From d668817288efdf972006c2d492e7b0a2629fd687 Mon Sep 17 00:00:00 2001
From: Matthew Evans <git@ml-evs.science>
Date: Tue, 11 Mar 2025 12:58:40 +0000
Subject: [PATCH 01/18] Move `/search-users` to users blueprint

---
 pydatalab/src/pydatalab/routes/v0_1/items.py | 41 ------------------
 pydatalab/src/pydatalab/routes/v0_1/users.py | 45 +++++++++++++++++++-
 2 files changed, 44 insertions(+), 42 deletions(-)

diff --git a/pydatalab/src/pydatalab/routes/v0_1/items.py b/pydatalab/src/pydatalab/routes/v0_1/items.py
index f9d1c1d23..c3b22c301 100644
--- a/pydatalab/src/pydatalab/routes/v0_1/items.py
+++ b/pydatalab/src/pydatalab/routes/v0_1/items.py
@@ -14,7 +14,6 @@
 from pydatalab.logger import LOGGER
 from pydatalab.models import ITEM_MODELS
 from pydatalab.models.items import Item
-from pydatalab.models.people import Person
 from pydatalab.models.relationships import RelationshipType
 from pydatalab.models.utils import generate_unique_refcode
 from pydatalab.mongo import ITEMS_FTS_FIELDS, flask_mongo
@@ -1106,43 +1105,3 @@ def save_item():
         )
 
     return jsonify(status="success", last_modified=updated_data["last_modified"]), 200
-
-
-@ITEMS.route("/search-users/", methods=["GET"])
-def search_users():
-    """Perform free text search on users and return the top results.
-    GET parameters:
-        query: String with the search terms.
-        nresults: Maximum number of  (default 100)
-
-    Returns:
-        response list of dictionaries containing the matching items in order of
-        descending match score.
-    """
-
-    query = request.args.get("query", type=str)
-    nresults = request.args.get("nresults", default=100, type=int)
-    types = request.args.get("types", default=None)
-
-    match_obj = {"$text": {"$search": query}}
-    if types is not None:
-        match_obj["type"] = {"$in": types}
-
-    cursor = flask_mongo.db.users.aggregate(
-        [
-            {"$match": match_obj},
-            {"$sort": {"score": {"$meta": "textScore"}}},
-            {"$limit": nresults},
-            {
-                "$project": {
-                    "_id": 1,
-                    "identities": 1,
-                    "display_name": 1,
-                    "contact_email": 1,
-                }
-            },
-        ]
-    )
-    return jsonify(
-        {"status": "success", "users": list(json.loads(Person(**d).json()) for d in cursor)}
-    ), 200
diff --git a/pydatalab/src/pydatalab/routes/v0_1/users.py b/pydatalab/src/pydatalab/routes/v0_1/users.py
index 4d7e82dc8..3ba83308b 100644
--- a/pydatalab/src/pydatalab/routes/v0_1/users.py
+++ b/pydatalab/src/pydatalab/routes/v0_1/users.py
@@ -1,9 +1,11 @@
+import json
+
 from bson import ObjectId
 from flask import Blueprint, jsonify, request
 from flask_login import current_user
 
 from pydatalab.config import CONFIG
-from pydatalab.models.people import DisplayName, EmailStr
+from pydatalab.models.people import DisplayName, EmailStr, Person
 from pydatalab.mongo import flask_mongo
 from pydatalab.permissions import active_users_or_get_only
 
@@ -77,3 +79,44 @@ def save_user(user_id):
         )
 
     return (jsonify({"status": "success"}), 200)
+
+
+@active_users_or_get_only
+@USERS.route("/search-users/", methods=["GET"])
+def search_users():
+    """Perform free text search on users and return the top results.
+    GET parameters:
+        query: String with the search terms.
+        nresults: Maximum number of  (default 100)
+
+    Returns:
+        response list of dictionaries containing the matching items in order of
+        descending match score.
+    """
+
+    query = request.args.get("query", type=str)
+    nresults = request.args.get("nresults", default=100, type=int)
+    types = request.args.get("types", default=None)
+
+    match_obj = {"$text": {"$search": query}}
+    if types is not None:
+        match_obj["type"] = {"$in": types}
+
+    cursor = flask_mongo.db.users.aggregate(
+        [
+            {"$match": match_obj},
+            {"$sort": {"score": {"$meta": "textScore"}}},
+            {"$limit": nresults},
+            {
+                "$project": {
+                    "_id": 1,
+                    "identities": 1,
+                    "display_name": 1,
+                    "contact_email": 1,
+                }
+            },
+        ]
+    )
+    return jsonify(
+        {"status": "success", "users": list(json.loads(Person(**d).json()) for d in cursor)}
+    ), 200

From 2578bb95c3b8e6c14cf8a2a60e21877d3b74e93a Mon Sep 17 00:00:00 2001
From: Matthew Evans <git@ml-evs.science>
Date: Tue, 11 Mar 2025 13:03:53 +0000
Subject: [PATCH 02/18] Add endpoints for group management

---
 pydatalab/schemas/cell.json                   | 66 ++++++++++++++
 pydatalab/schemas/equipment.json              | 66 ++++++++++++++
 pydatalab/schemas/sample.json                 | 66 ++++++++++++++
 pydatalab/schemas/startingmaterial.json       | 66 ++++++++++++++
 pydatalab/src/pydatalab/login.py              | 25 +++++-
 pydatalab/src/pydatalab/models/people.py      | 29 +++++-
 pydatalab/src/pydatalab/mongo.py              | 31 +++++++
 .../src/pydatalab/routes/v0_1/__init__.py     |  3 +-
 pydatalab/src/pydatalab/routes/v0_1/users.py  | 90 ++++++++++++++++++-
 9 files changed, 435 insertions(+), 7 deletions(-)

diff --git a/pydatalab/schemas/cell.json b/pydatalab/schemas/cell.json
index a94011179..0c43c6c3b 100644
--- a/pydatalab/schemas/cell.json
+++ b/pydatalab/schemas/cell.json
@@ -275,6 +275,65 @@
         "name"
       ]
     },
+    "Group": {
+      "title": "Group",
+      "description": "A model that describes a group of users, for the sake\nof applying group permissions.\n\nEach `Person` model can point to a given group.",
+      "type": "object",
+      "properties": {
+        "type": {
+          "title": "Type",
+          "default": "groups",
+          "const": "groups",
+          "type": "string"
+        },
+        "immutable_id": {
+          "title": "Immutable ID",
+          "format": "uuid",
+          "type": "string"
+        },
+        "last_modified": {
+          "title": "Last Modified",
+          "type": "string",
+          "format": "date-time"
+        },
+        "relationships": {
+          "title": "Relationships",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/TypedRelationship"
+          }
+        },
+        "group_id": {
+          "title": "Group Id",
+          "minLength": 1,
+          "maxLength": 40,
+          "pattern": "^(?:[a-zA-Z0-9]+|[a-zA-Z0-9][a-zA-Z0-9._-]+[a-zA-Z0-9])$",
+          "type": "string"
+        },
+        "display_name": {
+          "title": "Display Name",
+          "minLength": 1,
+          "maxLength": 150,
+          "type": "string"
+        },
+        "description": {
+          "title": "Description",
+          "type": "string"
+        },
+        "group_admins": {
+          "title": "Group Admins",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        }
+      },
+      "required": [
+        "group_id",
+        "display_name",
+        "group_admins"
+      ]
+    },
     "AccountStatus": {
       "title": "AccountStatus",
       "description": "A string enum representing the account status.",
@@ -331,6 +390,13 @@
           "type": "string",
           "format": "email"
         },
+        "groups": {
+          "title": "Groups",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/Group"
+          }
+        },
         "managers": {
           "title": "Managers",
           "type": "array",
diff --git a/pydatalab/schemas/equipment.json b/pydatalab/schemas/equipment.json
index 9d7da376a..d27eb6f73 100644
--- a/pydatalab/schemas/equipment.json
+++ b/pydatalab/schemas/equipment.json
@@ -239,6 +239,65 @@
         "name"
       ]
     },
+    "Group": {
+      "title": "Group",
+      "description": "A model that describes a group of users, for the sake\nof applying group permissions.\n\nEach `Person` model can point to a given group.",
+      "type": "object",
+      "properties": {
+        "type": {
+          "title": "Type",
+          "default": "groups",
+          "const": "groups",
+          "type": "string"
+        },
+        "immutable_id": {
+          "title": "Immutable ID",
+          "format": "uuid",
+          "type": "string"
+        },
+        "last_modified": {
+          "title": "Last Modified",
+          "type": "string",
+          "format": "date-time"
+        },
+        "relationships": {
+          "title": "Relationships",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/TypedRelationship"
+          }
+        },
+        "group_id": {
+          "title": "Group Id",
+          "minLength": 1,
+          "maxLength": 40,
+          "pattern": "^(?:[a-zA-Z0-9]+|[a-zA-Z0-9][a-zA-Z0-9._-]+[a-zA-Z0-9])$",
+          "type": "string"
+        },
+        "display_name": {
+          "title": "Display Name",
+          "minLength": 1,
+          "maxLength": 150,
+          "type": "string"
+        },
+        "description": {
+          "title": "Description",
+          "type": "string"
+        },
+        "group_admins": {
+          "title": "Group Admins",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        }
+      },
+      "required": [
+        "group_id",
+        "display_name",
+        "group_admins"
+      ]
+    },
     "AccountStatus": {
       "title": "AccountStatus",
       "description": "A string enum representing the account status.",
@@ -295,6 +354,13 @@
           "type": "string",
           "format": "email"
         },
+        "groups": {
+          "title": "Groups",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/Group"
+          }
+        },
         "managers": {
           "title": "Managers",
           "type": "array",
diff --git a/pydatalab/schemas/sample.json b/pydatalab/schemas/sample.json
index 602a990a9..42ba3af3d 100644
--- a/pydatalab/schemas/sample.json
+++ b/pydatalab/schemas/sample.json
@@ -328,6 +328,65 @@
         "name"
       ]
     },
+    "Group": {
+      "title": "Group",
+      "description": "A model that describes a group of users, for the sake\nof applying group permissions.\n\nEach `Person` model can point to a given group.",
+      "type": "object",
+      "properties": {
+        "type": {
+          "title": "Type",
+          "default": "groups",
+          "const": "groups",
+          "type": "string"
+        },
+        "immutable_id": {
+          "title": "Immutable ID",
+          "format": "uuid",
+          "type": "string"
+        },
+        "last_modified": {
+          "title": "Last Modified",
+          "type": "string",
+          "format": "date-time"
+        },
+        "relationships": {
+          "title": "Relationships",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/TypedRelationship"
+          }
+        },
+        "group_id": {
+          "title": "Group Id",
+          "minLength": 1,
+          "maxLength": 40,
+          "pattern": "^(?:[a-zA-Z0-9]+|[a-zA-Z0-9][a-zA-Z0-9._-]+[a-zA-Z0-9])$",
+          "type": "string"
+        },
+        "display_name": {
+          "title": "Display Name",
+          "minLength": 1,
+          "maxLength": 150,
+          "type": "string"
+        },
+        "description": {
+          "title": "Description",
+          "type": "string"
+        },
+        "group_admins": {
+          "title": "Group Admins",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        }
+      },
+      "required": [
+        "group_id",
+        "display_name",
+        "group_admins"
+      ]
+    },
     "AccountStatus": {
       "title": "AccountStatus",
       "description": "A string enum representing the account status.",
@@ -384,6 +443,13 @@
           "type": "string",
           "format": "email"
         },
+        "groups": {
+          "title": "Groups",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/Group"
+          }
+        },
         "managers": {
           "title": "Managers",
           "type": "array",
diff --git a/pydatalab/schemas/startingmaterial.json b/pydatalab/schemas/startingmaterial.json
index 525d81b7f..11bf9d28c 100644
--- a/pydatalab/schemas/startingmaterial.json
+++ b/pydatalab/schemas/startingmaterial.json
@@ -381,6 +381,65 @@
         "name"
       ]
     },
+    "Group": {
+      "title": "Group",
+      "description": "A model that describes a group of users, for the sake\nof applying group permissions.\n\nEach `Person` model can point to a given group.",
+      "type": "object",
+      "properties": {
+        "type": {
+          "title": "Type",
+          "default": "groups",
+          "const": "groups",
+          "type": "string"
+        },
+        "immutable_id": {
+          "title": "Immutable ID",
+          "format": "uuid",
+          "type": "string"
+        },
+        "last_modified": {
+          "title": "Last Modified",
+          "type": "string",
+          "format": "date-time"
+        },
+        "relationships": {
+          "title": "Relationships",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/TypedRelationship"
+          }
+        },
+        "group_id": {
+          "title": "Group Id",
+          "minLength": 1,
+          "maxLength": 40,
+          "pattern": "^(?:[a-zA-Z0-9]+|[a-zA-Z0-9][a-zA-Z0-9._-]+[a-zA-Z0-9])$",
+          "type": "string"
+        },
+        "display_name": {
+          "title": "Display Name",
+          "minLength": 1,
+          "maxLength": 150,
+          "type": "string"
+        },
+        "description": {
+          "title": "Description",
+          "type": "string"
+        },
+        "group_admins": {
+          "title": "Group Admins",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        }
+      },
+      "required": [
+        "group_id",
+        "display_name",
+        "group_admins"
+      ]
+    },
     "AccountStatus": {
       "title": "AccountStatus",
       "description": "A string enum representing the account status.",
@@ -437,6 +496,13 @@
           "type": "string",
           "format": "email"
         },
+        "groups": {
+          "title": "Groups",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/Group"
+          }
+        },
         "managers": {
           "title": "Managers",
           "type": "array",
diff --git a/pydatalab/src/pydatalab/login.py b/pydatalab/src/pydatalab/login.py
index 833550f67..ad11aca3f 100644
--- a/pydatalab/src/pydatalab/login.py
+++ b/pydatalab/src/pydatalab/login.py
@@ -9,7 +9,7 @@
 from flask_login import LoginManager, UserMixin
 
 from pydatalab.models import Person
-from pydatalab.models.people import AccountStatus, Identity, IdentityType
+from pydatalab.models.people import AccountStatus, Group, Identity, IdentityType
 from pydatalab.models.utils import UserRole
 from pydatalab.mongo import flask_mongo
 
@@ -72,6 +72,11 @@ def identity_types(self) -> list[IdentityType]:
         """Returns a list of the identity types associated with the user."""
         return [_.identity_type for _ in self.person.identities]
 
+    @property
+    def groups(self) -> list[Group]:
+        """Returns the list of groups that the user is a member of."""
+        return self.person.groups
+
     def refresh(self) -> None:
         """Reconstruct the user object from their database entry, to be used when,
         e.g., a new identity has been associated with them.
@@ -87,7 +92,25 @@ def get_by_id_cached(user_id):
     return get_by_id(user_id)
 
 
+<<<<<<< HEAD
 def get_by_id(user_id: str) -> LoginUser | None:
+=======
+def groups_lookup() -> dict:
+    return {
+        "from": "groups",
+        "let": {"group_ids": "$group_ids"},
+        "pipeline": [
+            {"$match": {"$expr": {"$in": ["$_id", {"$ifNull": ["$$group_ids", []]}]}}},
+            {"$addFields": {"__order": {"$indexOfArray": ["$$group_ids", "$_id"]}}},
+            {"$sort": {"__order": 1}},
+            {"$project": {"_id": 1, "display_name": 1}},
+        ],
+        "as": "groups",
+    }
+
+
+def get_by_id(user_id: str) -> Optional[LoginUser]:
+>>>>>>> 82a1eb81 (Add endpoints for group management)
     """Lookup the user database ID and create a new `LoginUser`
     with the relevant metadata.
 
diff --git a/pydatalab/src/pydatalab/models/people.py b/pydatalab/src/pydatalab/models/people.py
index 096250cce..57d7f6d18 100644
--- a/pydatalab/src/pydatalab/models/people.py
+++ b/pydatalab/src/pydatalab/models/people.py
@@ -6,7 +6,7 @@
 from pydantic import EmailStr as PydanticEmailStr
 
 from pydatalab.models.entries import Entry
-from pydatalab.models.utils import PyObjectId
+from pydatalab.models.utils import HumanReadableIdentifier, PyObjectId
 
 
 class IdentityType(str, Enum):
@@ -97,6 +97,30 @@ class AccountStatus(str, Enum):
     DEACTIVATED = "deactivated"
 
 
+class Group(Entry):
+    """A model that describes a group of users, for the sake
+    of applying group permissions.
+
+    Each `Person` model can point to a given group.
+
+    """
+
+    type: str = Field("groups", const=True)
+    """The entry type as a string."""
+
+    group_id: HumanReadableIdentifier
+    """A short, locally-unique ID for the group."""
+
+    display_name: DisplayName
+    """The chosen display name for the group"""
+
+    description: Optional[str]
+    """A description of the group"""
+
+    group_admins: List[PyObjectId]
+    """A list of user IDs that can manage this group."""
+
+
 class Person(Entry):
     """A model that describes an individual and their digital identities."""
 
@@ -115,6 +139,9 @@ class Person(Entry):
     managers: list[PyObjectId] | None
     """A list of user IDs that can manage this person's items."""
 
