labimotion 2.2.0.rc5 → 2.2.0.rc7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5aa32269487161d9b1e5647154e1d55ec3fae34dc50082e538adae80679afdf9
-  data.tar.gz: 5df8ec5d405a7c64ee0840cfffe1dd8a60537997447c898d2f1d8870b3910830
+  metadata.gz: a7b53d1daca8b636571715c7ff62caa557dc59082c1f7733cdd6e6a875795712
+  data.tar.gz: cab23343b2c90f335571ae7b5b7e714b63cee7e1f403b50b8b3c89e944b23e4a
 SHA512:
-  metadata.gz: 68ebbb1d5ebbe512808bcab3f34b3452c9ee0dbeceebbed183db20904e433b0aa06cd533f66a0896e7d3824e615307d25edd669cb1de5c0f0415213c2f349e1f
-  data.tar.gz: 14a545856a83b9d5778910eefd06c2cb4b865e696036c8e7e1901c18e2688726c6447aca3af8a65703e788d2fc95357acfe1fd5e6177706a3f0dc62b712e885d
+  metadata.gz: ffbd3fac0cba826e516a8dd57fed5c0ac0b29a50c15752ca27453cc9dfd28736e71ce44b76efef72690daf1aa23f42a48309228b038a883ac67852564e74c94d
+  data.tar.gz: 7a3da058102e765cdfa54fa5ece7e3dc022cff2a0f39e9eae1cc31e4053b8e7735b5eda17bc2c05927b1e54d81883c3a885e1367eb85624d4e8437505ee96191

data/lib/labimotion/apis/dose_resp_request_api.rb

@@ -0,0 +1,241 @@
+# frozen_string_literal: true
+
+require 'labimotion/version'
+
+module Labimotion
+  # Dose Response Request API
+  class DoseRespRequestAPI < Grape::API
+    helpers Labimotion::ParamHelpers
+
+    resource :dose_resp_requests do
+      desc 'Get all dose response requests for current user'
+      params do
+        optional :element_id, type: Integer, desc: 'Filter by element ID'
+        optional :state, type: Integer, desc: 'Filter by state (-1, 0, 1, 2)'
+        optional :page, type: Integer, desc: 'Page number', default: 1
+        optional :per_page, type: Integer, desc: 'Items per page', default: 20
+      end
+      get do
+        requests = Labimotion::DoseRespRequest.where(created_by: current_user.id)
+
+        # Apply filters
+        requests = requests.where(element_id: params[:element_id]) if params[:element_id]
+        requests = requests.where(state: params[:state]) if params[:state]
+
+        # Pagination
+        page = params[:page] || 1
+        per_page = [params[:per_page] || 20, 100].min # Max 100 per page
+
+        total = requests.count
+        requests = requests.order(created_at: :desc)
+                          .offset((page - 1) * per_page)
+                          .limit(per_page)
+
+        {
+          requests: requests.map do |req|
+            {
+              id: req.id,
+              request_id: req.request_id,
+              element_id: req.element_id,
+              state: req.state,
+              state_label: state_label(req.state),
+              expires_at: req.expires_at,
+              created_at: req.created_at,
+              updated_at: req.updated_at,
+              first_accessed_at: req.first_accessed_at,
+              last_accessed_at: req.last_accessed_at,
+              access_count: req.access_count,
+              resp_message: req.resp_message,
+              active: req.active?
+            }
+          end,
+          pagination: {
+            page: page,
+            per_page: per_page,
+            total: total,
+            total_pages: (total.to_f / per_page).ceil
+          }
+        }
+      rescue StandardError => e
+        error!("Error: #{e.message}", 500)
+      end
+
+      desc 'Get a dose response request by ID'
+      params do
+        requires :id, type: Integer, desc: 'Request ID'
+      end
+      get ':id' do
+        request = Labimotion::DoseRespRequest.find_by(id: params[:id])
+        error!('Request not found', 404) unless request
+
+        # Check authorization
+        error!('Unauthorized', 403) unless request.created_by == current_user.id
+
+        {
+          id: request.id,
+          request_id: request.request_id,
+          element_id: request.element_id,
+          state: request.state,
+          state_label: state_label(request.state),
+          wellplates_metadata: request.wellplates_metadata,
+          input_metadata: request.input_metadata,
+          expires_at: request.expires_at,
+          revoked_at: request.revoked_at,
+          created_at: request.created_at,
+          updated_at: request.updated_at,
+          first_accessed_at: request.first_accessed_at,
+          last_accessed_at: request.last_accessed_at,
+          access_count: request.access_count,
+          resp_message: request.resp_message,
+          active: request.active?,
+          expired: request.expired?,
+          revoked: request.revoked?
+        }
+      rescue StandardError => e
+        error!("Error: #{e.message}", 500)
+      end
+
+      desc 'Update a dose response request'
+      params do
+        requires :id, type: Integer, desc: 'Request ID'
+        optional :state, type: Integer, desc: 'State', values: [-1, 0, 1, 2]
+        optional :resp_message, type: String, desc: 'Response message'
+        optional :wellplates_metadata, type: Hash, desc: 'Wellplates metadata'
+      end
+      put ':id' do
+        request = Labimotion::DoseRespRequest.find_by(id: params[:id])
+        error!('Request not found', 404) unless request
+
+        # Check authorization
+        error!('Unauthorized', 403) unless request.created_by == current_user.id
+
+        update_params = {}
+        update_params[:state] = params[:state] if params[:state]
+        update_params[:resp_message] = params[:resp_message] if params[:resp_message]
+        update_params[:wellplates_metadata] = params[:wellplates_metadata] if params[:wellplates_metadata]
+
+        request.update!(update_params)
+
+        {
+          success: true,
+          message: 'Request updated successfully',
+          request: {
+            id: request.id,
+            request_id: request.request_id,
+            state: request.state,
+            state_label: state_label(request.state),
+            resp_message: request.resp_message,
+            updated_at: request.updated_at
+          }
+        }
+      rescue ActiveRecord::RecordInvalid => e
+        error!("Validation error: #{e.message}", 422)
+      rescue StandardError => e
+        error!("Error: #{e.message}", 500)
+      end
+
+      desc 'Revoke a dose response request'
+      params do
+        requires :id, type: Integer, desc: 'Request ID'
+      end
+      post ':id/revoke' do
+        request = Labimotion::DoseRespRequest.find_by(id: params[:id])
+        error!('Request not found', 404) unless request
+
+        # Check authorization
+        error!('Unauthorized', 403) unless request.created_by == current_user.id
+
+        request.revoke!
+
+        {
+          success: true,
+          message: 'Request revoked successfully',
+          request: {
+            id: request.id,
+            request_id: request.request_id,
+            state: request.state,
+            revoked_at: request.revoked_at,
+            active: request.active?
+          }
+        }
+      rescue StandardError => e
+        error!("Error: #{e.message}", 500)
+      end
+
+      desc 'Delete a dose response request'
+      params do
+        requires :id, type: Integer, desc: 'Request ID'
+      end
+      delete ':id' do
+        request = Labimotion::DoseRespRequest.find_by(id: params[:id])
+        error!('Request not found', 404) unless request
+
+        # Check authorization
+        error!('Unauthorized', 403) unless request.created_by == current_user.id
+
+        # Soft delete if acts_as_paranoid is enabled
+        request.destroy
+
+        {
+          success: true,
+          message: 'Request deleted successfully'
+        }
+      rescue StandardError => e
+        error!("Error: #{e.message}", 500)
+      end
+
+      desc 'Get dose response requests by element ID'
+      params do
+        requires :element_id, type: Integer, desc: 'Element ID'
+      end
+      get 'by_element/:element_id' do
+        element = Labimotion::Element.find_by(id: params[:element_id])
+        error!('Element not found', 404) unless element
+
+        # Check if user has access to element
+        policy = ElementPolicy.new(current_user, element)
+        error!('Unauthorized', 403) unless policy.read?
+
+        requests = Labimotion::DoseRespRequest.where(element_id: params[:element_id])
+                                               .where(created_by: current_user.id)
+                                               .order(created_at: :desc)
+
+        {
+          element_id: element.id,
+          element_name: element.name,
+          requests: requests.map do |req|
+            {
+              id: req.id,
+              request_id: req.request_id,
+              state: req.state,
+              state_label: state_label(req.state),
+              expires_at: req.expires_at,
+              created_at: req.created_at,
+              access_count: req.access_count,
+              active: req.active?
+            }
+          end
+        }
+      rescue StandardError => e
+        error!("Error: #{e.message}", 500)
+      end
+    end
+
+    helpers do
+      def state_label(state)
+        case state
+        when Labimotion::DoseRespRequest::STATE_ERROR
+          'error'
+        when Labimotion::DoseRespRequest::STATE_INITIAL
+          'initial'
+        when Labimotion::DoseRespRequest::STATE_PROCESSING
+          'processing'
+        when Labimotion::DoseRespRequest::STATE_COMPLETED
+          'completed'
+        else
+          'unknown'
+        end
+      end
+    end
+  end
+end

