updated API v3 to allow users to see any uploaded DMP for their Org

app/controllers/api/v3/dmps_controller.rb

@@ -9,7 +9,7 @@ class DmpsController < BaseApiController
       def create
         dmp = Draft.find_by(draft_id: dmp_params[:draft_id][:identifier])
         render_error(errors: DraftsController::MSG_DMP_NOT_FOUND, status: :not_found) and return if dmp.nil?
-        render_error(errors: DraftsController::MSG_DMP_UNAUTHORIZED, status: :unauthorized) and return unless dmp.user == current_user
+        render_error(errors: DraftsController::MSG_DMP_UNAUTHORIZED, status: :unauthorized) and return unless dmp.user&.org_id == current_user&.org_id
 
         result = dmp.register_dmp_id!
         render_error(errors: DraftsController::MSG_DMP_ID_REGISTRATION_FAILED, status: :bad_request) and return if result.nil?

app/controllers/api/v3/drafts_controller.rb

@@ -50,7 +50,7 @@ def create
       def show
         dmp = Draft.find_by(draft_id: params[:id])
         render_error(errors: MSG_DMP_NOT_FOUND, status: :not_found) and return if dmp.nil?
-        render_error(errors: MSG_DMP_UNAUTHORIZED, status: :unauthorized) and return unless dmp.user == current_user
+        render_error(errors: MSG_DMP_UNAUTHORIZED, status: :unauthorized) and return unless dmp.user&.org_id == current_user&.org_id
 
         @drafts = [dmp]
         render json: render_to_string(template: '/api/v3/drafts/index'), status: :ok
@@ -64,7 +64,7 @@ def show
       def update
         dmp = Draft.find_by(draft_id: params[:id])
         render_error(errors: MSG_DMP_NOT_FOUND, status: :not_found) and return if dmp.nil?
-        render_error(errors: MSG_DMP_UNAUTHORIZED, status: :unauthorized) and return unless dmp.user == current_user
+        render_error(errors: MSG_DMP_UNAUTHORIZED, status: :unauthorized) and return unless dmp.user&.org_id == current_user&.org_id
 
         # Extract the narrative PDF so we can add it to ActiveStorage
         args = dmp_params
@@ -91,7 +91,7 @@ def update
       def destroy
         dmp = Draft.find_by(draft_id: params[:id])
         render_error(errors: MSG_DMP_NOT_FOUND, status: :not_found) and return if dmp.nil?
-        render_error(errors: MSG_DMP_UNAUTHORIZED, status: :unauthorized) and return unless dmp.user == current_user
+        render_error(errors: MSG_DMP_UNAUTHORIZED, status: :unauthorized) and return unless dmp.user&.org_id == current_user&.org_id
 
         # Narrative PDF will be automatically removed
         if dmp.destroy
@@ -112,7 +112,7 @@ def update_narrative
         dmp = Draft.find_by(draft_id: params[:id])
         dmp = Draft.find_by(dmp_id: params[:id]) if dmp.nil?
         render_error(errors: MSG_DMP_NOT_FOUND, status: :not_found) and return if dmp.nil?
-        render_error(errors: MSG_DMP_UNAUTHORIZED, status: :unauthorized) and return unless dmp.user == current_user
+        render_error(errors: MSG_DMP_UNAUTHORIZED, status: :unauthorized) and return unless dmp.user&.org_id == current_user&.org_id
 
         # Remove the old narrative if applicable
         dmp.narrative.purge if (create_params[:narrative].present? || create_params[:remove_narrative].present?) &&

app/models/draft.rb

@@ -52,9 +52,9 @@ class Draft < ApplicationRecord
 
   # Support for filtering and search
   def self.search(user:, params: {})
-    return [] unless user.is_a?(User)
+    return [] unless user.is_a?(User) && !user.org_id.nil?
 
-    recs = where(user_id: user.id)
+    recs = includes(:user).joins(:user).where('users.org_id = ?', user&.org_id)
 
     title = params.fetch(:title, '').to_s.strip
     funder = params.fetch(:funder, '').to_s.strip

app/services/external_apis/dmphub_service.rb

@@ -81,40 +81,6 @@ def callback_method
         Rails.configuration.x.dmphub&.callback_method&.downcase&.to_sym || super
       end
 
-      def simulate_works(dmp_id:, works_count: 1, funder_ror: nil)
-        return false unless active? && dmp_id.present? && auth
-
-        data = { works: works_count }
-        data[:grant] = funder_ror if funder_ror.present?
-
-        opts = {
-          follow_redirects: true,
-          limit: 6,
-          headers: {
-            'authorization': @token,
-            'Server-Agent': "#{caller_name} (#{client_id})",
-            'Content-Type': 'application/json',
-            'Accept': 'application/json'
-          },
-          body: data.to_json
-        }
-        opts[:debug_output] = $stdout
-        target = "#{api_base_url}tmp/#{dmp_id.gsub(%r{https?://}, '')}"
-        resp = HTTParty.put(target, opts)
-
-        # DMPHub returns a 200 when successful
-        unless resp.present? && resp.code == 200
-          handle_http_failure(method: 'DMPHub simulate_works', http_response: resp)
-          notify_administrators(obj: { dmp_id: dmp_id, works_count: works_count, funder_ror: funder_ror }, response: resp)
-          return false
-        end
-        true
-      rescue StandardError => e
-        puts "FATAL: #{e.message}"
-        log_error(method: 'DmphubService.simulate_works', error: e)
-        false
-      end
-
       # Proxy a call to one of the funder API searches that resides in the DMPHub AWS based API Gateway
       def proxied_award_search(api_target:, args: {})
         authorized = auth

config/routes.rb

@@ -136,9 +136,6 @@
       # Fetch citations for the given dois
       post :citations, controller: :citations, action: :fetch_citation
 
-      # Temporary path to trigger the simulation of related works found by an external system
-      post :simulations, controller: :temporaries
-
       # Draft (work in progress) DMPs
       resources :drafts, only: %i[index create destroy show update] do
         member do