Made study privacy check more explicit

config/local-lite.yml

@@ -10,6 +10,8 @@ emg:
       ENGINE: 'django.db.backends.sqlite3'
       NAME: '/opt/ci/testdbs/ena-testdb.sqlite'
       ERA_TABLESPACE_PREFIX: ''
+  ena_api_password: None
+
 
   admin: True
   downloads_bypass_nginx: True

emgapianns/management/lib/create_or_update_study.py

@@ -29,6 +29,7 @@
     update_or_create_publication,
 )
 from emgapianns.management.lib import utils
+from emgcli.settings import EMG_CONF
 from emgena import models as ena_models
 from emgena.models import RunStudy, AssemblyStudy
 
@@ -165,6 +166,9 @@ def _update_or_create_study_from_db_result(
         )
 
         hold_date = ena_study.hold_date
+        ena_api_password = EMG_CONF['emg']['ena_api_password']
+        if ena_api_password is None:
+            logging.warning("ENA API password is missing. Study ownership cannot be verified.")
         try:
             study_is_public = self.check_if_study_is_public(secondary_study_accession)
             if study_is_public:
@@ -303,9 +307,11 @@ def check_if_study_is_public(self, study_id):
 
     def verify_study_ownership(self, study_id, submission_account_id):
         url = f"{'https://www.ebi.ac.uk/ena/submit/report/studies'}/{study_id}"
-        # TODO:  fetch password from env
-        generic_password = 'Where to store Password ?'
-        auth_string = f"mg-{submission_account_id}:{generic_password}"
+        ena_api_password = EMG_CONF['emg']['ena_api_password']
+        if not ena_api_password:
+            logging.warning("ENA API password is missing. Study ownership cannot be verified.")
+            return False
+        auth_string = f"mg-{submission_account_id}:{ena_api_password}"
         headers = {
             "accept": "*/*",
             "Authorization": f"Basic {b64encode(auth_string.encode()).decode()}"