data/lib/labimotion/apis/element_variation_api.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+module Labimotion
+  class ElementVariationAPI < Grape::API
+    rescue_from ActiveRecord::RecordNotFound do
+      error!('404 Element not found', 404)
+    end
+
+    resource :element_variations do
+      params do
+        requires :element_id, type: Integer, desc: 'Generic element id'
+      end
+      route_param :element_id do
+        before do
+          @element = Labimotion::Element.find(params[:element_id])
+          error!('401 Unauthorized', 401) unless ElementPolicy.new(current_user, @element).read?
+        end
+
+        desc 'Return element variations for a generic element'
+        get do
+          record = Labimotion::ElementVariation.find_or_initialize_by(element_id: @element.id)
+          present record, with: Labimotion::ElementVariationEntity, root: 'element_variation'
+        end
+
+        desc 'Upsert element variations for a generic element'
+        params do
+          requires :variations, type: Hash, desc: 'Variations keyed by row uuid'
+          optional :layout, type: Hash, desc: 'Column layout (selected/order/units/rowOrder)'
+        end
+        put do
+          error!('401 Unauthorized', 401) unless ElementPolicy.new(current_user, @element).update?
+
+          record = Labimotion::ElementVariation.find_or_initialize_by(element_id: @element.id)
+          record.variations = params[:variations] || {}
+          if params.key?(:layout) && record.class.column_names.include?('layout')
+            record.layout = params[:layout] || {}
+          end
+          record.save!
+
+          present record, with: Labimotion::ElementVariationEntity, root: 'element_variation'
+        end
+      end
+    end
+  end
+end

data/lib/labimotion/apis/labimotion_api.rb

@@ -12,5 +12,8 @@ module Labimotion
     mount Labimotion::LabimotionHubAPI
     mount Labimotion::StandardLayerAPI
     mount Labimotion::VocabularyAPI
+    mount Labimotion::MttAPI
+    mount Labimotion::DoseRespRequestAPI
+    mount Labimotion::ElementVariationAPI
   end
 end