+    groups: list[Group] | None
+    """A list of groups that this person belongs to."""
+
     account_status: AccountStatus = Field(AccountStatus.UNVERIFIED)
     """The status of the user's account."""
 
diff --git a/pydatalab/src/pydatalab/mongo.py b/pydatalab/src/pydatalab/mongo.py
index cd4fba24a..170505692 100644
--- a/pydatalab/src/pydatalab/mongo.py
+++ b/pydatalab/src/pydatalab/mongo.py
@@ -208,4 +208,35 @@ def create_user_fts():
         db.users.drop_index(user_fts_name)
         ret += create_user_fts()
 
+    group_fts_fields = {"display_name", "description"}
+    group_fts_name = "group full-text search"
+    group_index_name = "unique group identifiers"
+
+    def create_group_index(group_index_name):
+        return db.groups.create_index(
+            "group_id",
+            unique=True,
+            name=group_index_name,
+            background=background,
+        )
+
+    try:
+        ret += create_group_index(group_index_name)
+    except pymongo.errors.OperationFailure:
+        db.users.drop_index(group_index_name)
+        ret += create_group_index(group_index_name)
+
+    def create_group_fts():
+        return db.groups.create_index(
+            [(k, pymongo.TEXT) for k in group_fts_fields],
+            name=group_fts_name,
+            background=background,
+        )
+
+    try:
+        ret += create_group_fts()
+    except pymongo.errors.OperationFailure:
+        db.users.drop_index(group_fts_name)
+        ret += create_group_fts()
+
     return ret
diff --git a/pydatalab/src/pydatalab/routes/v0_1/__init__.py b/pydatalab/src/pydatalab/routes/v0_1/__init__.py
index 512a40163..a1577118b 100644
--- a/pydatalab/src/pydatalab/routes/v0_1/__init__.py
+++ b/pydatalab/src/pydatalab/routes/v0_1/__init__.py
@@ -11,13 +11,14 @@
 from .info import INFO
 from .items import ITEMS
 from .remotes import REMOTES
-from .users import USERS
+from .users import GROUPS, USERS
 
 BLUEPRINTS: tuple[Blueprint, ...] = (
     AUTH,
     COLLECTIONS,
     REMOTES,
     USERS,
+    GROUPS,
     ADMIN,
     ITEMS,
     BLOCKS,
diff --git a/pydatalab/src/pydatalab/routes/v0_1/users.py b/pydatalab/src/pydatalab/routes/v0_1/users.py
index 3ba83308b..ac845a46d 100644
--- a/pydatalab/src/pydatalab/routes/v0_1/users.py
+++ b/pydatalab/src/pydatalab/routes/v0_1/users.py
@@ -1,15 +1,98 @@
 import json
 
+import pymongo.errors
 from bson import ObjectId
 from flask import Blueprint, jsonify, request
 from flask_login import current_user
 
 from pydatalab.config import CONFIG
-from pydatalab.models.people import DisplayName, EmailStr, Person
-from pydatalab.mongo import flask_mongo
-from pydatalab.permissions import active_users_or_get_only
+from pydatalab.models.people import DisplayName, EmailStr, Group, Person
+from pydatalab.mongo import _get_active_mongo_client, flask_mongo
+from pydatalab.permissions import active_users_or_get_only, admin_only
 
 USERS = Blueprint("users", __name__)
+GROUPS = Blueprint("groups", __name__)
+
+
+@USERS.before_request
+@active_users_or_get_only
+def _(): ...
+
+
+@GROUPS.before_request
+@admin_only
+def _(): ...
+
+
+@GROUPS.route("/groups", methods=["PUT"])
+def create_group():
+    request_json = request.get_json()
+
+    group_json = {
+        "group_id": request_json.get("group_id"),
+        "display_name": request_json.get("display_name"),
+        "description": request_json.get("description"),
+        "group_admins": request_json.get("group_admins"),
+    }
+    try:
+        group = Group(**group_json)
+    except Exception as e:
+        return jsonify({"status": "error", "message": f"Invalid group data: {str(e)}"}), 400
+
+    try:
+        group_immutable_id = flask_mongo.db.groups.insert_one(group.dict()).inserted_id
+    except pymongo.errors.DuplicateKeyError:
+        return jsonify(
+            {"status": "error", "message": f"Group ID {group.group_id} already exists."}
+        ), 400
+
+    if group_immutable_id:
+        return jsonify({"status": "success", "group_immutable_id": str(group_immutable_id)}), 200
+
+    return jsonify({"status": "error", "message": "Unable to create group."}), 400
+
+
+@GROUPS.route("/groups", methods=["DELETE"])
+def delete_group():
+    request_json = request.get_json()
+
+    group_id = request_json.get("immutable_id")
+    if group_id is not None:
+        result = flask_mongo.db.groups.delete_one({"_id": ObjectId(group_id)})
+
+        if result.deleted_count == 1:
+            return jsonify({"status": "success"}), 200
+
+    return jsonify({"status": "error", "message": "Unable to delete group."}), 400
+
+
+@GROUPS.route("/groups/<group_immutable_id>", methods=["PATCH"])
+def add_user_to_group(group_immutable_id):
+    request_json = request.get_json()
+
+    user_id = request_json.get("user_id")
+
+    if not user_id:
+        return jsonify({"status": "error", "message": "No user ID provided."}), 400
+
+    client = _get_active_mongo_client()
+    with client.start_session(causal_consistency=True) as session:
+        group_exists = flask_mongo.db.groups.find_one(
+            {"_id": ObjectId(group_immutable_id)}, session=session
+        )
+        if not group_exists:
+            return jsonify({"status": "error", "message": "Group does not exist."}), 400
+
+        update_user = flask_mongo.db.users.update_one(
+            {"_id": ObjectId(user_id)},
+            {"$addToSet": {"groups": group_immutable_id}},
+            session=session,
+        )
+
+        if not update_user.modified_count == 1:
+            return jsonify({"status": "error", "message": "Unable to add user to group."}), 400
+
+    return jsonify({"status": "error", "message": "Unable to add user to group."}), 400
 
 
 @USERS.before_request
@@ -81,7 +164,6 @@ def save_user(user_id):
     return (jsonify({"status": "success"}), 200)
 
 
-@active_users_or_get_only
 @USERS.route("/search-users/", methods=["GET"])
 def search_users():
     """Perform free text search on users and return the top results.

From 323785679b09f50522566689c177ea04d2dceba2 Mon Sep 17 00:00:00 2001
From: Matthew Evans <git@ml-evs.science>
Date: Tue, 11 Mar 2025 13:39:03 +0000
Subject: [PATCH 03/18] Add tests for group creation

---
 pydatalab/src/pydatalab/models/people.py |  2 +-
 pydatalab/tests/server/test_users.py     | 58 +++++++++++++++++++++++-
 2 files changed, 58 insertions(+), 2 deletions(-)

diff --git a/pydatalab/src/pydatalab/models/people.py b/pydatalab/src/pydatalab/models/people.py
index 57d7f6d18..7736b82aa 100644
--- a/pydatalab/src/pydatalab/models/people.py
+++ b/pydatalab/src/pydatalab/models/people.py
@@ -139,7 +139,7 @@ class Person(Entry):
     managers: list[PyObjectId] | None
     """A list of user IDs that can manage this person's items."""
 
-    groups: list[Group] | None
+    groups: list[Group] = Field(default_factory=list)
     """A list of groups that this person belongs to."""
 
     account_status: AccountStatus = Field(AccountStatus.UNVERIFIED)
diff --git a/pydatalab/tests/server/test_users.py b/pydatalab/tests/server/test_users.py
index 64eab34e8..04950fa67 100644
--- a/pydatalab/tests/server/test_users.py
+++ b/pydatalab/tests/server/test_users.py
@@ -13,6 +13,7 @@ def test_get_current_user(client):
     assert (resp_json := resp.json)
     assert resp_json["immutable_id"] == 24 * "1"
     assert resp_json["role"] == "user"
+    assert resp_json["groups"] == []
 
 
 def test_get_current_user_admin(admin_client):
@@ -41,7 +42,7 @@ def test_role_update_by_user(client, real_mongo_client, user_id):
     assert user["role"] == "manager"
 
 
-def test_user_update(client, real_mongo_client, user_id, admin_user_id):
+def test_user_update(client, unauthenticated_client, real_mongo_client, user_id, admin_user_id):
     endpoint = f"/users/{str(user_id)}"
     # Test display name update
     user_request = {"display_name": "Test Person II"}
@@ -105,6 +106,16 @@ def test_user_update(client, real_mongo_client, user_id, admin_user_id):
     user = real_mongo_client.get_database().users.find_one({"_id": admin_user_id})
     assert user["display_name"] == "Test Admin"
 
+    # Test that differing user auth can/cannot search for users
+    endpoint = "/search-users/"
+    resp = client.get(endpoint + "?query='Test Person'")
+    assert resp.status_code == 200
+    assert len(resp.json["users"]) == 4
+
+    # Test that differing user auth can/cannot search for users
+    resp = unauthenticated_client.get(endpoint + "?query='Test Person'")
+    assert resp.status_code == 401
+
 
 def test_user_update_admin(admin_client, real_mongo_client, user_id):
     endpoint = f"/users/{str(user_id)}"
@@ -114,3 +125,48 @@ def test_user_update_admin(admin_client, real_mongo_client, user_id):
     assert resp.status_code == 200
     user = real_mongo_client.get_database().users.find_one({"_id": user_id})
     assert user["display_name"] == "Test Person"
+
+
+def test_create_group(admin_client, client, unauthenticated_client, real_mongo_client):
+    from bson import ObjectId
+
+    good_group = {
+        "display_name": "My New Group",
+        "group_id": "my-new-group",
+        "description": "A group for testing",
+        "group_admins": [],
+    }
+
+    # Group ID cannot be None
+    bad_group = good_group.copy()
+    bad_group["group_id"] = None
+    resp = admin_client.put("/groups", json=bad_group)
+    assert resp.status_code == 400
+
+    # Successfully create group
+    resp = admin_client.put("/groups", json=good_group)
+    assert resp.status_code == 200
+    group_immutable_id = ObjectId(resp.json["group_immutable_id"])
+    assert real_mongo_client.get_database().groups.find_one({"_id": group_immutable_id})
+
+    # Group ID must be unique
+    resp = admin_client.put("/groups", json=good_group)
+    assert resp.status_code == 400
+
+    # Request must come from admin
+    # Make ID unique so that this would otherwise pass
+    good_group["group_id"] = "my-new-group-2"
+    resp = unauthenticated_client.put("/groups", json=good_group)
+    assert resp.status_code == 401
+    assert (
+        real_mongo_client.get_database().groups.find_one({"group_id": good_group["group_id"]})
+        is None
+    )
+
+    # Request must come from admin
+    resp = client.put("/groups", json=good_group)
+    assert resp.status_code == 403
+    assert (
+        real_mongo_client.get_database().groups.find_one({"group_id": good_group["group_id"]})
+        is None
+    )

From 0c4d0f9bc5ea49eda38645ed19f9cd24fef97059 Mon Sep 17 00:00:00 2001
From: Matthew Evans <git@ml-evs.science>
Date: Tue, 11 Mar 2025 13:56:45 +0000
Subject: [PATCH 04/18] Add admin endpoints for group listing and tweak user
 listing

---
 pydatalab/src/pydatalab/models/people.py     |  6 ++++-
 pydatalab/src/pydatalab/routes/v0_1/admin.py | 26 +++++++++++++++++---
 pydatalab/tests/server/test_users.py         | 14 +++++++++++
 3 files changed, 42 insertions(+), 4 deletions(-)

diff --git a/pydatalab/src/pydatalab/models/people.py b/pydatalab/src/pydatalab/models/people.py
index 7736b82aa..c6f19bbc0 100644
--- a/pydatalab/src/pydatalab/models/people.py
+++ b/pydatalab/src/pydatalab/models/people.py
@@ -6,7 +6,7 @@
 from pydantic import EmailStr as PydanticEmailStr
 
 from pydatalab.models.entries import Entry
-from pydatalab.models.utils import HumanReadableIdentifier, PyObjectId
+from pydatalab.models.utils import HumanReadableIdentifier, PyObjectId, UserRole
 
 
 class IdentityType(str, Enum):
@@ -195,3 +195,7 @@ def new_user_from_identity(
             contact_email=contact_email,
             account_status=account_status,
         )
+
+
+class User(Person):
+    role: UserRole
diff --git a/pydatalab/src/pydatalab/routes/v0_1/admin.py b/pydatalab/src/pydatalab/routes/v0_1/admin.py
index c95334073..0a2fbd729 100644
--- a/pydatalab/src/pydatalab/routes/v0_1/admin.py
+++ b/pydatalab/src/pydatalab/routes/v0_1/admin.py
@@ -3,8 +3,9 @@
 from flask_login import current_user
 
 from pydatalab.config import CONFIG
+from pydatalab.models.people import Group, User
 from pydatalab.mongo import flask_mongo
-from pydatalab.permissions import admin_only, get_default_permissions
+from pydatalab.permissions import admin_only
 
 ADMIN = Blueprint("admins", __name__)
 
@@ -18,7 +19,6 @@ def _(): ...
 def get_users():
     users = flask_mongo.db.users.aggregate(
         [
-            {"$match": get_default_permissions(user_only=True)},
             {
                 "$lookup": {
                     "from": "roles",
@@ -27,6 +27,19 @@ def get_users():
                     "as": "role",
                 }
             },
+            {
+                "$lookup": {
+                    "from": "groups",
+                    "let": {"group_ids": "$group_ids"},
+                    "pipeline": [
+                        {"$match": {"$expr": {"$in": ["$_id", {"$ifNull": ["$$group_ids", []]}]}}},
+                        {"$addFields": {"__order": {"$indexOfArray": ["$$group_ids", "$_id"]}}},
+                        {"$sort": {"__order": 1}},
+                        {"$project": {"_id": 1, "display_name": 1}},
+                    ],
+                    "as": "groups",
+                },
+            },
             {
                 "$addFields": {
                     "role": {
@@ -41,7 +54,7 @@ def get_users():
         ]
     )
 
-    return jsonify({"status": "success", "data": list(users)})
+    return jsonify({"status": "success", "data": list(User(**u).json() for u in users)})
 
 
 @ADMIN.route("/roles/<user_id>", methods=["PATCH"])
@@ -93,3 +106,10 @@ def save_role(user_id):
         )
 
     return (jsonify({"status": "success"}), 200)
+
+
+@ADMIN.route("/groups", methods=["GET"])
+def get_groups():
+    return jsonify(
+        {"status": "success", "data": [Group(**d).json() for d in flask_mongo.db.groups.find()]}
+    ), 200
diff --git a/pydatalab/tests/server/test_users.py b/pydatalab/tests/server/test_users.py
index 04950fa67..3c1799b87 100644
--- a/pydatalab/tests/server/test_users.py
+++ b/pydatalab/tests/server/test_users.py
@@ -42,6 +42,20 @@ def test_role_update_by_user(client, real_mongo_client, user_id):
     assert user["role"] == "manager"
 
 
+def test_list_users(admin_client, client):
+    resp = admin_client.get("/users")
+    assert resp.status_code == 200
+    resp = client.get("/users")
+    assert resp.status_code == 403
+
+
+def test_list_groups(admin_client, client):
+    resp = admin_client.get("/groups")
+    assert resp.status_code == 200
+    resp = client.get("/groups")
+    assert resp.status_code == 403
+
+
 def test_user_update(client, unauthenticated_client, real_mongo_client, user_id, admin_user_id):
     endpoint = f"/users/{str(user_id)}"
     # Test display name update

From be62ebe8bb334eed1fdd344b0e7c615327776e0a Mon Sep 17 00:00:00 2001
From: Matthew Evans <git@ml-evs.science>
Date: Tue, 11 Mar 2025 21:19:00 +0000
Subject: [PATCH 05/18] Restructure group routes and add test for search-groups

---
 pydatalab/schemas/cell.json                   |  3 +-
 pydatalab/schemas/equipment.json              |  3 +-
 pydatalab/schemas/sample.json                 |  3 +-
 pydatalab/schemas/startingmaterial.json       |  3 +-
 pydatalab/src/pydatalab/models/people.py      |  2 +-
 .../src/pydatalab/routes/v0_1/__init__.py     |  3 +-
 pydatalab/src/pydatalab/routes/v0_1/admin.py  | 84 ++++++++++++++++++-
 pydatalab/src/pydatalab/routes/v0_1/groups.py | 46 ++++++++++
 pydatalab/src/pydatalab/routes/v0_1/users.py  | 11 +--
 pydatalab/tests/server/test_users.py          |  5 ++
 10 files changed, 141 insertions(+), 22 deletions(-)
 create mode 100644 pydatalab/src/pydatalab/routes/v0_1/groups.py

diff --git a/pydatalab/schemas/cell.json b/pydatalab/schemas/cell.json
index 0c43c6c3b..6f247657c 100644
--- a/pydatalab/schemas/cell.json
+++ b/pydatalab/schemas/cell.json
@@ -330,8 +330,7 @@
       },
       "required": [
         "group_id",
-        "display_name",
-        "group_admins"
+        "display_name"
       ]
     },
     "AccountStatus": {
diff --git a/pydatalab/schemas/equipment.json b/pydatalab/schemas/equipment.json
index d27eb6f73..1ba99e442 100644
--- a/pydatalab/schemas/equipment.json
+++ b/pydatalab/schemas/equipment.json
@@ -294,8 +294,7 @@
       },
       "required": [
         "group_id",
-        "display_name",
-        "group_admins"
+        "display_name"
       ]
     },
     "AccountStatus": {
diff --git a/pydatalab/schemas/sample.json b/pydatalab/schemas/sample.json
index 42ba3af3d..10312e833 100644
--- a/pydatalab/schemas/sample.json
+++ b/pydatalab/schemas/sample.json
@@ -383,8 +383,7 @@
       },
       "required": [
         "group_id",
-        "display_name",
-        "group_admins"
+        "display_name"
       ]
     },
     "AccountStatus": {
diff --git a/pydatalab/schemas/startingmaterial.json b/pydatalab/schemas/startingmaterial.json
index 11bf9d28c..2f0045723 100644
--- a/pydatalab/schemas/startingmaterial.json
+++ b/pydatalab/schemas/startingmaterial.json
@@ -436,8 +436,7 @@
       },
       "required": [
         "group_id",
-        "display_name",
-        "group_admins"
+        "display_name"
       ]
     },
     "AccountStatus": {
diff --git a/pydatalab/src/pydatalab/models/people.py b/pydatalab/src/pydatalab/models/people.py
index c6f19bbc0..5e11b30e4 100644
--- a/pydatalab/src/pydatalab/models/people.py
+++ b/pydatalab/src/pydatalab/models/people.py
@@ -117,7 +117,7 @@ class Group(Entry):
     description: Optional[str]
     """A description of the group"""
 
