $bOwner || lovd_isColleagueOfOwner($sType, $Data, false)) {
if ($bSetUserLevel) {
$_AUTH['level'] = LEVEL_COLLABORATOR;
}
return 0;
}
if ($bSetUserLevel) {
$_AUTH['level'] = LEVEL_SUBMITTER;
}
return false;
}
// Array which will make up the form table.
$aForm = array_merge($_DATA->getForm(), array(array('', '', 'print', '<INPUT type="submit" value="Edit phenotype information entry">' . ($bSubmit ? ' <INPUT type="submit" value="Cancel" onclick="window.location.href=\'' . lovd_getInstallURL() . 'submit/individual/' . $zData['individualid'] . '\'; return false;" style="border : 1px solid #FF4422;">' : ''))));
lovd_viewForm($aForm);
print '</FORM>' . "\n\n";
$_T->printFooter();
exit;
}
if (PATH_COUNT == 2 && ctype_digit($_PE[1]) && ACTION == 'delete') {
// URL: /phenotypes/0000000001?delete
// Drop specific entry.
$nID = sprintf('%010d', $_PE[1]);
define('PAGE_TITLE', 'Delete phenotype #' . $nID);
define('LOG_EVENT', 'PhenotypeDelete');
// FIXME; hier moet een goede controle komen, wanneer lager is toegestaan.
// Load appropriate user level for this phenotype entry.
lovd_isAuthorized('phenotype', $nID);
lovd_requireAUTH(LEVEL_CURATOR);
require ROOT_PATH . 'class/object_phenotypes.php';
$_DATA = new LOVD_Phenotype('', $nID);
$zData = $_DATA->loadEntry($nID);
require ROOT_PATH . 'inc-lib-form.php';
if (!empty($_POST)) {
lovd_errorClean();
// Mandatory fields.
if (empty($_POST['password'])) {
lovd_errorAdd('password', 'Please fill in the \'Enter your password for authorization\' field.');
}
// User had to enter his/her password for authorization.
if ($_POST['password'] && !lovd_verifyPassword($_POST['password'], $_AUTH['password'])) {
lovd_errorAdd('password', 'Please enter your correct password for authorization.');
}
}
if (ACTION) {
// We're receiving an action, but we're not designed to handle one on this page...
$_T->printHeader();
$_T->printTitle();
lovd_showInfoTable('Can\'t perform requested action.', 'stop');
$_T->printFooter();
exit;
}
// URL: /configuration
// URL: /configuration/DMD
// URL: /configuration/GENETHATDOESNOTEXIST
// URL: /configuration/DMD/something_that_should_not_be_there
// Force user to select different gene.
// Only when the path is correct (gene given that exists or no gene given but we've got one in session) and authorization is OK, we don't block.
if (!(PATH_COUNT <= 2 && $_SESSION['currdb'] && lovd_isAuthorized('gene', $_SESSION['currdb']))) {
$bWrongGeneSelected = (bool) $_SESSION['currdb'];
$_SESSION['currdb'] = '';
// This will unset the links in the top menu.
$_T->printHeader();
$_T->printTitle();
if ($bWrongGeneSelected) {
lovd_showInfoTable('You are not allowed access to the configuration of this gene database. If you think this is an error, please contact your manager or the database administrator to grant you access.', 'stop');
}
// Print LOVD2-style type of selection list with genes this person is curator of (if LEVEL_CURATOR). If only one gene exists, select that gene inmediately.
if ($_AUTH['level'] == LEVEL_CURATOR) {
$qGenes = $_DB->query('SELECT g.id, CONCAT(g.id, " (", g.name, ")") AS name FROM ' . TABLE_CURATES . ' AS c INNER JOIN ' . TABLE_GENES . ' AS g ON (c.geneid = g.id) WHERE c.userid = ? AND c.allow_edit = 1 ORDER BY g.id', array($_AUTH['id']));
} else {
$qGenes = $_DB->query('SELECT g.id, CONCAT(g.id, " (", g.name, ")") AS name FROM ' . TABLE_GENES . ' AS g ORDER BY g.id', array());
}
$aGenes = $qGenes->fetchAllRow();