data/lib/labimotion/apis/mtt_api.rb

@@ -0,0 +1,238 @@
+# frozen_string_literal: true
+
+require 'labimotion/version'
+require 'labimotion/libs/export_element'
+require 'labimotion/helpers/mtt_helpers'
+require 'labimotion/models/dose_resp_output'
+
+module Labimotion
+  # Generic Element API
+  class MttAPI < Grape::API
+    helpers Labimotion::ParamHelpers
+    helpers Labimotion::MttHelpers
+
+    namespace :public do
+      resource :mtt_apps do
+        route_param :token do
+          desc 'Download data from MTT app (GET endpoint)'
+          get do
+            download_json_to_external_app
+          end
+
+          desc 'Upload modified data from MTT app (POST endpoint)'
+          post do
+            upload_json_from_external_app
+          end
+        end
+      end
+    end
+
+    resource :mtt do
+      namespace :requests do
+        desc 'Get MTT requests for current user'
+        get do
+          # Get all requests created by current user
+          requests = Labimotion::DoseRespRequest
+                     .includes(:dose_resp_outputs)
+                     .where(created_by: current_user.id)
+                     .order(created_at: :desc)
+
+          # Return formatted response
+          requests.map do |req|
+            {
+              id: req.id,
+              request_id: req.request_id,
+              element_id: req.element_id,
+              state: req.state,
+              state_name: case req.state
+                          when Labimotion::DoseRespRequest::STATE_ERROR then 'error'
+                          when Labimotion::DoseRespRequest::STATE_INITIAL then 'initial'
+                          when Labimotion::DoseRespRequest::STATE_PROCESSING then 'processing'
+                          when Labimotion::DoseRespRequest::STATE_COMPLETED then 'completed'
+                          else 'unknown'
+                          end,
+              created_at: req.created_at,
+              expires_at: req.expires_at,
+              expired: req.expired?,
+              revoked: req.revoked?,
+              active: req.active?,
+              resp_message: req.resp_message,
+              last_accessed_at: req.last_accessed_at,
+              access_count: req.access_count || 0,
+              outputs: req.dose_resp_outputs.map do |output|
+                {
+                  id: output.id,
+                  output_data: output.output_data,
+                  notes: output.notes,
+                  created_at: output.created_at
+                }
+              end
+            }
+          end
+        end
+
+        desc 'Delete one or multiple MTT requests'
+        params do
+          requires :ids, type: Array[Integer], desc: 'Array of request IDs to delete'
+        end
+        delete do
+          # Find requests belonging to current user
+          requests = Labimotion::DoseRespRequest.where(
+            id: params[:ids],
+            created_by: current_user.id
+          )
+
+          if requests.empty?
+            error!('No requests found or unauthorized', 404)
+          end
+
+          deleted_count = requests.count
+          requests.destroy_all
+
+          {
+            success: true,
+            message: "Successfully deleted #{deleted_count} request(s)",
+            deleted_count: deleted_count
+          }
+        rescue StandardError => e
+          error!("Error deleting requests: #{e.message}", 500)
+        end
+
+        desc 'Update MTT request'
+        params do
+          requires :id, type: Integer, desc: 'Request ID'
+          optional :state, type: Integer, desc: 'State (-1: error, 0: initial, 1: processing, 2: completed)', values: [-1, 0, 1, 2]
+          optional :resp_message, type: String, desc: 'Response message'
+          optional :wellplates_metadata, type: Hash, desc: 'Wellplates metadata'
+          optional :input_metadata, type: Hash, desc: 'Input metadata'
+          optional :revoked, type: Boolean, desc: 'Revoke access token'
+        end
+        patch ':id' do
+          # Find request belonging to current user
+          request = Labimotion::DoseRespRequest.find_by(
+            id: params[:id],
+            created_by: current_user.id
+          )
+
+          error!('Request not found or unauthorized', 404) unless request
+
+          # Prepare update attributes
+          update_attrs = {}
+          update_attrs[:state] = params[:state] if params.key?(:state)
+          update_attrs[:resp_message] = params[:resp_message] if params.key?(:resp_message)
+          update_attrs[:wellplates_metadata] = params[:wellplates_metadata] if params.key?(:wellplates_metadata)
+          update_attrs[:input_metadata] = params[:input_metadata] if params.key?(:input_metadata)
+          update_attrs[:revoked_at] = params[:revoked] ? Time.current : nil if params.key?(:revoked)
+
+          if request.update(update_attrs)
+            {
+              success: true,
+              message: 'Request updated successfully',
+              request: {
+                id: request.id,
+                request_id: request.request_id,
+                state: request.state,
+                state_name: case request.state
+                            when Labimotion::DoseRespRequest::STATE_ERROR then 'error'
+                            when Labimotion::DoseRespRequest::STATE_INITIAL then 'initial'
+                            when Labimotion::DoseRespRequest::STATE_PROCESSING then 'processing'
+                            when Labimotion::DoseRespRequest::STATE_COMPLETED then 'completed'
+                            else 'unknown'
+                            end,
+                resp_message: request.resp_message,
+                revoked: request.revoked?,
+                updated_at: request.updated_at
+              }
+            }
+          else
+            error!("Validation error: #{request.errors.full_messages.join(', ')}", 422)
+          end
+        rescue ActiveRecord::RecordNotFound
+          error!('Request not found', 404)
+        rescue StandardError => e
+          error!("Error updating request: #{e.message}", 500)
+        end
+      end
+
+      namespace :outputs do
+        desc 'Delete one or multiple MTT outputs'
+        params do
+          requires :ids, type: Array[Integer], desc: 'Array of output IDs to delete'
+        end
+        delete do
+          # Find outputs where the parent request belongs to current user
+          outputs = Labimotion::DoseRespOutput
+                    .joins(:dose_resp_request)
+                    .where(
+                      id: params[:ids],
+                      dose_resp_requests: { created_by: current_user.id }
+                    )
+
+          if outputs.empty?
+            error!('No outputs found or unauthorized', 404)
+          end
+
+          deleted_count = outputs.count
+          outputs.destroy_all
+
+          {
+            success: true,
+            message: "Successfully deleted #{deleted_count} output(s)",
+            deleted_count: deleted_count
+          }
+        rescue StandardError => e
+          error!("Error deleting outputs: #{e.message}", 500)
+        end
+      end
+
+      namespace :create_mtt_request do
+        desc 'Create MTT assay request'
+        params do
+          use :create_mtt_request_params
+        end
+        post do
+          # Find element and wellplates
+          element = Labimotion::Element.find_by(id: params[:id])
+          error!('Element not found', 404) unless element
+#byebug
+          # Verify user has update permission
+          error!('Unauthorized', 403) unless ElementPolicy.new(current_user, element).update?
+
+          wellplates = Wellplate.where(id: params[:wellplate_ids])
+          error!('No wellplates found', 404) if wellplates.empty?
+
+          # Generate wellplates metadata
+          wellplates_metadata = generate_wellplates_metadata(wellplates)
+
+          # Create DoseRespRequest record with token
+          dose_resp_request = Labimotion::DoseRespRequest.create!(
+            element_id: element.id,
+            wellplates_metadata: { wellplates: wellplates_metadata },
+            input_metadata: {
+              wellplate_ids: params[:wellplate_ids],
+              element_id: element.id,
+              element_name: element.name,
+              created_at: Time.current
+            },
+            state: Labimotion::DoseRespRequest::STATE_INITIAL,
+            created_by: current_user&.id,
+            expires_at: TPA_EXPIRATION.from_now
+          )
+
+          # Generate external app URL with token
+          token_uri = token_url(dose_resp_request)
+          external_app_url = get_external_app_url
+
+          # Format: "#{@app.url}?url=#{CGI.escape(token_uri)}&type=ThirdPartyApp"
+          "#{external_app_url}?method=DoseResponse&url=#{CGI.escape(token_uri)}"
+        rescue ActiveRecord::RecordInvalid => e
+          error!("Validation error: #{e.message}", 422)
+        rescue ActiveRecord::RecordNotFound => e
+          error!("Not found: #{e.message}", 404)
+        rescue StandardError => e
+          error!("Error: #{e.message}", 500)
+        end
+      end
+    end
+  end
+end