-    group_admins: List[PyObjectId]
+    group_admins: Optional[List[PyObjectId]]
     """A list of user IDs that can manage this group."""
 
 
diff --git a/pydatalab/src/pydatalab/routes/v0_1/__init__.py b/pydatalab/src/pydatalab/routes/v0_1/__init__.py
index a1577118b..687f9030f 100644
--- a/pydatalab/src/pydatalab/routes/v0_1/__init__.py
+++ b/pydatalab/src/pydatalab/routes/v0_1/__init__.py
@@ -7,11 +7,12 @@
 from .collections import COLLECTIONS
 from .files import FILES
 from .graphs import GRAPHS
+from .groups import GROUPS
 from .healthcheck import HEALTHCHECK
 from .info import INFO
 from .items import ITEMS
 from .remotes import REMOTES
-from .users import GROUPS, USERS
+from .users import USERS
 
 BLUEPRINTS: tuple[Blueprint, ...] = (
     AUTH,
diff --git a/pydatalab/src/pydatalab/routes/v0_1/admin.py b/pydatalab/src/pydatalab/routes/v0_1/admin.py
index 0a2fbd729..167e91bb1 100644
--- a/pydatalab/src/pydatalab/routes/v0_1/admin.py
+++ b/pydatalab/src/pydatalab/routes/v0_1/admin.py
@@ -1,10 +1,13 @@
+import json
+
+import pymongo.errors
 from bson import ObjectId
 from flask import Blueprint, jsonify, request
 from flask_login import current_user
 
 from pydatalab.config import CONFIG
 from pydatalab.models.people import Group, User
-from pydatalab.mongo import flask_mongo
+from pydatalab.mongo import _get_active_mongo_client, flask_mongo
 from pydatalab.permissions import admin_only
 
 ADMIN = Blueprint("admins", __name__)
@@ -54,7 +57,7 @@ def get_users():
         ]
     )
 
-    return jsonify({"status": "success", "data": list(User(**u).json() for u in users)})
+    return jsonify({"status": "success", "data": list(json.loads(User(**u).json()) for u in users)})
 
 
 @ADMIN.route("/roles/<user_id>", methods=["PATCH"])
@@ -111,5 +114,80 @@ def save_role(user_id):
 @ADMIN.route("/groups", methods=["GET"])
 def get_groups():
     return jsonify(
-        {"status": "success", "data": [Group(**d).json() for d in flask_mongo.db.groups.find()]}
+        {
+            "status": "success",
+            "data": [json.loads(Group(**d).json()) for d in flask_mongo.db.groups.find()],
+        }
     ), 200
+
+
+@ADMIN.route("/groups", methods=["PUT"])
+@admin_only
+def create_group():
+    request_json = request.get_json()
+
+    group_json = {
+        "group_id": request_json.get("group_id"),
+        "display_name": request_json.get("display_name"),
+        "description": request_json.get("description"),
+        "group_admins": request_json.get("group_admins"),
+    }
+    try:
+        group = Group(**group_json)
+    except Exception as e:
+        return jsonify({"status": "error", "message": f"Invalid group data: {str(e)}"}), 400
+
+    try:
+        group_immutable_id = flask_mongo.db.groups.insert_one(group.dict()).inserted_id
+    except pymongo.errors.DuplicateKeyError:
+        return jsonify(
+            {"status": "error", "message": f"Group ID {group.group_id} already exists."}
+        ), 400
+
+    if group_immutable_id:
+        return jsonify({"status": "success", "group_immutable_id": str(group_immutable_id)}), 200
+
+    return jsonify({"status": "error", "message": "Unable to create group."}), 400
+
+
+@ADMIN.route("/groups", methods=["DELETE"])
+def delete_group():
+    request_json = request.get_json()
+
+    group_id = request_json.get("immutable_id")
+    if group_id is not None:
+        result = flask_mongo.db.groups.delete_one({"_id": ObjectId(group_id)})
+
+        if result.deleted_count == 1:
+            return jsonify({"status": "success"}), 200
+
+    return jsonify({"status": "error", "message": "Unable to delete group."}), 400
+
+
+@ADMIN.route("/groups/<group_immutable_id>", methods=["PATCH"])
+def add_user_to_group(group_immutable_id):
+    request_json = request.get_json()
+
+    user_id = request_json.get("user_id")
+
+    if not user_id:
+        return jsonify({"status": "error", "message": "No user ID provided."}), 400
+
+    client = _get_active_mongo_client()
+    with client.start_session(causal_consistency=True) as session:
+        group_exists = flask_mongo.db.groups.find_one(
+            {"_id": ObjectId(group_immutable_id)}, session=session
+        )
+        if not group_exists:
+            return jsonify({"status": "error", "message": "Group does not exist."}), 400
+
+        update_user = flask_mongo.db.users.update_one(
+            {"_id": ObjectId(user_id)},
+            {"$addToSet": {"groups": group_immutable_id}},
+            session=session,
+        )
+
+        if not update_user.modified_count == 1:
+            return jsonify({"status": "error", "message": "Unable to add user to group."}), 400
+
+    return jsonify({"status": "error", "message": "Unable to add user to group."}), 400
diff --git a/pydatalab/src/pydatalab/routes/v0_1/groups.py b/pydatalab/src/pydatalab/routes/v0_1/groups.py
new file mode 100644
index 000000000..8b3aa1376
--- /dev/null
+++ b/pydatalab/src/pydatalab/routes/v0_1/groups.py
@@ -0,0 +1,46 @@
+import json
+
+from flask import Blueprint, jsonify, request
+
+from pydatalab.models.people import Group
+from pydatalab.mongo import flask_mongo
+from pydatalab.permissions import active_users_or_get_only
+
+GROUPS = Blueprint("groups", __name__)
+
+
+@GROUPS.route("/search/groups", methods=["GET"])
+@active_users_or_get_only
+def search_groups():
+    """Perform free text search on groups and return the top results.
+    GET parameters:
+        query: String with the search terms.
+        nresults: Maximum number of results (default 100)
+
+    Returns:
+        response list of dictionaries containing the matching groups in order of
+        descending match score.
+    """
+
+    query = request.args.get("query", type=str)
+    nresults = request.args.get("nresults", default=100, type=int)
+    match_obj = {"$text": {"$search": query}}
+
+    cursor = flask_mongo.db.groups.aggregate(
+        [
+            {"$match": match_obj},
+            {"$sort": {"score": {"$meta": "textScore"}}},
+            {"$limit": nresults},
+            {
+                "$project": {
+                    "_id": 1,
+                    "display_name": 1,
+                    "description": 1,
+                    "group_id": 1,
+                }
+            },
+        ]
+    )
+    return jsonify(
+        {"status": "success", "data": list(json.loads(Group(**d).json()) for d in cursor)}
+    ), 200
diff --git a/pydatalab/src/pydatalab/routes/v0_1/users.py b/pydatalab/src/pydatalab/routes/v0_1/users.py
index ac845a46d..e73dc6278 100644
--- a/pydatalab/src/pydatalab/routes/v0_1/users.py
+++ b/pydatalab/src/pydatalab/routes/v0_1/users.py
@@ -1,17 +1,15 @@
 import json
 
-import pymongo.errors
 from bson import ObjectId
 from flask import Blueprint, jsonify, request
 from flask_login import current_user
 
 from pydatalab.config import CONFIG
-from pydatalab.models.people import DisplayName, EmailStr, Group, Person
-from pydatalab.mongo import _get_active_mongo_client, flask_mongo
+from pydatalab.models.people import DisplayName, EmailStr, Person
+from pydatalab.mongo import flask_mongo
 from pydatalab.permissions import active_users_or_get_only, admin_only
 
 USERS = Blueprint("users", __name__)
-GROUPS = Blueprint("groups", __name__)
 
 
 @USERS.before_request
@@ -95,11 +93,6 @@ def add_user_to_group(group_immutable_id):
     return jsonify({"status": "error", "message": "Unable to add user to group."}), 400
 
 
-@USERS.before_request
-@active_users_or_get_only
-def _(): ...
-
-
 @USERS.route("/users/<user_id>", methods=["PATCH"])
 def save_user(user_id):
     request_json = request.get_json()
diff --git a/pydatalab/tests/server/test_users.py b/pydatalab/tests/server/test_users.py
index 3c1799b87..0704078ed 100644
--- a/pydatalab/tests/server/test_users.py
+++ b/pydatalab/tests/server/test_users.py
@@ -184,3 +184,8 @@ def test_create_group(admin_client, client, unauthenticated_client, real_mongo_c
         real_mongo_client.get_database().groups.find_one({"group_id": good_group["group_id"]})
         is None
     )
+
+    # Check a user can search groups
+    resp = client.get("/search/groups?query=New")
+    assert resp.status_code == 200
+    assert len(resp.json["data"]) == 1

From 367b138f8c01ec416ca609df5875fa0eb0f31e8e Mon Sep 17 00:00:00 2001
From: Matthew Evans <git@ml-evs.science>
Date: Tue, 11 Mar 2025 21:30:37 +0000
Subject: [PATCH 06/18] Add group display to admin panel

---
 webapp/src/components/AdminDisplay.vue |  4 +-
 webapp/src/components/GroupTable.vue   | 67 ++++++++++++++++++++++++++
 webapp/src/components/UserTable.vue    |  2 +-
 webapp/src/server_fetch_utils.js       | 13 +++++
 webapp/src/views/Admin.vue             |  2 +-
 5 files changed, 85 insertions(+), 3 deletions(-)
 create mode 100644 webapp/src/components/GroupTable.vue

diff --git a/webapp/src/components/AdminDisplay.vue b/webapp/src/components/AdminDisplay.vue
index c9905f2c6..eb79901dd 100644
--- a/webapp/src/components/AdminDisplay.vue
+++ b/webapp/src/components/AdminDisplay.vue
@@ -1,15 +1,17 @@
 <template>
   <div class="admin-display">
     <template v-if="selectedItem === 'Users'"> <UserTable /> </template>
+    <template v-else-if="selectedItem === 'Groups'"> <GroupTable /> </template>
   </div>
 </template>
 
 <script>
 import UserTable from "./UserTable.vue";
+import GroupTable from "./GroupTable.vue";
 
 export default {
   name: "AdminDisplay",
-  components: { UserTable },
+  components: { UserTable, GroupTable },
   props: {
     selectedItem: {
       type: String,
diff --git a/webapp/src/components/GroupTable.vue b/webapp/src/components/GroupTable.vue
new file mode 100644
index 000000000..ebd0bfab6
--- /dev/null
+++ b/webapp/src/components/GroupTable.vue
@@ -0,0 +1,67 @@
+<template>
+  <table class="table table-hover table-sm" data-testid="user-table">
+    <thead>
+      <tr>
+        <th scope="col">Group ID</th>
+        <th scope="col">Name</th>
+        <th scope="col">Description</th>
+        <th></th>
+      </tr>
+    </thead>
+    <tbody>
+      <tr v-for="group in groups" :key="group.group_id">
+        <td align="left">
+          <span class="badge badge-light table-group-id">{{ group.group_id }}</span>
+        </td>
+        <td align="left">{{ group.display_name }}</td>
+        <td align="left">{{ group.description }}</td>
+        <td align="right"><font-awesome-icon :icon="['far', 'plus-square']" /></td>
+      </tr>
+    </tbody>
+  </table>
+</template>
+
+<script>
+import { getGroupsList } from "@/server_fetch_utils.js";
+
+export default {
+  data() {
+    return {
+      groups: null,
+      original_groups: null,
+    };
+  },
+  created() {
+    this.getGroups();
+  },
+  methods: {
+    async getGroups() {
+      let data = await getGroupsList();
+      if (data != null) {
+        this.groups = JSON.parse(JSON.stringify(data));
+        this.original_groups = JSON.parse(JSON.stringify(data));
+      }
+    },
+  },
+};
+</script>
+
+<style scoped>
+td {
+  vertical-align: middle;
+}
+
+.table-group-id {
+  border: 2px solid #ccc;
+}
+
+select {
+  border: 1px solid #ccc;
+  border-radius: 0.25rem;
+}
+
+.badge {
+  margin-left: 1em;
+  font-family: "Andalé Mono", monospace;
+}
+</style>
diff --git a/webapp/src/components/UserTable.vue b/webapp/src/components/UserTable.vue
index 4e4610a2c..6f4355671 100644
--- a/webapp/src/components/UserTable.vue
+++ b/webapp/src/components/UserTable.vue
@@ -9,7 +9,7 @@
       </tr>
     </thead>
     <tbody>
-      <tr v-for="user in users" :key="user._id">
+      <tr v-for="user in users" :key="user.immutable_id">
         <td align="left">
           {{ user.display_name }}
           <span v-if="user.account_status === 'active'" class="badge badge-success text-uppercase">
diff --git a/webapp/src/server_fetch_utils.js b/webapp/src/server_fetch_utils.js
index 6695eb396..1091a84ac 100644
--- a/webapp/src/server_fetch_utils.js
+++ b/webapp/src/server_fetch_utils.js
@@ -270,6 +270,19 @@ export function getUsersList() {
     });
 }
 
+export function getGroupsList() {
+  return fetch_get(`${API_URL}/groups`)
+    .then(function (response_json) {
+      const groups = response_json.data;
+      return groups;
+    })
+    .catch((error) => {
+      console.error("Error when fetching groups list");
+      console.error(error);
+      throw error;
+    });
+}
+
 export function getStartingMaterialList() {
   return fetch_get(`${API_URL}/starting-materials/`)
     .then(function (response_json) {
diff --git a/webapp/src/views/Admin.vue b/webapp/src/views/Admin.vue
index 1625e44cf..b34c91f90 100644
--- a/webapp/src/views/Admin.vue
+++ b/webapp/src/views/Admin.vue
@@ -23,7 +23,7 @@ export default {
   },
   data() {
     return {
-      items: ["Users"],
+      items: ["Users", "Groups"],
       selectedItem: "Users",
       user: null,
     };

From 37b15a058decdb6f345541ed95314784929d12b1 Mon Sep 17 00:00:00 2001
From: Matthew Evans <git@ml-evs.science>
Date: Thu, 13 Mar 2025 18:52:55 +0000
Subject: [PATCH 07/18] Fix user table issue caused by API change

---
 webapp/src/components/UserTable.vue | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/webapp/src/components/UserTable.vue b/webapp/src/components/UserTable.vue
index 6f4355671..fd499a849 100644
--- a/webapp/src/components/UserTable.vue
+++ b/webapp/src/components/UserTable.vue
@@ -33,7 +33,7 @@
           <select
             v-model="user.role"
             class="dropdown"
-            @change="confirmUpdateUserRole(user._id.$oid, $event.target.value)"
+            @change="confirmUpdateUserRole(user.immutable_id, $event.target.value)"
           >
             <option value="user">User</option>
             <option value="admin">Admin</option>
@@ -44,21 +44,21 @@
           <button
             v-if="user.account_status === 'active'"
             class="btn btn-outline-danger btn-sm text-uppercase text-monospace"
-            @click="confirmUpdateUserStatus(user._id.$oid, 'deactivated')"
+            @click="confirmUpdateUserStatus(user.immutable_id, 'deactivated')"
           >
             Deactivate
           </button>
           <button
             v-else-if="user.account_status === 'unverified'"
             class="btn btn-outline-success btn-sm text-uppercase text-monospace"
-            @click="confirmUpdateUserStatus(user._id.$oid, 'active')"
+            @click="confirmUpdateUserStatus(user.immutable_id, 'active')"
           >
             Activate
           </button>
           <button
             v-else-if="user.account_status === 'deactivated'"
             class="btn btn-outline-success btn-sm text-uppercase text-monospace"
-            @click="confirmUpdateUserStatus(user._id.$oid, 'active')"
+            @click="confirmUpdateUserStatus(user.immutable_id, 'active')"
           >
             Activate
           </button>
@@ -91,11 +91,11 @@ export default {
       }
     },
     async confirmUpdateUserRole(user_id, new_role) {
-      const originalCurrentUser = this.original_users.find((user) => user._id.$oid === user_id);
+      const originalCurrentUser = this.original_users.find((user) => user.immutable_id === user_id);
 
       if (originalCurrentUser.role === "admin") {
         window.alert("You can't change an admin's role.");
-        this.users.find((user) => user._id.$oid === user_id).role = originalCurrentUser.role;
+        this.users.find((user) => user.immutable_id === user_id).role = originalCurrentUser.role;
         return;
       }
 
@@ -106,21 +106,21 @@ export default {
       ) {
         await this.updateUserRole(user_id, new_role);
       } else {
-        this.users.find((user) => user._id.$oid === user_id).role = originalCurrentUser.role;
+        this.users.find((user) => user.immutable_id === user_id).role = originalCurrentUser.role;
       }
     },
     async confirmUpdateUserStatus(user_id, new_status) {
-      const originalCurrentUser = this.original_users.find((user) => user._id.$oid === user_id);
+      const originalCurrentUser = this.original_users.find((user) => user.immutable_id === user_id);
 
       if (
         window.confirm(
           `Are you sure you want to change ${originalCurrentUser.display_name}'s status from "${originalCurrentUser.account_status}" to "${new_status}" ?`,
         )
       ) {
-        this.users.find((user) => user._id.$oid == user_id).account_status = new_status;
+        this.users.find((user) => user.immutable_id == user_id).account_status = new_status;
         await this.updateUserStatus(user_id, new_status);
       } else {
-        this.users.find((user) => user._id.$oid === user_id).account_status =
+        this.users.find((user) => user.immutable_id === user_id).account_status =
           originalCurrentUser.account_status;
       }
     },

From a369ddfd3a6a930f7980068e65e19f097fcf3133 Mon Sep 17 00:00:00 2001
From: Benjamin CHARMES <benjamin.charmes@gmail.com>
Date: Wed, 18 Jun 2025 18:17:23 +0200
Subject: [PATCH 08/18] update type annotations to modern Python syntax

---
 pydatalab/src/pydatalab/models/people.py | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/pydatalab/src/pydatalab/models/people.py b/pydatalab/src/pydatalab/models/people.py
index 5e11b30e4..be86d961d 100644
--- a/pydatalab/src/pydatalab/models/people.py
+++ b/pydatalab/src/pydatalab/models/people.py
@@ -114,10 +114,10 @@ class Group(Entry):
     display_name: DisplayName
     """The chosen display name for the group"""
 
-    description: Optional[str]
+    description: str | None
     """A description of the group"""
 
-    group_admins: Optional[List[PyObjectId]]
+    group_admins: list[PyObjectId] | None
     """A list of user IDs that can manage this group."""
 
