Skip to content

Requests for material from external systems

The draft Genebank Request protocol describes how an external system creates a request for material in Genesys and the other way around: how Genesys can create a request in a genebank's own system.

In this ticket we add a new ExternalRequestController (in API v2) at /api/v2/request/external with two handlers:

POST /api/v2/request/external

Receives and handles request data JSON provided in request body.

  • Define ExternalRequestDTO model that is used for JSON
  • Check that authentication has ROLE_CLIENT or ROLE_TRUSTED_CLIENT (regular users cannot access this endpoint!)
  • Must check that at least one requested accession exists in the database, if not respond with 400 and application/json "No such accessions in this database"
  • Must check that all requested accessions exist in the database. If one or more are not found, respond with 400 and application/json array that lists the missing accessions. If all are found (including as historic records), then proceed.
    • I suggest we use the same approach as matching DatasetAccessionRef and store the accession UUID in the DTO so it's available later on.
  • Generate a random UUID to serve as the request key, store the key and DTO in the database, and return 200 application/json with just the key in the response.

GET /api/v2/request/external?key={requestKey}

Checks if a request key provided in query string as key exists and was not yet used, and redirects to the {frontendUrl}/...?key={key} or returns 404 when there is no such thing.

There are no authentication checks on this endpoint, anyone can call it.

The UI will then load request DTO from the API using the endpoint below, and support the user in finishing the request process.

GET /api/v2/request/external/{key}

This is used by Genesys UI to fetch the request data.

  • Check that authentication has ROLE_CLIENT or ROLE_TRUSTED_CLIENT (regular users cannot access this endpoint!)
  • Loads and returns external request DTO as JSON

Other notes

We need a way to "expire" these requests. We can use a 1 week limit (from created date) and perhaps a link to the resulting MaterialRequest. Any thoughts?

UI updates

The UI will need a page where this external request is loaded and displayed. It then needs to convert it to a regular request and follow the existing steps (display which accessions are not available, display user info form, etc.)