data/lib/labimotion/entities/element_entity.rb

@@ -23,6 +23,7 @@ module Labimotion
       expose! :uuid
       expose! :user_labels
       expose! :preview_attachment # align with eln change
+      expose! :variations_count
     end
 
     with_options(anonymize_below: 10) do

data/lib/labimotion/entities/element_variation_entity.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require 'labimotion/entities/application_entity'
+
+module Labimotion
+  class ElementVariationEntity < Labimotion::ApplicationEntity
+    expose :id
+    expose :element_id, as: :elementId
+    expose :variations
+    expose :layout
+
+    def variations
+      rows = object.variations_hash
+      rows.transform_values do |row|
+        next row unless row.is_a?(Hash)
+
+        row.symbolize_keys.slice(:uuid, :name, :properties, :metadata, :segments).tap do |slim|
+          slim[:properties] = (slim[:properties] || {})
+          slim[:metadata] = (slim[:metadata] || {}).slice('notes', 'analyses', 'group', :notes, :analyses, :group)
+          slim[:segments] = (slim[:segments] || {})
+        end
+      end
+    end
+
+    def layout
+      object.layout_hash
+    end
+  end
+end

data/lib/labimotion/helpers/element_helpers.rb

@@ -247,21 +247,27 @@ module Labimotion
     end
 
     def list_serialized_elements(params, current_user)
-      scope = Labimotion::Element.none
-
+      collection_id =
       if params[:collection_id]
-        begin
-          collection = Collection.accessible_for(current_user).find(params[:collection_id])
-          scope = collection.elements
-                            .joins(:element_klass)
-                            .where(element_klasses: { name: params[:el_type] })
-                            .includes(:tag)
-        rescue ActiveRecord::RecordNotFound
-          Labimotion::Element.none
-        end
+        Collection
+          .belongs_to_or_shared_by(current_user.id, current_user.group_ids)
+          .find_by(id: params[:collection_id])&.id
+      elsif params[:sync_collection_id]
+        current_user
+          .all_sync_in_collections_users
+          .find_by(id: params[:sync_collection_id])&.collection&.id
+      end
+
+      scope =
+      if collection_id
+        Labimotion::Element
+          .joins(:element_klass, :collections_elements)
+          .where(
+            element_klasses: { name: params[:el_type] },
+            collections_elements: { collection_id: collection_id },
+          ).includes(:tag, collections: :sync_collections_users)
       else
-        # All collection of current_user
-        scope = Labimotion::Element.for_user(current_user.id)
+        Labimotion::Element.none
       end
 