 
@@ -136,12 +136,12 @@ class Person(Entry):
     contact_email: EmailStr | None
     """In the case of multiple *verified* email identities, this email will be used as the primary contact."""
 
-    managers: list[PyObjectId] | None
-    """A list of user IDs that can manage this person's items."""
-
     groups: list[Group] = Field(default_factory=list)
     """A list of groups that this person belongs to."""
 
+    managers: list[PyObjectId] | None
+    """A list of user IDs that can manage this person's items."""
+
     account_status: AccountStatus = Field(AccountStatus.UNVERIFIED)
     """The status of the user's account."""
 

From 9a7d9b6e32b673f6a14c797bb8d20607cd150fe0 Mon Sep 17 00:00:00 2001
From: Benjamin CHARMES <benjamin.charmes@gmail.com>
Date: Fri, 20 Jun 2025 11:58:33 +0200
Subject: [PATCH 09/18] implement user groups management system in UI

---
 pydatalab/src/pydatalab/routes/v0_1/admin.py |  62 ++++--
 webapp/src/components/AdminDisplay.vue       |  33 ++-
 webapp/src/components/CreateGroupModal.vue   | 176 ++++++++++++++++
 webapp/src/components/EditGroupModal.vue     | 204 +++++++++++++++++++
 webapp/src/components/GroupTable.vue         |  64 +++++-
 webapp/src/server_fetch_utils.js             |  46 ++++-
 6 files changed, 558 insertions(+), 27 deletions(-)
 create mode 100644 webapp/src/components/CreateGroupModal.vue
 create mode 100644 webapp/src/components/EditGroupModal.vue

diff --git a/pydatalab/src/pydatalab/routes/v0_1/admin.py b/pydatalab/src/pydatalab/routes/v0_1/admin.py
index 167e91bb1..af3cbcb20 100644
--- a/pydatalab/src/pydatalab/routes/v0_1/admin.py
+++ b/pydatalab/src/pydatalab/routes/v0_1/admin.py
@@ -7,7 +7,7 @@
 
 from pydatalab.config import CONFIG
 from pydatalab.models.people import Group, User
-from pydatalab.mongo import _get_active_mongo_client, flask_mongo
+from pydatalab.mongo import flask_mongo
 from pydatalab.permissions import admin_only
 
 ADMIN = Blueprint("admins", __name__)
@@ -113,10 +113,15 @@ def save_role(user_id):
 
 @ADMIN.route("/groups", methods=["GET"])
 def get_groups():
+    groups_data = []
+    for group_doc in flask_mongo.db.groups.find():
+        group_doc["immutable_id"] = str(group_doc["_id"])
+        groups_data.append(json.loads(Group(**group_doc).json()))
+
     return jsonify(
         {
             "status": "success",
-            "data": [json.loads(Group(**d).json()) for d in flask_mongo.db.groups.find()],
+            "data": groups_data,
         }
     ), 200
 
@@ -164,30 +169,45 @@ def delete_group():
     return jsonify({"status": "error", "message": "Unable to delete group."}), 400
 
 
-@ADMIN.route("/groups/<group_immutable_id>", methods=["PATCH"])
-def add_user_to_group(group_immutable_id):
+@ADMIN.route("/groups/<group_immutable_id>", methods=["PUT"])
+@admin_only
+def update_group(group_immutable_id):
     request_json = request.get_json()
 
-    user_id = request_json.get("user_id")
+    existing_group = flask_mongo.db.groups.find_one({"_id": ObjectId(group_immutable_id)})
+    if not existing_group:
+        return jsonify({"status": "error", "message": "Group not found."}), 404
 
-    if not user_id:
-        return jsonify({"status": "error", "message": "No user ID provided."}), 400
+    update_data = {}
 
-    client = _get_active_mongo_client()
-    with client.start_session(causal_consistency=True) as session:
-        group_exists = flask_mongo.db.groups.find_one(
-            {"_id": ObjectId(group_immutable_id)}, session=session
-        )
-        if not group_exists:
-            return jsonify({"status": "error", "message": "Group does not exist."}), 400
+    if "display_name" in request_json:
+        update_data["display_name"] = request_json["display_name"]
+
+    if "description" in request_json:
+        update_data["description"] = request_json["description"]
 
-        update_user = flask_mongo.db.users.update_one(
-            {"_id": ObjectId(user_id)},
-            {"$addToSet": {"groups": group_immutable_id}},
-            session=session,
+    if "group_admins" in request_json:
+        update_data["group_admins"] = request_json["group_admins"]
+
+    try:
+        temp_group_data = {**existing_group, **update_data}
+        temp_group_data.pop("_id", None)
+        Group(**temp_group_data)
+    except Exception as e:
+        return jsonify({"status": "error", "message": f"Invalid group data: {str(e)}"}), 400
+
+    try:
+        result = flask_mongo.db.groups.update_one(
+            {"_id": ObjectId(group_immutable_id)}, {"$set": update_data}
         )
 
-        if not update_user.modified_count == 1:
-            return jsonify({"status": "error", "message": "Unable to add user to group."}), 400
+        if result.matched_count == 0:
+            return jsonify({"status": "error", "message": "Group not found."}), 404
 
-    return jsonify({"status": "error", "message": "Unable to add user to group."}), 400
+        if result.modified_count == 0:
+            return jsonify({"status": "success", "message": "No changes were made."}), 200
+
+        return jsonify({"status": "success", "message": "Group updated successfully."}), 200
+
+    except Exception as e:
+        return jsonify({"status": "error", "message": f"Failed to update group: {str(e)}"}), 500
diff --git a/webapp/src/components/AdminDisplay.vue b/webapp/src/components/AdminDisplay.vue
index eb79901dd..880e92f95 100644
--- a/webapp/src/components/AdminDisplay.vue
+++ b/webapp/src/components/AdminDisplay.vue
@@ -1,23 +1,52 @@
 <template>
   <div class="admin-display">
     <template v-if="selectedItem === 'Users'"> <UserTable /> </template>
-    <template v-else-if="selectedItem === 'Groups'"> <GroupTable /> </template>
+    <template v-else-if="selectedItem === 'Groups'">
+      <div class="mb-3">
+        <button class="btn btn-default" @click="showCreateGroupModal = true">
+          <font-awesome-icon :icon="['fas', 'plus']" class="mr-2" />
+          Create Group
+        </button>
+      </div>
+      <GroupTable ref="groupTable" @group-updated="refreshGroups" />
+
+      <CreateGroupModal
+        :model-value="showCreateGroupModal"
+        @update:model-value="showCreateGroupModal = $event"
+        @group-created="onGroupCreated"
+      />
+    </template>
   </div>
 </template>
 
 <script>
 import UserTable from "./UserTable.vue";
 import GroupTable from "./GroupTable.vue";
+import CreateGroupModal from "./CreateGroupModal.vue";
 
 export default {
   name: "AdminDisplay",
-  components: { UserTable, GroupTable },
+  components: { UserTable, GroupTable, CreateGroupModal },
   props: {
     selectedItem: {
       type: String,
       required: true,
     },
   },
+  data() {
+    return {
+      showCreateGroupModal: false,
+    };
+  },
+  methods: {
+    onGroupCreated() {
+      this.showCreateGroupModal = false;
+      this.$refs.groupTable.getGroups();
+    },
+    refreshGroups() {
+      this.$refs.groupTable?.getGroups();
+    },
+  },
 };
 </script>
 
diff --git a/webapp/src/components/CreateGroupModal.vue b/webapp/src/components/CreateGroupModal.vue
new file mode 100644
index 000000000..db3816734
--- /dev/null
+++ b/webapp/src/components/CreateGroupModal.vue
@@ -0,0 +1,176 @@
+<template>
+  <form class="modal-enclosure" data-testid="create-group-form" @submit.prevent="submitForm">
+    <Modal
+      :model-value="modelValue"
+      :disable-submit="!isFormValid"
+      @update:model-value="$emit('update:modelValue', $event)"
+    >
+      <template #header> Create new group </template>
+
+      <template #body>
+        <div class="form-row">
+          <div class="form-group col-md-6">
+            <label for="create-group-group_id" class="col-form-label">Group ID:</label>
+            <input
+              id="create-group-group_id"
+              v-model="group_id"
+              type="text"
+              class="form-control"
+              :class="{ 'is-invalid': showValidation && (!group_id || isValidGroupId) }"
+              required
+            />
+            <!-- eslint-disable-next-line vue/no-v-html -->
+            <div class="form-error" v-html="isValidGroupId"></div>
+            <div v-if="showValidation && !group_id" class="invalid-feedback">
+              Group ID is required.
+            </div>
+          </div>
+          <div class="form-group col-md-6">
+            <label for="display-name" class="col-form-label">Display Name:</label>
+            <input
+              id="display-name"
+              v-model="display_name"
+              type="text"
+              class="form-control"
+              :class="{ 'is-invalid': showValidation && !display_name }"
+              required
+            />
+            <div v-if="showValidation && !display_name" class="invalid-feedback">
+              Display Name is required.
+            </div>
+          </div>
+        </div>
+        <div class="form-row">
+          <div class="form-group col-md-12">
+            <label for="description">Description:</label>
+            <textarea
+              id="description"
+              v-model="description"
+              class="form-control"
+              rows="3"
+            ></textarea>
+          </div>
+        </div>
+        <div class="form-row">
+          <div class="col-md-12 form-group">
+            <label id="groupAdminsLabel">Group Admins:</label>
+            <UserSelect v-model="group_admins" aria-labelledby="groupAdminsLabel" multiple />
+          </div>
+        </div>
+      </template>
+    </Modal>
+  </form>
+</template>
+
+<script>
+import Modal from "@/components/Modal.vue";
+import UserSelect from "@/components/UserSelect.vue";
+import { createGroup } from "@/server_fetch_utils.js";
+import { validateEntryID } from "@/field_utils.js";
+
+export default {
+  name: "CreateGroupModal",
+  components: {
+    Modal,
+    UserSelect,
+  },
+  props: {
+    modelValue: Boolean,
+  },
+  emits: ["update:modelValue", "group-created"],
+  data() {
+    return {
+      group_id: "",
+      display_name: "",
+      description: "",
+      group_admins: [],
+      takenGroupIds: [],
+      showValidation: false,
+    };
+  },
+  computed: {
+    existingGroupIds() {
+      return this.$store.state.groups_list
+        ? this.$store.state.groups_list.map((x) => x.group_id)
+        : [];
+    },
+    isValidGroupId() {
+      if (!this.group_id) {
+        return "";
+      }
+      return validateEntryID(this.group_id, this.takenGroupIds, this.existingGroupIds);
+    },
+    isFormValid() {
+      return this.group_id && this.display_name && !this.isValidGroupId;
+    },
+  },
+  methods: {
+    async submitForm() {
+      this.showValidation = true;
+
+      if (!this.isFormValid) {
+        return;
+      }
+
+      try {
+        const groupData = {
+          group_id: this.group_id,
+          display_name: this.display_name,
+          description: this.description,
+          group_admins: this.group_admins
+            .map((admin) => {
+              const userId = admin.user_id || admin._id || admin.immutable_id;
+              return userId;
+            })
+            .filter((id) => id !== undefined),
+        };
+
+        await createGroup(groupData);
+        this.$emit("group-created");
+        this.resetForm();
+        this.$emit("update:modelValue", false);
+      } catch (error) {
+        console.error("Error creating group:", error);
+        let is_group_id_error = false;
+        try {
+          if (error.includes("group_id_validation_error")) {
+            this.takenGroupIds.push(this.group_id);
+            is_group_id_error = true;
+          }
+        } catch (e) {
+          console.log("error parsing error message", e);
+        } finally {
+          if (!is_group_id_error) {
+            alert("Error with creating new group: " + error);
+          }
+        }
+      }
+    },
+    resetForm() {
+      this.group_id = "";
+      this.display_name = "";
+      this.description = "";
+      this.group_admins = [];
+      this.takenGroupIds = [];
+      this.showValidation = false;
+    },
+  },
+};
+</script>
+
+<style scoped>
+.form-error {
+  color: red;
+}
+
+:deep(.form-error a) {
+  color: #820000;
+  font-weight: 600;
+}
+
+.modal-enclosure :deep(.modal-content) {
+  max-height: 90vh;
+  overflow: auto;
+  scroll-behavior: smooth;
+}
+</style>
diff --git a/webapp/src/components/EditGroupModal.vue b/webapp/src/components/EditGroupModal.vue
new file mode 100644
index 000000000..ecbc1e385
--- /dev/null
+++ b/webapp/src/components/EditGroupModal.vue
@@ -0,0 +1,204 @@
+<template>
+  <form class="modal-enclosure" data-testid="edit-group-form" @submit.prevent="submitForm">
+    <Modal
+      :model-value="modelValue"
+      :disable-submit="!isFormValid"
+      @update:model-value="$emit('update:modelValue', $event)"
+    >
+      <template #header> Edit Group: {{ originalGroup?.display_name }} </template>
+
+      <template #body>
+        <div class="form-row">
+          <div class="form-group col-md-6">
+            <label for="edit-group-group_id" class="col-form-label">Group ID:</label>
+            <input
+              id="edit-group-group_id"
+              v-model="group_id"
+              type="text"
+              class="form-control"
+              disabled
+              title="Group ID cannot be modified"
+            />
+            <small class="form-text text-muted">Group ID cannot be modified</small>
+          </div>
+          <div class="form-group col-md-6">
+            <label for="edit-display-name" class="col-form-label">Display Name:</label>
+            <input
+              id="edit-display-name"
+              v-model="display_name"
+              type="text"
+              class="form-control"
+              :class="{ 'is-invalid': showValidation && !display_name }"
+              required
+            />
+            <div v-if="showValidation && !display_name" class="invalid-feedback">
+              Display Name is required.
+            </div>
+          </div>
+        </div>
+        <div class="form-row">
+          <div class="form-group col-md-12">
+            <label for="edit-description">Description:</label>
+            <textarea
+              id="edit-description"
+              v-model="description"
+              class="form-control"
+              rows="3"
+            ></textarea>
+          </div>
+        </div>
+        <div class="form-row">
+          <div class="col-md-12 form-group">
+            <label id="editGroupAdminsLabel">Group Admins:</label>
+            <UserSelect v-model="group_admins" aria-labelledby="editGroupAdminsLabel" multiple />
+          </div>
+        </div>
+      </template>
+    </Modal>
+  </form>
+</template>
+
+<script>
+import Modal from "@/components/Modal.vue";
+import UserSelect from "@/components/UserSelect.vue";
+import { updateGroup, getUsersList } from "@/server_fetch_utils.js";
+
+export default {
+  name: "EditGroupModal",
+  components: {
+    Modal,
+    UserSelect,
+  },
+  props: {
+    modelValue: Boolean,
+    group: {
+      type: Object,
+      default: null,
+    },
+  },
+  emits: ["update:modelValue", "group-updated"],
+  data() {
+    return {
+      group_id: "",
+      display_name: "",
+      description: "",
+      group_admins: [],
+      originalGroup: null,
+      originalAdmins: [],
+      showValidation: false,
+      allUsers: [],
+    };
+  },
+  computed: {
+    isFormValid() {
+      return this.display_name.trim() !== "";
+    },
+  },
+  watch: {
+    async group(newGroup) {
+      if (newGroup) {
+        await this.loadGroupData(newGroup);
+      }
+    },
+    async modelValue(newValue) {
+      if (newValue && this.group) {
+        await this.loadGroupData(this.group);
+      }
+    },
+  },
+  async created() {
+    try {
+      this.allUsers = await getUsersList();
+    } catch (error) {
+      console.error("Could not load users:", error);
+      this.allUsers = [];
+    }
+  },
+  methods: {
+    async loadGroupData(group) {
+      this.originalGroup = { ...group };
+      this.group_id = group.group_id;
+      this.display_name = group.display_name;
+      this.description = group.description || "";
+
+      this.group_admins = this.loadUsersFromIds(group.group_admins || []);
+      this.originalAdmins = [...this.group_admins];
+    },
+
+    loadUsersFromIds(userIds) {
+      return userIds
+        .map((userId) => {
+          return this.allUsers.find(
+            (user) =>
+              (user._id && user._id === userId) ||
+              (user.user_id && user.user_id === userId) ||
+              (user.immutable_id && user.immutable_id === userId),
+          );
+        })
+        .filter((user) => user !== undefined);
+    },
+
+    async submitForm() {
+      this.showValidation = true;
+
+      if (!this.isFormValid) {
+        return;
+      }
+
+      try {
+        console.log("Selected group_admins for update:", this.group_admins);
+
+        const groupData = {
+          display_name: this.display_name,
+          description: this.description,
+          group_admins: this.group_admins
+            .map((admin) => {
+              const userId = admin.user_id || admin._id || admin.immutable_id;
+              console.log("Admin object for update:", admin, "Using ID:", userId);
+              return userId;
+            })
+            .filter((id) => id !== undefined),
+        };
+
+        console.log("Updating group with data:", groupData);
+
+        await updateGroup(this.originalGroup.immutable_id, groupData);
+
+        this.$emit("group-updated");
+        this.resetForm();
+        this.$emit("update:modelValue", false);
+      } catch (error) {
+        console.error("Error updating group:", error);
+        alert("Error updating group: " + error);
+      }
+    },
+
+    resetForm() {
+      this.group_id = "";
+      this.display_name = "";
+      this.description = "";
+      this.group_admins = [];
+      this.originalGroup = null;
+      this.originalAdmins = [];
+      this.showValidation = false;
+    },
+  },
+};
+</script>
+
+<style scoped>
+.form-error {
+  color: red;
+}
+
+:deep(.form-error a) {
+  color: #820000;
+  font-weight: 600;
+}
+
+.modal-enclosure :deep(.modal-content) {
+  max-height: 90vh;
+  overflow: auto;
+  scroll-behavior: smooth;
+}
+</style>
diff --git a/webapp/src/components/GroupTable.vue b/webapp/src/components/GroupTable.vue
index ebd0bfab6..9aa162289 100644
--- a/webapp/src/components/GroupTable.vue
+++ b/webapp/src/components/GroupTable.vue
@@ -5,7 +5,7 @@
         <th scope="col">Group ID</th>
         <th scope="col">Name</th>
         <th scope="col">Description</th>
-        <th></th>
+        <th scope="col">Actions</th>
       </tr>
     </thead>
     <tbody>
@@ -15,20 +15,48 @@
         </td>
         <td align="left">{{ group.display_name }}</td>
         <td align="left">{{ group.description }}</td>
-        <td align="right"><font-awesome-icon :icon="['far', 'plus-square']" /></td>
+        <td align="left">
+          <button
+            class="btn btn-outline-success btn-sm text-uppercase text-monospace mr-2"
+            title="Edit group"
+            @click="showEditModal(group)"
+          >
+            Edit
+          </button>
+          <button
+            class="btn btn-outline-danger btn-sm text-uppercase text-monospace"
+            title="Delete group"
+            @click="confirmDeleteGroup(group)"
+          >
+            Delete
+          </button>
+        </td>
       </tr>
     </tbody>
   </table>
+  <EditGroupModal
+    :model-value="showEditGroupModal"
+    :group="selectedGroup"
+    @update:model-value="showEditGroupModal = $event"
+    @group-updated="onGroupUpdated"
+  />
 </template>
 
