physionet-build icon indicating copy to clipboard operation
physionet-build copied to clipboard
verified publisher icon MIT-LCP

V0: Annotation API - Annotation App Token Support

Open emmyxth opened this issue 3 months ago • 0 comments

As per conversation https://github.com/MIT-LCP/physionet-build/issues/1047#issuecomment-3285413494, we want to add fine-grained token authorization. This PR introduces granular OAuth token scopes for the Annotations API, replacing the broad annotations:view and annotations:edit scopes with resource-specific permissions.

Changes

1. Fine-Grained OAuth Scopes (physionet/settings/base.py)

Replaced broad scopes with granular permissions:

  • Collections: annotations:collections:read and annotations:collections:write
  • Types: annotations:types:read and annotations:types:write
  • Annotations: annotations:annotations:read and annotations:annotations:write

2. New Permission Classes (annotation/views.py)

  • Added AnnotationsCollectionsScope for collection endpoints
  • Added AnnotationsTypesScope for type endpoints
  • Updated views to use resource-specific permission classes instead of generic AnnotationsScope

3. New Collection Read Endpoint (annotation/views.py, annotation/urls.py)

Added AnnotationCollectionReadAPIView with:

  • GET endpoint at /annotations/collection/<slug>/
  • Optimized queryset with prefetch_related() to reduce database queries
  • Proper scope validation (annotations:collections:read)

4. Serializer Improvements (annotation/serializers.py)

  • Moved AnnotationCollectionSerializer to end of file (after AnnotationSerializer definition)
  • Added annotations field to AnnotationCollectionSerializer to include related annotations in collection responses
  • Fixed AnnotationSerializer.to_representation() to properly access child location models:
    • instance.location.textspanlocation instead of instance.location
    • instance.location.timeseriesintervallocation instead of instance.location
    • instance.location.imagebboxlocation instead of instance.location

5. Updated Tests (annotation/tests.py)

  • Added _read_annotation_collection() helper method
  • Updated all tests to use new granular scopes
  • Added test_read_annotation_collection_correct_scope() to verify collection read endpoint with proper scope handling

All existing tests updated and passing with new scope requirements. New test added for collection read endpoint.

emmyxth avatar Oct 17 '25 07:10 emmyxth