       ## TO DO: refactor labimotion

data/lib/labimotion/helpers/mtt_helpers.rb

@@ -0,0 +1,428 @@
+# frozen_string_literal: true
+
+require 'grape'
+require 'net/http'
+require 'uri'
+require 'zip'
+
+module Labimotion
+  ## MTT Helpers
+  module MttHelpers
+    extend Grape::API::Helpers
+
+    TPA_EXPIRATION = 72.hours
+
+    def token_url(dose_resp_request)
+      # Build the callback URL with token in path
+      api_base_url = ENV['PUBLIC_URL'] || 'http://172.28.156.100:3000'
+      callback_path = "/api/v1/public/mtt_apps/#{dose_resp_request.access_token}"
+      callback_url = "#{api_base_url}#{callback_path}"
+
+      callback_url
+    end
+
+    def get_external_app_url
+      ENV['MTT_EXTERNAL_APP_URL'] || 'http://localhost:4050'
+    end
+
+    def validate_token(token)
+      # Find the request by access token
+      request = Labimotion::DoseRespRequest.find_by(access_token: token)
+      error!('Token not found', 404) unless request
+
+      # Check expiration
+      error!('Token expired', 403) if request.expired?
+
+      # Check revocation
+      error!('Token revoked', 403) if request.revoked?
+
+      request
+    end
+
+    def validate_user_access(dose_resp_request)
+      # Get element and user
+      element = dose_resp_request.element
+      error!('Element not found', 404) unless element
+
+      user = dose_resp_request.creator
+      error!('User not found', 404) unless user
+
+      # Check user has update permission on element using ElementPolicy
+      policy = ElementPolicy.new(user, element)
+      error!('Unauthorized', 403) unless policy.update?
+
+      { element: element, user: user }
+    end
+
+    def download_json_to_external_app
+      # Get token from route params
+      token = params[:token]
+      dose_resp_request = validate_token(token)
+
+      # Validate user access
+      validate_user_access(dose_resp_request)
+
+      # Track access and update state
+      # dose_resp_request.track_access!
+      dose_resp_request.mark_processing! if dose_resp_request.state == Labimotion::DoseRespRequest::STATE_INITIAL
+      # Return wellplates metadata as JSON
+      # Access the wellplates array from the metadata structure
+      wellplates_data = dose_resp_request.wellplates_metadata&.dig('wellplates') ||
+                        dose_resp_request.wellplates_metadata&.dig(:wellplates) ||
+                        []
+
+      response_data = {
+        id: dose_resp_request.id.to_s,
+        request_id: dose_resp_request.request_id,
+        element_info: extract_element_properties(dose_resp_request.element),
+        wellplates: wellplates_data
+      }
+
+      status 200
+      response_data
+    rescue => e
+      error!("Error: #{e.message}", 500)
+    end
+
+    def upload_json_from_external_app
+      # Get token from route params
+      token = params[:token]
+      dose_resp_request = validate_token(token)
+
+      # Validate user access
+      access_info = validate_user_access(dose_resp_request)
+      user = access_info[:user]
+      element = access_info[:element]
+      # Handle file upload
+      file_param = params['file'] || params[:file]
+      error!('No file uploaded', 400) unless file_param && file_param.is_a?(Hash) && file_param['tempfile']
+
+      tempfile = file_param['tempfile']
+      filename = file_param['filename'] || 'upload'
+      # Check if it's a zip file
+      if filename.end_with?('.zip')
+        # Process zip file
+        wellplates_data, csv_data = process_zip_file(tempfile)
+
+        error!('Missing JSON data in zip file', 400) unless wellplates_data
+
+        # Create analysis container and dataset with CSV if present
+        # if csv_data
+        #   create_analysis_with_csv(element, user, csv_data, dose_resp_request, wellplates_data)
+        # end
+      # else
+      #   # Handle single JSON file
+      #   file_content = tempfile.read
+      #   tempfile.rewind
+      #   json_data = JSON.parse(file_content).with_indifferent_access
+      #   wellplates_data = json_data[:Output]
+
+      #   error!('Missing wellplates data', 400) unless wellplates_data
+      end
+
+      dose_resp_request.track_access!
+
+      # Save output data to dose_resp_outputs table
+      output = dose_resp_request.dose_resp_outputs.create!(
+        output_data: { Output: wellplates_data }
+      )
+      if csv_data
+        create_analysis_with_csv(element, user, csv_data, dose_resp_request, output)
+      end
+
+      dose_resp_request.update!(
+        wellplates_metadata: { wellplates: wellplates_data },
+        resp_message: 'Data updated successfully'
+      )
+
+      # Mark as completed
+      dose_resp_request.mark_completed!
+
+      status 200
+      {
+        success: true,
+        message: 'Data updated successfully',
+        request_id: dose_resp_request.id
+      }
+    rescue JSON::ParserError => e
+      error!("Invalid JSON: #{e.message}", 400)
+    rescue ActiveRecord::RecordInvalid => e
+      dose_resp_request.mark_error!(e.message) if dose_resp_request
+      error!("Validation error: #{e.message}", 422)
+    rescue => e
+      dose_resp_request.mark_error!(e.message) if dose_resp_request
+      error!("Error: #{e.message}", 500)
+    end
+
+    def process_zip_file(tempfile)
+      wellplates_data = nil
+      csv_data = nil
+
+      Zip::File.open(tempfile.path) do |zip_file|
+        zip_file.each do |entry|
+          if entry.name.end_with?('.json')
+            # Read JSON file
+            json_content = entry.get_input_stream.read
+            json_data = JSON.parse(json_content).with_indifferent_access
+            wellplates_data = json_data[:Output]
+          elsif entry.name.end_with?('.xls', '.xlsx', '.csv')
+            # Read CSV/Excel file - extract just the basename without path
+            csv_content = entry.get_input_stream.read
+            csv_data = {
+              filename: File.basename(entry.name),
+              content: csv_content
+            }
+          end
+        end
+      end
+
+      [wellplates_data, csv_data]
+    end
+
+    def create_analysis_with_csv(element, user, csv_data, dose_resp_request, output)
+      analysis, dataset = create_analysis_with_dataset(
+        element: element,
+        analysis_name: "MTT Analysis #{dose_resp_request.request_id}-#{output&.id}",
+        dataset_name: 'new',
+        analysis_attributes: {}
+      )
+
+      # Determine content type based on file extension
+      content_type = case File.extname(csv_data[:filename]).downcase
+                     when '.xlsx'
+                       'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet'
+                     when '.xls'
+                       'application/vnd.ms-excel'
+                     when '.csv'
+                       'text/csv'
+                     else
+                       'application/octet-stream'
+                     end
+
+      # Create a temporary file for the attachment
+      temp_file = Tempfile.new([File.basename(csv_data[:filename], '.*'), File.extname(csv_data[:filename])])
+      begin
+        temp_file.binmode