 <script>
-import { getGroupsList } from "@/server_fetch_utils.js";
+import { getGroupsList, deleteGroup } from "@/server_fetch_utils.js";
+import EditGroupModal from "./EditGroupModal.vue";
 
 export default {
+  components: {
+    EditGroupModal,
+  },
+  emits: ["group-updated"],
   data() {
     return {
       groups: null,
       original_groups: null,
+      selectedGroup: null,
+      showEditGroupModal: false,
     };
   },
   created() {
@@ -42,6 +70,36 @@ export default {
         this.original_groups = JSON.parse(JSON.stringify(data));
       }
     },
+
+    async confirmDeleteGroup(group) {
+      console.log("Group object:", group);
+
+      if (
+        window.confirm(
+          `Are you sure you want to delete the group "${group.display_name}"? This action cannot be undone.`,
+        )
+      ) {
+        try {
+          const groupId = group.immutable_id || group._id;
+          await deleteGroup({ immutable_id: groupId });
+          await this.getGroups();
+          this.$emit("group-updated");
+        } catch (error) {
+          console.error("Error deleting group:", error);
+          alert("Error deleting group: " + error);
+        }
+      }
+    },
+    showEditModal(group) {
+      this.selectedGroup = group;
+      this.showEditGroupModal = true;
+    },
+
+    onGroupUpdated() {
+      this.showEditGroupModal = false;
+      this.getGroups();
+      this.$emit("group-updated");
+    },
   },
 };
 </script>
diff --git a/webapp/src/server_fetch_utils.js b/webapp/src/server_fetch_utils.js
index 1091a84ac..2f69e9b5b 100644
--- a/webapp/src/server_fetch_utils.js
+++ b/webapp/src/server_fetch_utils.js
@@ -69,7 +69,7 @@ function fetch_put(url, body) {
 }
 
 // eslint-disable-next-line no-unused-vars
-function fetch_delete(url, body) {
+function fetch_delete(url, body = null) {
   let headers = construct_headers({ "Content-Type": "application/json" });
   const requestOptions = {
     method: "DELETE",
@@ -77,6 +77,11 @@ function fetch_delete(url, body) {
     body: JSON.stringify(body),
     credentials: "include",
   };
+
+  if (body !== null) {
+    requestOptions.body = JSON.stringify(body);
+  }
+
   return fetch(url, requestOptions).then(handleResponse);
 }
 
@@ -283,6 +288,45 @@ export function getGroupsList() {
     });
 }
 
+export function createGroup(groupData) {
+  console.log("createGroup");
+  return fetch_put(`${API_URL}/groups`, groupData)
+    .then(function (response_json) {
+      return response_json;
+    })
+    .catch((error) => {
+      console.error("Error when creating group");
+      console.error(error);
+      throw error;
+    });
+}
+
+export function deleteGroup(groupData) {
+  console.log("deleteGroup");
+  return fetch_delete(`${API_URL}/groups`, groupData)
+    .then(function (response_json) {
+      return response_json;
+    })
+    .catch((error) => {
+      console.error("Error when deleting group");
+      console.error(error);
+      throw error;
+    });
+}
+
+export function updateGroup(groupId, groupData) {
+  console.log("updateGroup");
+  return fetch_put(`${API_URL}/groups/${groupId}`, groupData)
+    .then(function (response_json) {
+      return response_json;
+    })
+    .catch((error) => {
+      console.error("Error when updating group");
+      console.error(error);
+      throw error;
+    });
+}
+
 export function getStartingMaterialList() {
   return fetch_get(`${API_URL}/starting-materials/`)
     .then(function (response_json) {

From 24ffaacfc16ef17209c3a6f5f9ed432e17075300 Mon Sep 17 00:00:00 2001
From: Benjamin CHARMES <benjamin.charmes@gmail.com>
Date: Fri, 20 Jun 2025 15:26:58 +0200
Subject: [PATCH 10/18] implement group-based permissions system

---
 pydatalab/src/pydatalab/login.py             |  22 +++-
 pydatalab/src/pydatalab/permissions.py       |  42 ++++++-
 pydatalab/src/pydatalab/routes/v0_1/admin.py |  36 +++++-
 webapp/src/components/CreateGroupModal.vue   |  25 +++-
 webapp/src/components/EditGroupModal.vue     | 115 +++++++++++--------
 webapp/src/server_fetch_utils.js             |  29 +++++
 6 files changed, 212 insertions(+), 57 deletions(-)

diff --git a/pydatalab/src/pydatalab/login.py b/pydatalab/src/pydatalab/login.py
index ad11aca3f..339f2a0dd 100644
--- a/pydatalab/src/pydatalab/login.py
+++ b/pydatalab/src/pydatalab/login.py
@@ -103,7 +103,15 @@ def groups_lookup() -> dict:
             {"$match": {"$expr": {"$in": ["$_id", {"$ifNull": ["$$group_ids", []]}]}}},
             {"$addFields": {"__order": {"$indexOfArray": ["$$group_ids", "$_id"]}}},
             {"$sort": {"__order": 1}},
-            {"$project": {"_id": 1, "display_name": 1}},
+            {
+                "$project": {
+                    "_id": 1,
+                    "display_name": 1,
+                    "group_id": 1,
+                    "type": 1,
+                    "description": 1,
+                }
+            },
         ],
         "as": "groups",
     }
@@ -123,10 +131,18 @@ def get_by_id(user_id: str) -> Optional[LoginUser]:
 
     """
 
-    user = flask_mongo.db.users.find_one({"_id": ObjectId(user_id)})
-    if not user:
+    user_pipeline = [
+        {"$match": {"_id": ObjectId(user_id)}},
+        {"$lookup": groups_lookup()},
+    ]
+    user_cursor = flask_mongo.db.users.aggregate(user_pipeline)
+    users_list = list(user_cursor)
+
+    if not users_list:
         return None
 
+    user = users_list[0]
+
     role = flask_mongo.db.roles.find_one({"_id": ObjectId(user_id)})
     if not role:
         role = "user"
diff --git a/pydatalab/src/pydatalab/permissions.py b/pydatalab/src/pydatalab/permissions.py
index 0bfd4f8e8..bc42b7856 100644
--- a/pydatalab/src/pydatalab/permissions.py
+++ b/pydatalab/src/pydatalab/permissions.py
@@ -6,7 +6,6 @@
 from flask_login import current_user
 
 from pydatalab.config import CONFIG
-from pydatalab.logger import LOGGER
 from pydatalab.login import UserRole
 from pydatalab.models.people import AccountStatus
 from pydatalab.mongo import get_database
@@ -92,7 +91,6 @@ def get_default_permissions(user_only: bool = True, deleting: bool = False) -> d
         ]
     }
     if current_user.is_authenticated and current_user.person is not None:
-        # find managed users under the given user (can later be expanded to groups)
         managed_users = list(
             get_database().users.find(
                 {"managers": {"$in": [current_user.person.immutable_id]}}, projection={"_id": 1}
@@ -100,10 +98,46 @@ def get_default_permissions(user_only: bool = True, deleting: bool = False) -> d
         )
         if managed_users:
             managed_users = [u["_id"] for u in managed_users]
-            LOGGER.debug("Found managed users %s for user %s", managed_users, current_user.person)
+
+        group_users = []
+        if current_user.person.groups:
+            user_group_ids = [group.immutable_id for group in current_user.person.groups]
+
+            users_in_same_groups = list(
+                get_database().users.find({"group_ids": {"$in": user_group_ids}}, {"_id": 1})
+            )
+            group_users_from_members = [u["_id"] for u in users_in_same_groups]
+
+            groups_where_admin = list(
+                get_database().groups.find(
+                    {"group_admins": {"$in": [str(current_user.person.immutable_id)]}},
+                    {"_id": 1, "group_admins": 1},
+                )
+            )
+
+            group_users_from_admin = []
+            if groups_where_admin:
+                admin_group_ids = [g["_id"] for g in groups_where_admin]
+
+                members_of_admin_groups = list(
+                    get_database().users.find({"group_ids": {"$in": admin_group_ids}}, {"_id": 1})
+                )
+                group_users_from_admin = [u["_id"] for u in members_of_admin_groups]
+
+                all_admins_from_groups = []
+                for group in groups_where_admin:
+                    all_admins_from_groups.extend(group.get("group_admins", []))
+
+                admin_object_ids = [
+                    ObjectId(admin_id) if isinstance(admin_id, str) else admin_id
+                    for admin_id in all_admins_from_groups
+                ]
+                group_users_from_admin.extend(admin_object_ids)
+
+            group_users = list(set(group_users_from_members + group_users_from_admin))
 
         user_perm: dict[str, Any] = {
-            "creator_ids": {"$in": [current_user.person.immutable_id] + managed_users}
+            "creator_ids": {"$in": [current_user.person.immutable_id] + managed_users + group_users}
         }
         if user_only:
             # TODO: remove this hack when permissions are refactored. Currently starting_materials and equipment
diff --git a/pydatalab/src/pydatalab/routes/v0_1/admin.py b/pydatalab/src/pydatalab/routes/v0_1/admin.py
index af3cbcb20..ba75c83b1 100644
--- a/pydatalab/src/pydatalab/routes/v0_1/admin.py
+++ b/pydatalab/src/pydatalab/routes/v0_1/admin.py
@@ -38,7 +38,7 @@ def get_users():
                         {"$match": {"$expr": {"$in": ["$_id", {"$ifNull": ["$$group_ids", []]}]}}},
                         {"$addFields": {"__order": {"$indexOfArray": ["$$group_ids", "$_id"]}}},
                         {"$sort": {"__order": 1}},
-                        {"$project": {"_id": 1, "display_name": 1}},
+                        {"$project": {"_id": 1, "display_name": 1, "group_id": 1, "type": 1}},
                     ],
                     "as": "groups",
                 },
@@ -116,6 +116,17 @@ def get_groups():
     groups_data = []
     for group_doc in flask_mongo.db.groups.find():
         group_doc["immutable_id"] = str(group_doc["_id"])
+
+        group_members = list(
+            flask_mongo.db.users.find(
+                {"group_ids": group_doc["_id"]}, {"_id": 1, "display_name": 1}
+            )
+        )
+        group_doc["members"] = [
+            {"immutable_id": str(member["_id"]), "display_name": member.get("display_name", "")}
+            for member in group_members
+        ]
+
         groups_data.append(json.loads(Group(**group_doc).json()))
 
     return jsonify(
@@ -211,3 +222,26 @@ def update_group(group_immutable_id):
 
     except Exception as e:
         return jsonify({"status": "error", "message": f"Failed to update group: {str(e)}"}), 500
+
+
+@ADMIN.route("/groups/<group_immutable_id>", methods=["PATCH"])
+def add_user_to_group(group_immutable_id):
+    request_json = request.get_json()
+    user_id = request_json.get("user_id")
+
+    if not user_id:
+        return jsonify({"status": "error", "message": "No user ID provided."}), 400
+
+    group_exists = flask_mongo.db.groups.find_one({"_id": ObjectId(group_immutable_id)})
+    if not group_exists:
+        return jsonify({"status": "error", "message": "Group does not exist."}), 400
+
+    update_user = flask_mongo.db.users.update_one(
+        {"_id": ObjectId(user_id)},
+        {"$addToSet": {"group_ids": ObjectId(group_immutable_id)}},
+    )
+
+    if update_user.modified_count == 1:
+        return jsonify({"status": "success", "message": "User added to group successfully."}), 200
+    else:
+        return jsonify({"status": "error", "message": "Unable to add user to group."}), 400
diff --git a/webapp/src/components/CreateGroupModal.vue b/webapp/src/components/CreateGroupModal.vue
index db3816734..9f3ef4f52 100644
--- a/webapp/src/components/CreateGroupModal.vue
+++ b/webapp/src/components/CreateGroupModal.vue
@@ -57,6 +57,12 @@
             <UserSelect v-model="group_admins" aria-labelledby="groupAdminsLabel" multiple />
           </div>
         </div>
+        <div class="form-row">
+          <div class="col-md-12 form-group">
+            <label id="groupMembersLabel">Group Members:</label>
+            <UserSelect v-model="group_members" aria-labelledby="groupMembersLabel" multiple />
+          </div>
+        </div>
       </template>
     </Modal>
   </form>
@@ -65,7 +71,7 @@
 <script>
 import Modal from "@/components/Modal.vue";
 import UserSelect from "@/components/UserSelect.vue";
-import { createGroup } from "@/server_fetch_utils.js";
+import { createGroup, addUserToGroup } from "@/server_fetch_utils.js";
 import { validateEntryID } from "@/field_utils.js";
 
 export default {
@@ -84,6 +90,7 @@ export default {
       display_name: "",
       description: "",
       group_admins: [],
+      group_members: [],
       takenGroupIds: [],
       showValidation: false,
     };
@@ -125,9 +132,19 @@ export default {
             .filter((id) => id !== undefined),
         };
 
-        await createGroup(groupData);
-        this.$emit("group-created");
-        this.resetForm();
+        const response = await createGroup(groupData);
+        if (response.status === "success") {
+          const group_immutable_id = response.group_immutable_id;
+
+          if (this.group_members.length > 0) {
+            for (const member of this.group_members) {
+              await addUserToGroup(group_immutable_id, member.immutable_id);
+            }
+          }
+
+          this.$emit("group-created");
+          this.resetForm();
+        }
         this.$emit("update:modelValue", false);
       } catch (error) {
         console.error("Error creating group:", error);
diff --git a/webapp/src/components/EditGroupModal.vue b/webapp/src/components/EditGroupModal.vue
index ecbc1e385..7ae47016c 100644
--- a/webapp/src/components/EditGroupModal.vue
+++ b/webapp/src/components/EditGroupModal.vue
@@ -53,6 +53,12 @@
             <UserSelect v-model="group_admins" aria-labelledby="editGroupAdminsLabel" multiple />
           </div>
         </div>
+        <div class="form-row">
+          <div class="col-md-12 form-group">
+            <label id="editGroupMembersLabel">Group Members:</label>
+            <UserSelect v-model="group_members" aria-labelledby="editGroupMembersLabel" multiple />
+          </div>
+        </div>
       </template>
     </Modal>
   </form>
@@ -61,7 +67,12 @@
 <script>
 import Modal from "@/components/Modal.vue";
 import UserSelect from "@/components/UserSelect.vue";
-import { updateGroup, getUsersList } from "@/server_fetch_utils.js";
+import {
+  updateGroup,
+  getUsersList,
+  addUserToGroup,
+  removeUserFromGroup,
+} from "@/server_fetch_utils.js";
 
 export default {
   name: "EditGroupModal",
@@ -85,25 +96,34 @@ export default {
       group_admins: [],
       originalGroup: null,
       originalAdmins: [],
+      group_members: [],
+      originalMembers: [],
       showValidation: false,
       allUsers: [],
     };
   },
   computed: {
     isFormValid() {
-      return this.display_name.trim() !== "";
+      return this.display_name && this.display_name.trim() !== "";
     },
   },
   watch: {
-    async group(newGroup) {
-      if (newGroup) {
-        await this.loadGroupData(newGroup);
-      }
-    },
-    async modelValue(newValue) {
-      if (newValue && this.group) {
-        await this.loadGroupData(this.group);
-      }
+    group: {
+      immediate: true,
+      handler(newGroup) {
+        if (newGroup) {
+          this.group_id = newGroup.group_id;
+          this.display_name = newGroup.display_name;
+          this.description = newGroup.description;
+
+          this.group_admins = this.loadUsersFromIds(newGroup.group_admins || []);
+          this.group_members = this.loadUsersFromIds(newGroup.members || []);
+
+          this.originalGroup = { ...newGroup };
+          this.originalAdmins = [...this.group_admins];
+          this.originalMembers = [...this.group_members];
+        }
+      },
     },
   },
   async created() {
@@ -115,64 +135,69 @@ export default {
     }
   },
   methods: {
-    async loadGroupData(group) {
-      this.originalGroup = { ...group };
-      this.group_id = group.group_id;
-      this.display_name = group.display_name;
-      this.description = group.description || "";
-
-      this.group_admins = this.loadUsersFromIds(group.group_admins || []);
-      this.originalAdmins = [...this.group_admins];
-    },
-
     loadUsersFromIds(userIds) {
       return userIds
         .map((userId) => {
-          return this.allUsers.find(
+          const user = this.allUsers.find(
             (user) =>
               (user._id && user._id === userId) ||
               (user.user_id && user.user_id === userId) ||
               (user.immutable_id && user.immutable_id === userId),
           );
+
+          if (!user) {
+            console.warn(`User with ID ${userId} not found`);
+          }
+
+          return user;
         })
         .filter((user) => user !== undefined);
     },
-
     async submitForm() {
       this.showValidation = true;
+      if (!this.isFormValid) return;
 
-      if (!this.isFormValid) {
-        return;
-      }
+      const groupData = {
+        display_name: this.display_name,
+        description: this.description,
+        group_admins: this.group_admins.map((admin) => admin.immutable_id || admin),
+      };
 
       try {
-        console.log("Selected group_admins for update:", this.group_admins);
-
-        const groupData = {
-          display_name: this.display_name,
-          description: this.description,
-          group_admins: this.group_admins
-            .map((admin) => {
-              const userId = admin.user_id || admin._id || admin.immutable_id;
-              console.log("Admin object for update:", admin, "Using ID:", userId);
-              return userId;
-            })
-            .filter((id) => id !== undefined),
-        };
-
-        console.log("Updating group with data:", groupData);
-
         await updateGroup(this.originalGroup.immutable_id, groupData);
 
+        await this.updateGroupMembers();
+
         this.$emit("group-updated");
-        this.resetForm();
         this.$emit("update:modelValue", false);
       } catch (error) {
-        console.error("Error updating group:", error);
-        alert("Error updating group: " + error);
+        alert("Error updating group: " + error.message);
       }
     },
+    async updateGroupMembers() {
+      const currentMemberIds = this.group_members.map((m) => m.immutable_id || m);
+      const originalMemberIds = this.originalMembers.map((m) => m.immutable_id || m);
+
+      const toAdd = currentMemberIds.filter((id) => !originalMemberIds.includes(id));
 
+      const toRemove = originalMemberIds.filter((id) => !currentMemberIds.includes(id));
+
+      for (const userId of toAdd) {
+        try {
+          await addUserToGroup(this.originalGroup.immutable_id, userId);
+        } catch (error) {
+          console.error("Error adding user to group:", error);
+        }
+      }
+
+      for (const userId of toRemove) {
+        try {
+          await removeUserFromGroup(this.originalGroup.immutable_id, userId);
+        } catch (error) {
+          console.error("Error removing user from group:", error);
+        }
+      }
+    },
     resetForm() {
       this.group_id = "";
       this.display_name = "";
diff --git a/webapp/src/server_fetch_utils.js b/webapp/src/server_fetch_utils.js
index 2f69e9b5b..35bb6e249 100644
--- a/webapp/src/server_fetch_utils.js
+++ b/webapp/src/server_fetch_utils.js
@@ -327,6 +327,35 @@ export function updateGroup(groupId, groupData) {
     });
 }
 
+export function addUserToGroup(groupId, userId) {
+  console.log("Adding user to group:", { groupId, userId }); // Debug
+  const payload = { user_id: userId };
+  console.log("Payload:", payload); // Debug
+
+  return fetch_patch(`${API_URL}/groups/${groupId}`, payload)
+    .then(function (response_json) {
+      console.log("Response:", response_json); // Debug
+      return response_json;
+    })
+    .catch((error) => {
+      console.error("Error when adding user to group");
+      console.error(error);
+      throw error;
+    });
+}
+
+export function removeUserFromGroup(groupId, userId) {
+  return fetch_delete(`${API_URL}/groups/${groupId}/users/${userId}`)
+    .then(function (response_json) {
+      return response_json;
+    })
+    .catch((error) => {
+      console.error("Error when removing user from group");
+      console.error(error);
+      throw error;
+    });
+}
+
 export function getStartingMaterialList() {
   return fetch_get(`${API_URL}/starting-materials/`)
     .then(function (response_json) {

From 8b2a055dd4b5cbbe5c5c28be449e379cb6b33e77 Mon Sep 17 00:00:00 2001
From: Benjamin CHARMES <benjamin.charmes@gmail.com>
Date: Fri, 20 Jun 2025 16:55:37 +0200
Subject: [PATCH 11/18] implement explicit group sharing for items

---
 pydatalab/schemas/cell.json                   |  45 +++++
 pydatalab/schemas/equipment.json              |  45 +++++
 pydatalab/schemas/sample.json                 |  45 +++++
 pydatalab/schemas/startingmaterial.json       |  45 +++++
 pydatalab/src/pydatalab/models/traits.py      |   8 +-
 pydatalab/src/pydatalab/permissions.py        |  48 ++----
 pydatalab/src/pydatalab/routes/v0_1/groups.py |  38 +++++
 pydatalab/src/pydatalab/routes/v0_1/items.py  | 156 +++++++++++++-----
 webapp/src/components/CellInformation.vue     |  15 +-
 webapp/src/components/GroupSelect.vue         | 104 ++++++++++++
 webapp/src/components/SampleInformation.vue   |  15 +-
 .../components/ToggleableGroupsFormGroup.vue  | 106 ++++++++++++
 webapp/src/server_fetch_utils.js              |  29 ++--
 webapp/src/store/index.js                     |   4 +-
 14 files changed, 606 insertions(+), 97 deletions(-)
 create mode 100644 webapp/src/components/GroupSelect.vue
 create mode 100644 webapp/src/components/ToggleableGroupsFormGroup.vue

diff --git a/pydatalab/schemas/cell.json b/pydatalab/schemas/cell.json
index 6f247657c..250bdf53e 100644
--- a/pydatalab/schemas/cell.json
+++ b/pydatalab/schemas/cell.json
@@ -41,6 +41,14 @@
         "type": "string"
       }
     },
+    "group_ids": {
+      "title": "Group Ids",
+      "default": [],
+      "type": "array",
+      "items": {
+        "type": "string"
+      }
+    },
     "creators": {
       "title": "Creators",
       "type": "array",
@@ -48,6 +56,13 @@
         "$ref": "#/definitions/Person"
       }
     },
+    "groups": {
+      "title": "Groups",
+      "type": "array",
+      "items": {
+        "$ref": "#/definitions/Group"
+      }
+    },
     "type": {
       "title": "Type",
       "default": "cells",
@@ -439,6 +454,14 @@
             "type": "string"
           }
         },
+        "group_ids": {
+          "title": "Group Ids",
+          "default": [],
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
         "creators": {
           "title": "Creators",
           "type": "array",
@@ -446,6 +469,13 @@
             "$ref": "#/definitions/Person"
           }
         },
+        "groups": {
+          "title": "Groups",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/Group"
+          }
+        },
         "type": {
           "title": "Type",
           "default": "collections",
@@ -513,6 +543,14 @@
             "type": "string"
           }
         },
+        "group_ids": {
+          "title": "Group Ids",
+          "default": [],
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
         "creators": {
           "title": "Creators",
           "type": "array",
@@ -520,6 +558,13 @@
             "$ref": "#/definitions/Person"
           }
         },
+        "groups": {
+          "title": "Groups",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/Group"
+          }
+        },
         "type": {
           "title": "Type",
           "default": "files",
diff --git a/pydatalab/schemas/equipment.json b/pydatalab/schemas/equipment.json
index 1ba99e442..31f7e7273 100644
--- a/pydatalab/schemas/equipment.json
+++ b/pydatalab/schemas/equipment.json
@@ -41,6 +41,14 @@
         "type": "string"
       }
     },
+    "group_ids": {
+      "title": "Group Ids",
+      "default": [],
+      "type": "array",
+      "items": {
+        "type": "string"
+      }
+    },
     "creators": {
       "title": "Creators",
       "type": "array",
@@ -48,6 +56,13 @@
         "$ref": "#/definitions/Person"
       }
     },
+    "groups": {
+      "title": "Groups",
+      "type": "array",
+      "items": {
+        "$ref": "#/definitions/Group"
+      }
+    },
     "type": {
       "title": "Type",
       "default": "equipment",
@@ -403,6 +418,14 @@
             "type": "string"
           }
         },
+        "group_ids": {
+          "title": "Group Ids",
+          "default": [],
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
         "creators": {
           "title": "Creators",
           "type": "array",
@@ -410,6 +433,13 @@
             "$ref": "#/definitions/Person"
           }
         },
+        "groups": {
+          "title": "Groups",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/Group"
+          }
+        },
         "type": {
           "title": "Type",
           "default": "collections",
@@ -477,6 +507,14 @@
             "type": "string"
           }
         },
+        "group_ids": {
+          "title": "Group Ids",
+          "default": [],
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
         "creators": {
           "title": "Creators",
           "type": "array",
@@ -484,6 +522,13 @@
             "$ref": "#/definitions/Person"
           }
         },
+        "groups": {
+          "title": "Groups",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/Group"
+          }
+        },
         "type": {
           "title": "Type",
           "default": "files",
diff --git a/pydatalab/schemas/sample.json b/pydatalab/schemas/sample.json
index 10312e833..b442edcee 100644
--- a/pydatalab/schemas/sample.json
+++ b/pydatalab/schemas/sample.json
@@ -53,6 +53,14 @@
         "type": "string"
       }
     },
+    "group_ids": {
+      "title": "Group Ids",
+      "default": [],
+      "type": "array",
+      "items": {
+        "type": "string"
+      }
+    },
     "creators": {
       "title": "Creators",
       "type": "array",
@@ -60,6 +68,13 @@
         "$ref": "#/definitions/Person"
       }
     },
+    "groups": {
+      "title": "Groups",
+      "type": "array",
+      "items": {
+        "$ref": "#/definitions/Group"
+      }
+    },
     "type": {
       "title": "Type",
       "default": "samples",
@@ -492,6 +507,14 @@
             "type": "string"
           }
         },
+        "group_ids": {
+          "title": "Group Ids",
+          "default": [],
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
         "creators": {
           "title": "Creators",
           "type": "array",
@@ -499,6 +522,13 @@
             "$ref": "#/definitions/Person"
           }
         },
+        "groups": {
+          "title": "Groups",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/Group"
+          }
+        },
         "type": {
           "title": "Type",
           "default": "collections",
@@ -566,6 +596,14 @@
             "type": "string"
           }
         },
+        "group_ids": {
+          "title": "Group Ids",
+          "default": [],
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
         "creators": {
           "title": "Creators",
           "type": "array",
@@ -573,6 +611,13 @@
             "$ref": "#/definitions/Person"
           }
         },
+        "groups": {
+          "title": "Groups",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/Group"
+          }
+        },
         "type": {
           "title": "Type",
           "default": "files",
diff --git a/pydatalab/schemas/startingmaterial.json b/pydatalab/schemas/startingmaterial.json
index 2f0045723..5cba44325 100644
--- a/pydatalab/schemas/startingmaterial.json
+++ b/pydatalab/schemas/startingmaterial.json
@@ -53,6 +53,14 @@
         "type": "string"
       }
     },
+    "group_ids": {
+      "title": "Group Ids",
+      "default": [],
+      "type": "array",
+      "items": {
+        "type": "string"
+      }
+    },
     "creators": {
       "title": "Creators",
       "type": "array",
@@ -60,6 +68,13 @@
         "$ref": "#/definitions/Person"
       }
     },
+    "groups": {
+      "title": "Groups",
+      "type": "array",
+      "items": {
+        "$ref": "#/definitions/Group"
+      }
+    },
     "type": {
       "title": "Type",
       "default": "starting_materials",
@@ -545,6 +560,14 @@
             "type": "string"
           }
         },
+        "group_ids": {
+          "title": "Group Ids",
+          "default": [],
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
         "creators": {
           "title": "Creators",
           "type": "array",
@@ -552,6 +575,13 @@
             "$ref": "#/definitions/Person"
           }
         },
+        "groups": {
+          "title": "Groups",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/Group"
+          }
+        },
         "type": {
           "title": "Type",
           "default": "collections",
@@ -619,6 +649,14 @@
             "type": "string"
           }
         },
+        "group_ids": {
+          "title": "Group Ids",
+          "default": [],
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
         "creators": {
           "title": "Creators",
           "type": "array",
@@ -626,6 +664,13 @@
             "$ref": "#/definitions/Person"
           }
         },
+        "groups": {
+          "title": "Groups",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/Group"
+          }
+        },
         "type": {
           "title": "Type",
           "default": "files",
diff --git a/pydatalab/src/pydatalab/models/traits.py b/pydatalab/src/pydatalab/models/traits.py
index 79f7b0537..03d072985 100644
--- a/pydatalab/src/pydatalab/models/traits.py
+++ b/pydatalab/src/pydatalab/models/traits.py
@@ -2,7 +2,7 @@
 
 from pydantic import BaseModel, Field, root_validator
 
-from pydatalab.models.people import Person
+from pydatalab.models.people import Group, Person
 from pydatalab.models.utils import Constituent, InlineSubstance, PyObjectId
 
 
@@ -10,9 +10,15 @@ class HasOwner(BaseModel):
     creator_ids: list[PyObjectId] = Field([])
     """The database IDs of the user(s) who created the item."""
 
+    group_ids: list[PyObjectId] = Field([])
+    """The database IDs of the group(s) that have access to the item."""
+
     creators: list[Person] | None = Field(None)
     """Inlined info for the people associated with this item."""
 
+    groups: list[Group] | None = Field(None)
+    """Inlined info for the groups associated with this item."""
+
 
 class HasRevisionControl(BaseModel):
     revision: int = 1
diff --git a/pydatalab/src/pydatalab/permissions.py b/pydatalab/src/pydatalab/permissions.py
index bc42b7856..564ed70aa 100644
--- a/pydatalab/src/pydatalab/permissions.py
+++ b/pydatalab/src/pydatalab/permissions.py
@@ -90,6 +90,7 @@ def get_default_permissions(user_only: bool = True, deleting: bool = False) -> d
             {"creator_ids": {"$exists": False}},
         ]
     }
+
     if current_user.is_authenticated and current_user.person is not None:
         managed_users = list(
             get_database().users.find(
@@ -99,46 +100,27 @@ def get_default_permissions(user_only: bool = True, deleting: bool = False) -> d
         if managed_users:
             managed_users = [u["_id"] for u in managed_users]
 
-        group_users = []
+        user_group_ids = []
         if current_user.person.groups:
             user_group_ids = [group.immutable_id for group in current_user.person.groups]
 
-            users_in_same_groups = list(
-                get_database().users.find({"group_ids": {"$in": user_group_ids}}, {"_id": 1})
+        groups_where_admin = list(
+            get_database().groups.find(
+                {"group_admins": {"$in": [str(current_user.person.immutable_id)]}}, {"_id": 1}
             )
-            group_users_from_members = [u["_id"] for u in users_in_same_groups]
-
-            groups_where_admin = list(
-                get_database().groups.find(
-                    {"group_admins": {"$in": [str(current_user.person.immutable_id)]}},
-                    {"_id": 1, "group_admins": 1},
-                )
-            )
-
-            group_users_from_admin = []
-            if groups_where_admin:
-                admin_group_ids = [g["_id"] for g in groups_where_admin]
-
-                members_of_admin_groups = list(
-                    get_database().users.find({"group_ids": {"$in": admin_group_ids}}, {"_id": 1})
-                )
-                group_users_from_admin = [u["_id"] for u in members_of_admin_groups]
-
-                all_admins_from_groups = []
-                for group in groups_where_admin:
-                    all_admins_from_groups.extend(group.get("group_admins", []))
+        )
+        if groups_where_admin:
+            admin_group_ids = [g["_id"] for g in groups_where_admin]
+            user_group_ids.extend(admin_group_ids)
 
-                admin_object_ids = [
-                    ObjectId(admin_id) if isinstance(admin_id, str) else admin_id
-                    for admin_id in all_admins_from_groups
-                ]
-                group_users_from_admin.extend(admin_object_ids)
+        user_perm_conditions = [
+            {"creator_ids": {"$in": [current_user.person.immutable_id] + managed_users}}
+        ]
 
-            group_users = list(set(group_users_from_members + group_users_from_admin))
+        if user_group_ids:
+            user_perm_conditions.append({"group_ids": {"$in": user_group_ids}})
 
-        user_perm: dict[str, Any] = {
-            "creator_ids": {"$in": [current_user.person.immutable_id] + managed_users + group_users}
-        }
+        user_perm: dict[str, Any] = {"$or": user_perm_conditions}
         if user_only:
             # TODO: remove this hack when permissions are refactored. Currently starting_materials and equipment
             # are a special case that should be group editable, so even when the route has asked to only edit this
diff --git a/pydatalab/src/pydatalab/routes/v0_1/groups.py b/pydatalab/src/pydatalab/routes/v0_1/groups.py
index 8b3aa1376..be70605a7 100644
--- a/pydatalab/src/pydatalab/routes/v0_1/groups.py
+++ b/pydatalab/src/pydatalab/routes/v0_1/groups.py
@@ -1,8 +1,10 @@
 import json
 
 from flask import Blueprint, jsonify, request
+from flask_login import current_user
 
 from pydatalab.models.people import Group
+from pydatalab.models.utils import UserRole
 from pydatalab.mongo import flask_mongo
 from pydatalab.permissions import active_users_or_get_only
 