+        temp_file.write(csv_data[:content])
+        temp_file.rewind
+
+        # Create attachment for CSV/Excel file
+        attachment = Attachment.new(
+          filename: csv_data[:filename],
+          file_path: temp_file.path,
+          created_by: user.id,
+          created_for: user.id,
+          attachable_type: 'Container',
+          attachable_id: dataset.id,
+          content_type: content_type
+        )
+        attachment.save! if attachment.valid?
+
+        { analysis: analysis, dataset: dataset, attachment: attachment }
+      ensure
+        temp_file.close
+        temp_file.unlink
+      end
+    end
+
+    def create_analysis_with_dataset(
+      element:,
+      analysis_name: 'New Analysis',
+      dataset_name: 'New Dataset',
+      analysis_attributes: {}
+    )
+      # Ensure the element has a root container
+      ensure_root_container(element)
+
+      # Get or create the analyses container
+      analyses_container = element.container.children.find_or_create_by(container_type: 'analyses')
+
+      # Prepare default extended_metadata for analysis
+      default_metadata = {
+        'content' => '{"ops":[{"insert":""}]}',
+        'report' => true
+      }
+      extended_metadata = default_metadata.merge(analysis_attributes[:extended_metadata] || {})
+
+      # Create the analysis container
+      analysis_container = analyses_container.children.create(
+        container_type: 'analysis',
+        name: analysis_name,
+        description: analysis_attributes[:description] || '',
+        extended_metadata: extended_metadata
+      )
+
+      # Create the dataset container nested under the analysis
+      dataset_container = analysis_container.children.create(
+        container_type: 'dataset',
+        name: dataset_name,
+        description: '',
+        extended_metadata: {}
+      )
+
+      [analysis_container, dataset_container]
+    end
+
+    def ensure_root_container(element)
+      return if element.container.present?
+
+      element.container = Container.create_root_container
+    end
+    # def send_mtt_request(current_user, params)
+
+    #   token_uri = token_url(current_user, params)
+
+
+    #   uri = URI.parse(api_url)
+    #   http = Net::HTTP.new(uri.host, uri.port)
+    #   http.use_ssl = (uri.scheme == 'https')
+    #   http.read_timeout = 30
+
+    #   # Ensure path is not empty, default to '/' if needed
+    #   path = uri.path.empty? ? '/' : uri.path
+    #   request = Net::HTTP::Post.new(path, { 'Content-Type' => 'application/json' })
+    #   request.body = json_data.to_json
+
+    #   response = http.request(request)
+
+    #   {
+    #     success: response.is_a?(Net::HTTPSuccess),
+    #     status: response.code,
+    #     body: (JSON.parse(response.body) rescue response.body),
+    #     message: response.message
+    #   }
+    # rescue StandardError => e
+    #   {
+    #     success: false,
+    #     error: e.message,
+    #     backtrace: e.backtrace.first(5)
+    #   }
+    # end
+
+    def extract_readout_titles(wellplate)
+      # Extract readout titles from wellplate
+      if wellplate.respond_to?(:readout_titles)
+        titles = wellplate.readout_titles
+        return titles if titles.is_a?(Array)
+        return JSON.parse(titles) if titles.is_a?(String)
+      end
+      []
+    end
+
+    def extract_wells(wellplate)
+      # Extract wells data from wellplate
+      wells = wellplate.wells || []
+      wells.map do |well|
+        # Position might be stored as a hash or separate fields
+        position = if well.respond_to?(:position) && well.position.is_a?(Hash)
+                     well.position
+                   elsif well.respond_to?(:position_x)
+                     { x: well.position_x, y: well.position_y }
+                   else
+                     { x: 0, y: 0 }
+                   end
+
+        well_data = {
+          id: well.id,
+          position: position
+        }
+
+        # Only include readouts if they have values
+        readouts = extract_readouts(well)
+        well_data[:readouts] = readouts if readouts.present?
+
+        # Only include sample if it exists
+        sample = extract_sample(well)
+        well_data[:sample] = sample if sample.present?
+
+        well_data
+      end
+    end
+
+    def extract_readouts(well)
+      # Extract readouts from well
+      # Readouts are typically stored as JSON data in the well
+      readouts = if well.respond_to?(:readouts) && well.readouts.is_a?(Array)
+                   well.readouts
+                 elsif well.respond_to?(:readouts) && well.readouts.is_a?(String)
+                   JSON.parse(well.readouts) rescue []
+                 elsif well.respond_to?(:readouts) && well.readouts.is_a?(Hash)
+                   well.readouts.values rescue []
+                 else
+                   []
+                 end
+
+      # Filter out empty readouts (both unit and value are blank)
+      readouts.select do |readout|
+        readout.is_a?(Hash) &&
+        (readout['unit'].to_s.present? || readout['value'].to_s.present? ||
+         readout[:unit].to_s.present? || readout[:value].to_s.present?)
+      end
+    end
+
+    def extract_sample(well)
+      # Extract sample information from well
+      if well.respond_to?(:sample) && well.sample.present?
+        sample = well.sample
+        return {
+          id: sample.id,
+          short_label: sample.short_label,
+          conc: sample.try(:molarity_value) || 0
+        }
+      end
+      nil
+    end
+
+    def generate_wellplates_metadata(wellplates)
+      wellplates.map do |wellplate|
+        {
+          id: wellplate.id.to_s,
+          readoutTitles: extract_readout_titles(wellplate),
+          wells: extract_wells(wellplate)
+        }
+      end
+    end
+
+    def extract_element_properties(element)
+      props = {
+        id: element.id.to_s,
+        name: element.name
+      }
+
+      layers = element.properties.dig('layers', 'general_information', 'fields') ||
+               element.properties.dig(:layers, :general_information, :fields) || []
+
+      endpoint_field = layers.find { |f| f['field'] == 'Endpoint' || f[:field] == 'Endpoint' }
+      props[:endpoint] = endpoint_field['value'] || endpoint_field[:value] if endpoint_field
+
+      props
+    end
+
+
+    def generate_element_metadata(element)
+      {
+        id: wellplate.id.to_s,
+        readoutTitles: extract_readout_titles(wellplate),
+        wells: extract_wells(wellplate)
+      }
+    end
+
+
+    def generate_json_data(wellplates)
+      # # Generate wellplates metadata
+      wellplates_metadata = generate_wellplates_metadata(wellplates)
+
+      # Generate JSON structure
+      json_data = {
+        id: element.id.to_s,
+        request_id: dose_resp_request.id.to_s,
+        wellplates: wellplates_metadata
+      }
+      # Save to JSON file
+      filename = "mtt_request_#{element.id}_#{dose_resp_request.id}.json"
+      filepath = Rails.root.join('tmp', filename)
+      File.write(filepath, JSON.pretty_generate(json_data))
+      json_data
+    end
+  end
+end