@@ -44,3 +46,39 @@ def search_groups():
     return jsonify(
         {"status": "success", "data": list(json.loads(Group(**d).json()) for d in cursor)}
     ), 200
+
+
+@GROUPS.route("/groups", methods=["GET"])
+@active_users_or_get_only
+def get_user_accessible_groups():
+    """Get groups that the current user can see/access."""
+
+    if current_user.role == UserRole.ADMIN:
+        groups_cursor = flask_mongo.db.groups.find()
+    else:
+        user_group_ids = (
+            [group.immutable_id for group in current_user.person.groups]
+            if current_user.person.groups
+            else []
+        )
+
+        groups_cursor = flask_mongo.db.groups.find(
+            {
+                "$or": [
+                    {"_id": {"$in": user_group_ids}},
+                    {"group_admins": {"$in": [str(current_user.person.immutable_id)]}},
+                ]
+            }
+        )
+
+    groups_data = []
+    for group_doc in groups_cursor:
+        group_doc["immutable_id"] = str(group_doc["_id"])
+        groups_data.append(json.loads(Group(**group_doc).json()))
+
+    return jsonify(
+        {
+            "status": "success",
+            "data": groups_data,
+        }
+    ), 200
diff --git a/pydatalab/src/pydatalab/routes/v0_1/items.py b/pydatalab/src/pydatalab/routes/v0_1/items.py
index c3b22c301..c6170a370 100644
--- a/pydatalab/src/pydatalab/routes/v0_1/items.py
+++ b/pydatalab/src/pydatalab/routes/v0_1/items.py
@@ -22,6 +22,27 @@
 ITEMS = Blueprint("items", __name__)
 
 
+def groups_lookup_for_items() -> dict:
+    return {
+        "from": "groups",
+        "let": {"group_ids": "$group_ids"},
+        "pipeline": [
+            {"$match": {"$expr": {"$in": ["$_id", {"$ifNull": ["$$group_ids", []]}]}}},
+            {"$addFields": {"__order": {"$indexOfArray": ["$$group_ids", "$_id"]}}},
+            {"$sort": {"__order": 1}},
+            {
+                "$project": {
+                    "_id": 1,
+                    "display_name": 1,
+                    "group_id": 1,
+                    "type": 1,
+                }
+            },
+        ],
+        "as": "groups",
+    }
+
+
 @ITEMS.before_request
 @active_users_or_get_only
 def _(): ...
@@ -709,91 +730,137 @@ def update_item_permissions(refcode: str):
 
     request_json = request.get_json()
     creator_ids: list[ObjectId] = []
+    group_ids: list[ObjectId] = []
 
     if len(refcode.split(":")) != 2:
         refcode = f"{CONFIG.IDENTIFIER_PREFIX}:{refcode}"
 
     current_item = flask_mongo.db.items.find_one(
         {"refcode": refcode, **get_default_permissions(user_only=True)},
-        {"_id": 1, "creator_ids": 1},
-    )  # type: ignore
+        {"_id": 1, "creator_ids": 1, "group_ids": 1},
+    )
 
     if not current_item:
-        return (
-            jsonify(
-                {
-                    "status": "error",
-                    "message": f"No valid item found with the given {refcode=}.",
-                }
-            ),
-            401,
-        )
+        return jsonify(
+            {
+                "status": "error",
+                "message": f"No valid item found with the given {refcode=}.",
+            }
+        ), 401
 
     current_creator_ids = current_item["creator_ids"]
+    current_group_ids = current_item.get("group_ids", [])
 
-    if "creators" in request_json:
+    if "creators" in request_json and request_json["creators"] is not None:
         creator_ids = [
             ObjectId(creator.get("immutable_id", None))
             for creator in request_json["creators"]
             if creator.get("immutable_id", None) is not None
         ]
 
-    if not creator_ids:
-        return (
-            jsonify(
+        if not creator_ids:
+            return jsonify(
                 {
                     "status": "error",
                     "message": "No valid creator IDs found in the request.",
                 }
-            ),
-            400,
-        )
+            ), 400
 
-    # Validate all creator IDs are present in the database
-    found_ids = [d for d in flask_mongo.db.users.find({"_id": {"$in": creator_ids}}, {"_id": 1})]  # type: ignore
-    if len(found_ids) != len(creator_ids):
-        return (
-            jsonify(
+        # Validate all creator IDs are present in the database
+        found_ids = [
+            d for d in flask_mongo.db.users.find({"_id": {"$in": creator_ids}}, {"_id": 1})
+        ]
+        if len(found_ids) != len(creator_ids):
+            return jsonify(
                 {
                     "status": "error",
                     "message": "One or more creator IDs not found in the database.",
                 }
-            ),
-            400,
-        )
+            ), 400
 
-    # Make sure a user cannot remove their own access to an item
-    current_user_id = current_user.person.immutable_id
-    try:
-        creator_ids.remove(current_user_id)
-    except ValueError:
-        pass
-    creator_ids.insert(0, current_user_id)
-
-    # The first ID in the creator list takes precedence; always make sure this is included to avoid orphaned items
-    if current_creator_ids:
-        base_owner = current_creator_ids[0]
+        # Make sure a user cannot remove their own access to an item
+        current_user_id = current_user.person.immutable_id
         try:
-            creator_ids.remove(base_owner)
+            creator_ids.remove(current_user_id)
         except ValueError:
             pass
-        creator_ids.insert(0, base_owner)
+        creator_ids.insert(0, current_user_id)
+
+        # The first ID in the creator list takes precedence; always make sure this is included to avoid orphaned items
+        if current_creator_ids:
+            base_owner = current_creator_ids[0]
+            try:
+                creator_ids.remove(base_owner)
+            except ValueError:
+                pass
+            creator_ids.insert(0, base_owner)
+
+    if "groups" in request_json:
+        group_ids = [
+            ObjectId(group.get("immutable_id", None))
+            for group in request_json["groups"]
+            if group.get("immutable_id", None) is not None
+        ]
+
+        if group_ids:
+            found_group_ids = [
+                d for d in flask_mongo.db.groups.find({"_id": {"$in": group_ids}}, {"_id": 1})
+            ]
+            if len(found_group_ids) != len(group_ids):
+                return jsonify(
+                    {
+                        "status": "error",
+                        "message": "One or more group IDs not found in the database.",
+                    }
+                ), 400
+
+            user_group_ids = (
+                [group.immutable_id for group in current_user.person.groups]
+                if current_user.person.groups
+                else []
+            )
+
+            groups_where_admin = list(
+                flask_mongo.db.groups.find(
+                    {"group_admins": {"$in": [str(current_user.person.immutable_id)]}}, {"_id": 1}
+                )
+            )
+            admin_group_ids = [g["_id"] for g in groups_where_admin]
+            allowed_group_ids = user_group_ids + admin_group_ids
+
+            if not all(gid in allowed_group_ids for gid in group_ids):
+                return jsonify(
+                    {
+                        "status": "error",
+                        "message": "You can only share with groups you belong to or administer.",
+                    }
+                ), 403
+
+    update_data = {}
+    if (
+        "creators" in request_json
+        and request_json["creators"] is not None
+        and set(creator_ids) != set(current_creator_ids)
+    ):
+        update_data["creator_ids"] = creator_ids
+
+    if "groups" in request_json and set(group_ids) != set(current_group_ids):
+        update_data["group_ids"] = group_ids
 
-    if set(creator_ids) == set(current_creator_ids):
-        # Short circuit if the creator IDs are the same
+    if not update_data:
         return jsonify({"status": "success"}), 200
 
-    LOGGER.warning("Setting permissions for item %s to %s", refcode, creator_ids)
+    LOGGER.warning("Setting permissions for item %s: %s", refcode, update_data)
     result = flask_mongo.db.items.update_one(
         {"refcode": refcode, **get_default_permissions(user_only=True)},
-        {"$set": {"creator_ids": creator_ids}},
+        {"$set": update_data},
     )
 
     if result.modified_count != 1:
         return jsonify(
             {
                 "status": "error",
-                "message": "Failed to update permissions: you cannot remove yourself or the base owner as a creator.",
+                "message": "Failed to update permissions.",
             }
         ), 400
 
@@ -877,6 +944,7 @@ def get_item_data(
             {"$lookup": creators_lookup()},
             {"$lookup": collections_lookup()},
             {"$lookup": files_lookup()},
+            {"$lookup": groups_lookup_for_items()},
         ],
     )
 
diff --git a/webapp/src/components/CellInformation.vue b/webapp/src/components/CellInformation.vue
index dc09845be..4489fba1a 100644
--- a/webapp/src/components/CellInformation.vue
+++ b/webapp/src/components/CellInformation.vue
@@ -25,11 +25,17 @@
               <FormattedRefcode :refcode="Refcode" />
             </div>
           </div>
-          <div class="form-group col-md-3 col-sm-3 col-6 pb-3">
+          <div class="col-md-9 col-sm-10 pr-2">
+            <ToggleableCollectionFormGroup v-model="Collections" />
+          </div>
+        </div>
+
+        <div class="form-row">
+          <div class="form-group col-md-6 pb-3">
             <ToggleableCreatorsFormGroup v-model="ItemCreators" :refcode="Refcode" />
           </div>
-          <div class="col-md-6 col-sm-7 pr-2">
-            <ToggleableCollectionFormGroup v-model="Collections" />
+          <div class="form-group col-md-6 pb-3">
+            <ToggleableGroupsFormGroup v-model="ItemGroups" :refcode="Refcode" />
           </div>
         </div>
         <div class="form-row">
@@ -113,6 +119,7 @@ import ItemRelationshipVisualization from "@/components/ItemRelationshipVisualiz
 import FormattedRefcode from "@/components/FormattedRefcode";
 import ToggleableCollectionFormGroup from "@/components/ToggleableCollectionFormGroup";
 import ToggleableCreatorsFormGroup from "@/components/ToggleableCreatorsFormGroup";
+import ToggleableGroupsFormGroup from "@/components/ToggleableGroupsFormGroup";
 import { cellFormats } from "@/resources.js";
 
 export default {
@@ -125,6 +132,7 @@ export default {
     FormattedRefcode,
     ToggleableCollectionFormGroup,
     ToggleableCreatorsFormGroup,
+    ToggleableGroupsFormGroup,
   },
   props: {
     item_id: {
@@ -151,6 +159,7 @@ export default {
     MolarMass: createComputedSetterForItemField("characteristic_molar_mass"),
     DateCreated: createComputedSetterForItemField("date"),
     ItemCreators: createComputedSetterForItemField("creators"),
+    ItemGroups: createComputedSetterForItemField("groups"),
     CellFormat: createComputedSetterForItemField("cell_format"),
     CellFormatDescription: createComputedSetterForItemField("cell_format_description"),
     CharacteristicMass: createComputedSetterForItemField("characteristic_mass"),
diff --git a/webapp/src/components/GroupSelect.vue b/webapp/src/components/GroupSelect.vue
new file mode 100644
index 000000000..871f7e4b0
--- /dev/null
+++ b/webapp/src/components/GroupSelect.vue
@@ -0,0 +1,104 @@
+<template>
+  <vSelect
+    ref="selectComponent"
+    v-model="value"
+    :options="filteredGroups"
+    multiple
+    :min="minimumOptions"
+    label="display_name"
+    :reduce="(group) => group"
+    :filterable="false"
+    @search="debouncedAsyncSearch"
+  >
+    <template #no-options="{ searching }">
+      <span v-if="searching"> Sorry, no matches found. </span>
+      <span v-else class="empty-search"> Search for a group by name or ID </span>
+    </template>
+    <template #option="group">
+      <div class="d-flex align-items-center">
+        <strong>{{ group.display_name }}</strong>
+        <small class="text-muted ml-2">({{ group.group_id }})</small>
+      </div>
+    </template>
+    <template #selected-option="group">
+      <div class="d-flex align-items-center">
+        <strong>{{ group.display_name }}</strong>
+        <small class="text-muted ml-2">({{ group.group_id }})</small>
+      </div>
+    </template>
+  </vSelect>
+</template>
+
+<script>
+import vSelect from "vue-select";
+import { getGroupsList } from "@/server_fetch_utils.js";
+import { debounceTime } from "@/resources.js";
+
+export default {
+  components: {
+    vSelect,
+  },
+  props: {
+    modelValue: {
+      type: Array,
+      default: () => [],
+    },
+    minimumOptions: {
+      type: Number,
+      default: 0,
+    },
+  },
+  emits: ["update:modelValue"],
+  data() {
+    return {
+      debounceTimeout: null,
+      groups: [],
+      isSearchFetchError: false,
+    };
+  },
+  computed: {
+    value: {
+      get() {
+        return this.modelValue;
+      },
+      set(newValue) {
+        this.$emit("update:modelValue", newValue);
+      },
+    },
+    filteredGroups() {
+      const selectedGroupIds = this.modelValue.map((group) => group.immutable_id);
+      return this.groups.filter((group) => !selectedGroupIds.includes(group.immutable_id));
+    },
+  },
+  async created() {
+    await this.loadGroups();
+  },
+  methods: {
+    async loadGroups() {
+      try {
+        this.groups = await getGroupsList();
+      } catch (error) {
+        console.error("Error loading groups:", error);
+        this.groups = [];
+      }
+    },
+    async debouncedAsyncSearch(query, loading) {
+      loading(true);
+      clearTimeout(this.debounceTimeout);
+      this.debounceTimeout = setTimeout(async () => {
+        if (query && query.length > 0) {
+          const allGroups = await getGroupsList();
+          this.groups = allGroups.filter(
+            (group) =>
+              group.display_name.toLowerCase().includes(query.toLowerCase()) ||
+              group.group_id.toLowerCase().includes(query.toLowerCase()),
+          );
+        } else {
+          await this.loadGroups();
+        }
+        loading(false);
+      }, debounceTime);
+    },
+  },
+};
+</script>
diff --git a/webapp/src/components/SampleInformation.vue b/webapp/src/components/SampleInformation.vue
index 25f18135c..06ca67af6 100644
--- a/webapp/src/components/SampleInformation.vue
+++ b/webapp/src/components/SampleInformation.vue
@@ -23,13 +23,19 @@
           </div>
         </div>
         <div class="form-row">
-          <div class="form-group col-md-3 col-sm-2 col-6">
+          <div class="form-group col-md-3 col-sm-4 col-6">
             <label for="samp-refcode">Refcode</label>
             <div id="samp-refcode">
               <FormattedRefcode :refcode="Refcode" />
             </div>
           </div>
-          <div class="form-group col-md-3 col-sm-3 col-6 pb-3">
+          <div class="form-group col-md-9 col-sm-8 col-6 pr-2">
+            <ToggleableCollectionFormGroup v-model="Collections" />
+          </div>
+        </div>
+
+        <div class="form-row">
+          <div class="form-group col-md-6 pb-3">
             <ToggleableCreatorsFormGroup v-model="ItemCreators" :refcode="Refcode" />
           </div>
           <div class="col-md-6 col-sm-7 pr-2">
@@ -38,6 +44,8 @@
               v-model="Collections"
               :item_id="item_id"
             />
+          <div class="form-group col-md-6 pb-3">
+            <ToggleableGroupsFormGroup v-model="ItemGroups" :refcode="Refcode" />
           </div>
         </div>
         <div class="form-row">
@@ -64,6 +72,7 @@ import ChemFormulaInput from "@/components/ChemFormulaInput";
 import FormattedRefcode from "@/components/FormattedRefcode";
 import ToggleableCollectionFormGroup from "@/components/ToggleableCollectionFormGroup";
 import ToggleableCreatorsFormGroup from "@/components/ToggleableCreatorsFormGroup";
+import ToggleableGroupsFormGroup from "@/components/ToggleableGroupsFormGroup";
 import TinyMceInline from "@/components/TinyMceInline";
 import SynthesisInformation from "@/components/SynthesisInformation";
 import TableOfContents from "@/components/TableOfContents";
@@ -79,6 +88,7 @@ export default {
     FormattedRefcode,
     ToggleableCollectionFormGroup,
     ToggleableCreatorsFormGroup,
+    ToggleableGroupsFormGroup,
   },
   props: {
     item_id: { type: String, required: true },
@@ -104,6 +114,7 @@ export default {
     ChemForm: createComputedSetterForItemField("chemform"),
     DateCreated: createComputedSetterForItemField("date"),
     ItemCreators: createComputedSetterForItemField("creators"),
+    ItemGroups: createComputedSetterForItemField("groups"),
     Collections: createComputedSetterForItemField("collections"),
   },
 };
diff --git a/webapp/src/components/ToggleableGroupsFormGroup.vue b/webapp/src/components/ToggleableGroupsFormGroup.vue
new file mode 100644
index 000000000..1673c3157
--- /dev/null
+++ b/webapp/src/components/ToggleableGroupsFormGroup.vue
@@ -0,0 +1,106 @@
+<template>
+  <div
+    ref="outerdiv"
+    class="h-100 form-group clickable"
+    @click="isEditingGroups = !isEditingGroups"
+  >
+    <label id="groups" class="clickable">
+      Shared with Groups
+      <font-awesome-icon id="edit-icon" class="pl-1" icon="pen" size="xs" :fade="isEditingGroups" />
+    </label>
+    <div>
+      <div v-if="!isEditingGroups">
+        <div v-if="value.length === 0" class="text-muted small">Not shared with any groups</div>
+        <div v-else class="d-flex flex-wrap">
+          <span
+            v-for="group in value"
+            :key="group.immutable_id"
+            class="badge badge-secondary mr-1 mb-1"
+          >
+            {{ group.display_name }}
+          </span>
+        </div>
+      </div>
+      <OnClickOutside
+        v-if="isEditingGroups"
+        :options="{ ignore: [outerDivRef] }"
+        @trigger="isEditingGroups = false"
+      >
+        <GroupSelect v-model="shadowValue" multiple @click.stop />
+      </OnClickOutside>
+    </div>
+  </div>
+</template>
+
+<script>
+import GroupSelect from "@/components/GroupSelect";
+import { OnClickOutside } from "@vueuse/components";
+import { updateItemPermissions } from "@/server_fetch_utils.js";
+import { toRaw } from "vue";
+
+export default {
+  components: {
+    GroupSelect,
+    OnClickOutside,
+  },
+  props: {
+    refcode: { type: String, required: true },
+    modelValue: {
+      type: Array,
+      required: true,
+    },
+  },
+  emits: ["update:modelValue"],
+  data() {
+    return {
+      isEditingGroups: false,
+      outerDivRef: null,
+      shadowValue: [],
+    };
+  },
+  computed: {
+    value: {
+      get() {
+        return this.modelValue;
+      },
+      set(newValue) {
+        this.$emit("update:modelValue", newValue);
+      },
+    },
+  },
+  watch: {
+    async isEditingGroups(newValue, oldValue) {
+      if (newValue === false && oldValue === true) {
+        if (JSON.stringify(toRaw(this.value)) === JSON.stringify(toRaw(this.shadowValue))) {
+          return;
+        }
+
+        try {
+          let answer = confirm(
+            "Are you sure you want to update the group permissions of this item?",
+          );
+          if (answer) {
+            await updateItemPermissions(this.refcode, null, this.shadowValue);
+            this.$emit("update:modelValue", [...this.shadowValue]);
+          } else {
+            this.shadowValue = [...this.value];
+          }
+        } catch (error) {
+          alert("Error updating group permissions: " + error);
+          this.shadowValue = [...this.value];
+        }
+      }
+    },
+
+    modelValue: {
+      immediate: true,
+      handler(newVal) {
+        this.shadowValue = [...newVal];
+      },
+    },
+  },
+  async mounted() {
+    this.outerDivRef = this.$refs.outerdiv;
+  },
+};
+</script>
diff --git a/webapp/src/server_fetch_utils.js b/webapp/src/server_fetch_utils.js
index 35bb6e249..c60690376 100644
--- a/webapp/src/server_fetch_utils.js
+++ b/webapp/src/server_fetch_utils.js
@@ -278,8 +278,7 @@ export function getUsersList() {
 export function getGroupsList() {
   return fetch_get(`${API_URL}/groups`)
     .then(function (response_json) {
-      const groups = response_json.data;
-      return groups;
+      return response_json.data;
     })
     .catch((error) => {
       console.error("Error when fetching groups list");
@@ -645,16 +644,22 @@ export function addABlock(item_id, block_type, index = null) {
   return block_id_promise;
 }
 