data/lib/labimotion/helpers/param_helpers.rb

@@ -146,5 +146,11 @@ module Labimotion
       requires :layer_id, type: String, desc: 'layer identifier'
       requires :field_id, type: String, desc: 'field identifier'
     end
+
+
+    params :create_mtt_request_params do
+      requires :id, type: Integer, desc: 'Element ID'
+      requires :wellplate_ids, type: Array, desc: 'Selected Wellplates'
+    end
   end
 end

data/lib/labimotion/models/dose_resp_output.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Labimotion
+  class DoseRespOutput < ApplicationRecord
+    acts_as_paranoid
+    self.table_name = :dose_resp_outputs
+
+    # Associations
+    belongs_to :dose_resp_request, class_name: 'Labimotion::DoseRespRequest'
+
+    # Validations
+    validates :dose_resp_request, presence: true
+    validates :output_data, presence: true
+    validate :output_data_is_hash
+
+    # Scopes
+    scope :recent, -> { order(created_at: :desc) }
+
+    private
+
+    def output_data_is_hash
+      return if output_data.is_a?(Hash)
+
+      errors.add(:output_data, 'must be a Hash')
+    end
+  end
+end

data/lib/labimotion/models/dose_resp_request.rb

@@ -0,0 +1,93 @@
+# frozen_string_literal: true
+
+module Labimotion
+  class DoseRespRequest < ApplicationRecord
+    acts_as_paranoid
+    self.table_name = :dose_resp_requests
+
+    # Token generation
+    has_secure_token :access_token
+
+    # Callbacks
+    before_create :generate_request_id
+
+    # Associations
+    belongs_to :element, class_name: 'Labimotion::Element'
+    belongs_to :creator, foreign_key: :created_by, class_name: 'User'
+    has_many :dose_resp_outputs, class_name: 'Labimotion::DoseRespOutput', dependent: :destroy
+
+    # Validations
+    validates :element, presence: true
+    validates :creator, presence: true
+    validates :expires_at, presence: true
+    validates :state, inclusion: { in: [-1, 0, 1, 2] }
+    validate :metadata_is_hash
+    validate :input_metadata_is_hash
+
+    # State constants
+    STATE_ERROR = -1
+    STATE_INITIAL = 0
+    STATE_PROCESSING = 1
+    STATE_COMPLETED = 2
+
+    # Scopes
+    scope :active, -> { where('expires_at > ?', Time.current).where(revoked_at: nil) }
+    scope :expired, -> { where('expires_at <= ?', Time.current) }
+    scope :revoked, -> { where.not(revoked_at: nil) }
+
+    # Instance methods
+    def expired?
+      expires_at.present? && expires_at < Time.current
+    end
+
+    def revoked?
+      revoked_at.present?
+    end
+
+    def active?
+      !expired? && !revoked?
+    end
+
+    def revoke!
+      update!(revoked_at: Time.current, state: STATE_ERROR)
+    end
+
+    def mark_processing!
+      update!(state: STATE_PROCESSING) if state == STATE_INITIAL
+    end
+
+    def mark_completed!
+      update!(state: STATE_COMPLETED)
+    end
+
+    def mark_error!(message = nil)
+      update!(state: STATE_ERROR, resp_message: message)
+    end
+
+    def track_access!
+      increment!(:access_count)
+      update_columns(
+        first_accessed_at: first_accessed_at || Time.current,
+        last_accessed_at: Time.current
+      )
+    end
+
+    private
+
+    def metadata_is_hash
+      return if wellplates_metadata.nil? || wellplates_metadata.is_a?(Hash)
+
+      errors.add(:wellplates_metadata, 'must be a hash')
+    end
+
+    def input_metadata_is_hash
+      return if input_metadata.nil? || input_metadata.is_a?(Hash)
+
+      errors.add(:input_metadata, 'must be a hash')
+    end
+
+    def generate_request_id
+      self.request_id = "MTT-#{Time.current.strftime('%Y%m%d-%H%M%S')}-#{SecureRandom.hex(3)}"
+    end
+  end
+end

data/lib/labimotion/models/element.rb

@@ -41,6 +41,12 @@ module Labimotion
     has_many :samples, through: :elements_samples, source: :sample
     has_one :container, :as => :containable
     has_many :elements_revisions, dependent: :destroy, class_name: 'Labimotion::ElementsRevision'
+    has_one :element_variation, dependent: :destroy, class_name: 'Labimotion::ElementVariation', foreign_key: :element_id
+
+    def variations_count
+      rows = element_variation&.variations
+      rows.is_a?(Hash) ? rows.size : 0
+    end
 
     accepts_nested_attributes_for :collections_elements
 

data/lib/labimotion/models/element_variation.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module Labimotion
+  class ElementVariation < ApplicationRecord
+    self.table_name = :element_variations
+
+    belongs_to :element, class_name: 'Labimotion::Element'
+
+    validates :element_id, uniqueness: true
+
+    def variations_hash
+      variations.is_a?(Hash) ? variations : {}
+    end
+
+    def layout_hash
+      return {} unless self.class.column_names.include?('layout')
+
+      layout.is_a?(Hash) ? layout : {}
+    end
+  end
+end

data/lib/labimotion/utils/search.rb

@@ -12,7 +12,7 @@ module Labimotion
     end
 
     def self.elements_search(params, current_user, c_id, dl)
-      collection = Collection.accessible_for(current_user).find(c_id)
+      collection = Collection.belongs_to_or_shared_by(current_user.id, current_user.group_ids).find(c_id)
       element_scope = Labimotion::Element.joins(:collections_elements).where('collections_elements.collection_id = ?', collection.id).joins(:element_klass).where('element_klasses.id = elements.element_klass_id AND element_klasses.name = ?', params[:selection][:genericElName])
       element_scope = element_scope.where('elements.name like (?)', "%#{params[:selection][:searchName]}%") if params[:selection][:searchName].present?
       element_scope = element_scope.where('elements.short_label like (?)', "%#{params[:selection][:searchShowLabel]}%") if params[:selection][:searchShowLabel].present?
@@ -97,7 +97,7 @@ module Labimotion
     def self.samples_search(c_id = @c_id)
       sqls = []
       sps = params[:selection][:searchProperties]
-      collection = Collection.accessible_for(current_user).find(c_id)
+      collection = Collection.belongs_to_or_shared_by(current_user.id, current_user.group_ids).find(c_id)
       element_scope = Sample.joins(:collections_samples).where('collections_samples.collection_id = ?', collection.id)
       return element_scope if sps.empty?
 

data/lib/labimotion/version.rb

@@ -2,5 +2,5 @@
 
 ## Labimotion Version
 module Labimotion
-  VERSION = '2.2.0.rc5'
+  VERSION = '2.2.0.rc7'
 end

data/lib/labimotion.rb

@@ -27,6 +27,9 @@ module Labimotion
   autoload :ExporterAPI, 'labimotion/apis/exporter_api'
   autoload :StandardLayerAPI, 'labimotion/apis/standard_layer_api'
   autoload :VocabularyAPI, 'labimotion/apis/vocabulary_api'
+  autoload :MttAPI, 'labimotion/apis/mtt_api'
+  autoload :DoseRespRequestAPI, 'labimotion/apis/dose_resp_request_api'
+  autoload :ElementVariationAPI, 'labimotion/apis/element_variation_api'
 
   ######## Entities
   autoload :PropertiesEntity, 'labimotion/entities/properties_entity'
@@ -49,6 +52,7 @@ module Labimotion
   autoload :SegmentRevisionEntity, 'labimotion/entities/segment_revision_entity'
   ## autoload :DatasetRevisionEntity, 'labimotion/entities/dataset_revision_entity'
   autoload :VocabularyEntity, 'labimotion/entities/vocabulary_entity'
+  autoload :ElementVariationEntity, 'labimotion/entities/element_variation_entity'
 
   ######## Helpers
   autoload :GenericHelpers, 'labimotion/helpers/generic_helpers'
@@ -114,11 +118,14 @@ module Labimotion
   autoload :StdLayersRevision, 'labimotion/models/std_layers_revision'
 
   autoload :DeviceDescription, 'labimotion/models/device_description'
+  autoload :DoseRespRequest, 'labimotion/models/dose_resp_request'
+  autoload :DoseRespOutput, 'labimotion/models/dose_resp_output'
   autoload :Reaction, 'labimotion/models/reaction'
   autoload :ResearchPlan, 'labimotion/models/research_plan'
   autoload :Sample, 'labimotion/models/sample'
   autoload :Screen, 'labimotion/models/screen'
   autoload :Wellplate, 'labimotion/models/wellplate'
+  autoload :ElementVariation, 'labimotion/models/element_variation'
 
   ######## Models/Concerns
   autoload :GenericKlassRevisions, 'labimotion/models/concerns/generic_klass_revisions'
@@ -126,6 +133,6 @@ module Labimotion
   autoload :ElementFetchable, 'labimotion/models/concerns/element_fetchable'
   autoload :Segmentable, 'labimotion/models/concerns/segmentable'
   autoload :Datasetable, 'labimotion/models/concerns/datasetable'
-  autoload :AttachmentConverter, 'labimotion/models/concerns/attachment_converter.rb'
+  autoload :AttachmentConverter, 'labimotion/models/concerns/attachment_converter'
   autoload :LinkedProperties, 'labimotion/models/concerns/linked_properties'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: labimotion
 version: !ruby/object:Gem::Version
-  version: 2.2.0.rc5
+  version: 2.2.0.rc7
 platform: ruby
 authors:
 - Chia-Lin Lin
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2026-03-25 00:00:00.000000000 Z
+date: 2026-05-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: caxlsx
@@ -55,12 +55,15 @@ extra_rdoc_files: []
 files:
 - lib/labimotion.rb
 - lib/labimotion/apis/converter_api.rb
+- lib/labimotion/apis/dose_resp_request_api.rb
+- lib/labimotion/apis/element_variation_api.rb
 - lib/labimotion/apis/exporter_api.rb
 - lib/labimotion/apis/generic_dataset_api.rb
 - lib/labimotion/apis/generic_element_api.rb
 - lib/labimotion/apis/generic_klass_api.rb
 - lib/labimotion/apis/labimotion_api.rb
 - lib/labimotion/apis/labimotion_hub_api.rb
+- lib/labimotion/apis/mtt_api.rb
 - lib/labimotion/apis/segment_api.rb
 - lib/labimotion/apis/standard_api.rb
 - lib/labimotion/apis/standard_layer_api.rb
@@ -75,6 +78,7 @@ files:
 - lib/labimotion/entities/element_entity.rb
 - lib/labimotion/entities/element_klass_entity.rb
 - lib/labimotion/entities/element_revision_entity.rb
+- lib/labimotion/entities/element_variation_entity.rb
 - lib/labimotion/entities/eln_element_entity.rb
 - lib/labimotion/entities/generic_entity.rb
 - lib/labimotion/entities/generic_klass_entity.rb
@@ -90,6 +94,7 @@ files:
 - lib/labimotion/helpers/element_helpers.rb
 - lib/labimotion/helpers/exporter_helpers.rb
 - lib/labimotion/helpers/generic_helpers.rb
+- lib/labimotion/helpers/mtt_helpers.rb
 - lib/labimotion/helpers/param_helpers.rb
 - lib/labimotion/helpers/repository_helpers.rb
 - lib/labimotion/helpers/sample_association_helpers.rb
@@ -129,9 +134,12 @@ files:
 - lib/labimotion/models/dataset_klasses_revision.rb
 - lib/labimotion/models/datasets_revision.rb
 - lib/labimotion/models/device_description.rb
+- lib/labimotion/models/dose_resp_output.rb
+- lib/labimotion/models/dose_resp_request.rb
 - lib/labimotion/models/element.rb
 - lib/labimotion/models/element_klass.rb
 - lib/labimotion/models/element_klasses_revision.rb
+- lib/labimotion/models/element_variation.rb
 - lib/labimotion/models/elements_element.rb
 - lib/labimotion/models/elements_revision.rb
 - lib/labimotion/models/elements_sample.rb