-export function updateItemPermissions(refcode, creators) {
-  console.log("updateItemPermissions called with", refcode, creators);
-  return fetch_patch(`${API_URL}/items/${refcode}/permissions`, {
-    creators: creators,
-  }).then(function (response_json) {
-    if (response_json.status === "error") {
-      throw new Error(response_json.message);
-    }
-    return response_json;
-  });
+export function updateItemPermissions(refcode, creators, groups = null) {
+  console.log("updateItemPermissions called with", refcode, creators, groups);
+
+  const payload = { creators: creators };
+  if (groups !== null) {
+    payload.groups = groups;
+  }
+
+  return fetch_patch(`${API_URL}/items/${refcode}/permissions`, payload).then(
+    function (response_json) {
+      if (response_json.status === "error") {
+        throw new Error(response_json.message);
+      }
+      return response_json;
+    },
+  );
 }
 
 export function saveItem(item_id) {
diff --git a/webapp/src/store/index.js b/webapp/src/store/index.js
index 9e10aec48..a0029959b 100644
--- a/webapp/src/store/index.js
+++ b/webapp/src/store/index.js
@@ -257,8 +257,8 @@ export default createStore({
       //requires the following fields in payload:
       // item_id, item_data
       Object.assign(state.all_item_data[payload.item_id], payload.item_data);
-      if (payload.item_data.creators && state.saved_status_items[payload.item_id] == true) {
-        state.saved_status_items[payload.item_id] = true;
+      if (payload.item_data.creators || payload.item_data.groups) {
+        return;
       } else {
         state.saved_status_items[payload.item_id] = false;
       }

From ff2405eab2caef03989d20474ff7a5bee02ce287 Mon Sep 17 00:00:00 2001
From: Benjamin CHARMES <benjamin.charmes@gmail.com>
Date: Tue, 24 Jun 2025 15:24:39 +0200
Subject: [PATCH 12/18] Allow users to assign samples as visible to groups on
 creation

---
 pydatalab/src/pydatalab/routes/v0_1/admin.py  | 32 +++++++++--
 pydatalab/src/pydatalab/routes/v0_1/groups.py | 37 +++++--------
 pydatalab/src/pydatalab/routes/v0_1/items.py  | 54 +++++++++++++++++++
 webapp/src/components/CreateGroupModal.vue    | 13 ++---
 webapp/src/components/CreateItemModal.vue     | 30 +++++++++++
 webapp/src/components/EditGroupModal.vue      | 28 ++--------
 webapp/src/components/GroupTable.vue          |  6 +--
 .../CellCreateModalAddon.vue                  |  2 +-
 webapp/src/server_fetch_utils.js              | 39 +++++++++++---
 9 files changed, 171 insertions(+), 70 deletions(-)

diff --git a/pydatalab/src/pydatalab/routes/v0_1/admin.py b/pydatalab/src/pydatalab/routes/v0_1/admin.py
index ba75c83b1..4e544f698 100644
--- a/pydatalab/src/pydatalab/routes/v0_1/admin.py
+++ b/pydatalab/src/pydatalab/routes/v0_1/admin.py
@@ -111,23 +111,45 @@ def save_role(user_id):
     return (jsonify({"status": "success"}), 200)
 
 
-@ADMIN.route("/groups", methods=["GET"])
+@ADMIN.route("/admin/groups", methods=["GET"])
 def get_groups():
     groups_data = []
     for group_doc in flask_mongo.db.groups.find():
         group_doc["immutable_id"] = str(group_doc["_id"])
 
+        group_data = json.loads(Group(**group_doc).json())
+
         group_members = list(
             flask_mongo.db.users.find(
-                {"group_ids": group_doc["_id"]}, {"_id": 1, "display_name": 1}
+                {"group_ids": group_doc["_id"]}, {"_id": 1, "display_name": 1, "contact_email": 1}
             )
         )
-        group_doc["members"] = [
-            {"immutable_id": str(member["_id"]), "display_name": member.get("display_name", "")}
+        group_data["members"] = [
+            {
+                "immutable_id": str(member["_id"]),
+                "display_name": member.get("display_name", ""),
+                "contact_email": member.get("contact_email", ""),
+            }
             for member in group_members
         ]
 
-        groups_data.append(json.loads(Group(**group_doc).json()))
+        if group_doc.get("group_admins"):
+            admin_ids = [ObjectId(admin_id) for admin_id in group_doc["group_admins"]]
+            group_admins = list(
+                flask_mongo.db.users.find(
+                    {"_id": {"$in": admin_ids}}, {"_id": 1, "display_name": 1, "contact_email": 1}
+                )
+            )
+            group_data["group_admins"] = [
+                {
+                    "immutable_id": str(admin["_id"]),
+                    "display_name": admin.get("display_name", ""),
+                    "contact_email": admin.get("contact_email", ""),
+                }
+                for admin in group_admins
+            ]
+
+        groups_data.append(group_data)
 
     return jsonify(
         {
diff --git a/pydatalab/src/pydatalab/routes/v0_1/groups.py b/pydatalab/src/pydatalab/routes/v0_1/groups.py
index be70605a7..a8819eab5 100644
--- a/pydatalab/src/pydatalab/routes/v0_1/groups.py
+++ b/pydatalab/src/pydatalab/routes/v0_1/groups.py
@@ -4,7 +4,6 @@
 from flask_login import current_user
 
 from pydatalab.models.people import Group
-from pydatalab.models.utils import UserRole
 from pydatalab.mongo import flask_mongo
 from pydatalab.permissions import active_users_or_get_only
 
@@ -53,32 +52,24 @@ def search_groups():
 def get_user_accessible_groups():
     """Get groups that the current user can see/access."""
 
-    if current_user.role == UserRole.ADMIN:
-        groups_cursor = flask_mongo.db.groups.find()
-    else:
-        user_group_ids = (
-            [group.immutable_id for group in current_user.person.groups]
-            if current_user.person.groups
-            else []
-        )
+    user_group_ids = (
+        [group.immutable_id for group in current_user.person.groups]
+        if current_user.person.groups
+        else []
+    )
 
-        groups_cursor = flask_mongo.db.groups.find(
-            {
-                "$or": [
-                    {"_id": {"$in": user_group_ids}},
-                    {"group_admins": {"$in": [str(current_user.person.immutable_id)]}},
-                ]
-            }
-        )
+    groups_cursor = flask_mongo.db.groups.find(
+        {
+            "$or": [
+                {"_id": {"$in": user_group_ids}},
+                {"group_admins": {"$in": [str(current_user.person.immutable_id)]}},
+            ]
+        }
+    )
 
     groups_data = []
     for group_doc in groups_cursor:
         group_doc["immutable_id"] = str(group_doc["_id"])
         groups_data.append(json.loads(Group(**group_doc).json()))
 
-    return jsonify(
-        {
-            "status": "success",
-            "data": groups_data,
-        }
-    ), 200
+    return jsonify({"status": "success", "data": groups_data}), 200
diff --git a/pydatalab/src/pydatalab/routes/v0_1/items.py b/pydatalab/src/pydatalab/routes/v0_1/items.py
index c6170a370..217e1a333 100644
--- a/pydatalab/src/pydatalab/routes/v0_1/items.py
+++ b/pydatalab/src/pydatalab/routes/v0_1/items.py
@@ -560,6 +560,60 @@ def _create_sample(
             }
         ]
 
+    if "additional_creators" in sample_dict and sample_dict["additional_creators"]:
+        additional_creator_ids = []
+        for creator in sample_dict["additional_creators"]:
+            if isinstance(creator, dict) and "immutable_id" in creator:
+                additional_creator_ids.append(ObjectId(creator["immutable_id"]))
+            elif isinstance(creator, str):
+                additional_creator_ids.append(ObjectId(creator))
+
+        new_sample["creator_ids"].extend(additional_creator_ids)
+
+        for creator in sample_dict["additional_creators"]:
+            if isinstance(creator, dict):
+                new_sample["creators"].append(
+                    {
+                        "display_name": creator.get("display_name", ""),
+                        "contact_email": creator.get("contact_email", ""),
+                    }
+                )
+
+    if "share_with_groups" in sample_dict and sample_dict["share_with_groups"]:
+        group_ids = []
+        for group in sample_dict["share_with_groups"]:
+            if isinstance(group, dict) and "immutable_id" in group:
+                group_ids.append(ObjectId(group["immutable_id"]))
+            elif isinstance(group, str):
+                group_ids.append(ObjectId(group))
+
+        if not CONFIG.TESTING and current_user.is_authenticated:
+            user_group_ids = (
+                [group.immutable_id for group in current_user.person.groups]
+                if current_user.person.groups
+                else []
+            )
+
+            groups_where_admin = list(
+                flask_mongo.db.groups.find(
+                    {"group_admins": {"$in": [str(current_user.person.immutable_id)]}}, {"_id": 1}
+                )
+            )
+            admin_group_ids = [g["_id"] for g in groups_where_admin]
+            allowed_group_ids = user_group_ids + admin_group_ids
+
+            if not all(gid in allowed_group_ids for gid in group_ids):
+                return (
+                    dict(
+                        status="error",
+                        message="You can only share with groups you belong to or administer.",
+                        item_id=new_sample["item_id"],
+                    ),
+                    403,
+                )
+
+        new_sample["group_ids"] = group_ids
+
     # Generate a unique refcode for the sample
     new_sample["refcode"] = generate_unique_refcode()
     if generate_id_automatically:
diff --git a/webapp/src/components/CreateGroupModal.vue b/webapp/src/components/CreateGroupModal.vue
index 9f3ef4f52..a2afa5bc4 100644
--- a/webapp/src/components/CreateGroupModal.vue
+++ b/webapp/src/components/CreateGroupModal.vue
@@ -10,17 +10,17 @@
       <template #body>
         <div class="form-row">
           <div class="form-group col-md-6">
-            <label for="create-group-group_id" class="col-form-label">Group ID:</label>
+            <label for="group-id" class="col-form-label">Group ID:</label>
             <input
-              id="create-group-group_id"
+              id="group-id"
               v-model="group_id"
               type="text"
               class="form-control"
-              :class="{ 'is-invalid': showValidation && (!group_id || isValidGroupId) }"
+              :class="{ 'is-invalid': showValidation && (isValidGroupId || !group_id) }"
               required
             />
             <!-- eslint-disable-next-line vue/no-v-html -->
-            <div class="form-error" v-html="isValidGroupId"></div>
+            <div v-if="isValidGroupId" class="form-error" v-html="isValidGroupId"></div>
             <div v-if="showValidation && !group_id" class="invalid-feedback">
               Group ID is required.
             </div>
@@ -144,13 +144,13 @@ export default {
 
           this.$emit("group-created");
           this.resetForm();
+          this.$emit("update:modelValue", false);
         }
-        this.$emit("update:modelValue", false);
       } catch (error) {
         console.error("Error creating group:", error);
         let is_group_id_error = false;
         try {
-          if (error.includes("group_id_validation_error")) {
+          if (error.includes("group_id_validation_error") || error.includes("already exists")) {
             this.takenGroupIds.push(this.group_id);
             is_group_id_error = true;
           }
@@ -168,6 +168,7 @@ export default {
       this.display_name = "";
       this.description = "";
       this.group_admins = [];
+      this.group_members = [];
       this.takenGroupIds = [];
       this.showValidation = false;
     },
diff --git a/webapp/src/components/CreateItemModal.vue b/webapp/src/components/CreateItemModal.vue
index f31f139ce..7cb84af72 100644
--- a/webapp/src/components/CreateItemModal.vue
+++ b/webapp/src/components/CreateItemModal.vue
@@ -98,6 +98,24 @@
           :is="itemCreateModalAddonComponent"
           @starting-data-callback="(callback) => (startingDataCallback = callback)"
         />
+        <div class="form-row">
+          <div class="col-md-6 form-group">
+            <label id="shareWithGroupsLabel">(Optional) Share with groups:</label>
+            <GroupSelect
+              v-model="shareWithGroups"
+              aria-labelledby="shareWithGroupsLabel"
+              multiple
+            />
+          </div>
+          <div class="col-md-6 form-group">
+            <label id="additionalCreatorsLabel">(Optional) Additional creators:</label>
+            <UserSelect
+              v-model="additionalCreators"
+              aria-labelledby="additionalCreatorsLabel"
+              multiple
+            />
+          </div>
+        </div>
       </template>
     </Modal>
   </form>
@@ -106,6 +124,8 @@
 <script>
 import Modal from "@/components/Modal.vue";
 import ItemSelect from "@/components/ItemSelect.vue";
+import GroupSelect from "@/components/GroupSelect.vue";
+import UserSelect from "@/components/UserSelect.vue";
 import { createNewItem } from "@/server_fetch_utils.js";
 import { validateEntryID } from "@/field_utils.js";
 import { itemTypes, SAMPLE_TABLE_TYPES, AUTOMATICALLY_GENERATE_ID_DEFAULT } from "@/resources.js";
@@ -116,6 +136,8 @@ export default {
     Modal,
     ItemSelect,
     CollectionSelect,
+    GroupSelect,
+    UserSelect,
   },
   props: {
     modelValue: Boolean,
@@ -138,6 +160,8 @@ export default {
       startingConstituents: [],
       generateIDAutomatically: AUTOMATICALLY_GENERATE_ID_DEFAULT,
       agesAgo: new Date("1970-01-01").toISOString().slice(0, -8), // a datetime for the unix epoch start
+      shareWithGroups: [],
+      additionalCreators: [],
     };
   },
   computed: {
@@ -176,6 +200,8 @@ export default {
           type: "collections",
         }));
       }
+      const groupsData = this.shareWithGroups.length > 0 ? this.shareWithGroups : null;
+      const creatorsData = this.additionalCreators.length > 0 ? this.additionalCreators : null;
 
       await createNewItem(
         this.item_id,
@@ -186,6 +212,8 @@ export default {
         extraData,
         this.selectedItemToCopy && this.selectedItemToCopy.item_id,
         this.generateIDAutomatically,
+        groupsData,
+        creatorsData,
       )
         .then(() => {
           this.$emit("update:modelValue", false); // close this modal
@@ -196,6 +224,8 @@ export default {
           this.item_id = null;
           this.name = null;
           this.date = this.now(); // reset date to the new current time
+          this.shareWithGroups = [];
+          this.additionalCreators = [];
         })
         .catch((error) => {
           let is_item_id_error = false;
diff --git a/webapp/src/components/EditGroupModal.vue b/webapp/src/components/EditGroupModal.vue
index 7ae47016c..38116ddc5 100644
--- a/webapp/src/components/EditGroupModal.vue
+++ b/webapp/src/components/EditGroupModal.vue
@@ -69,9 +69,9 @@ import Modal from "@/components/Modal.vue";
 import UserSelect from "@/components/UserSelect.vue";
 import {
   updateGroup,
-  getUsersList,
   addUserToGroup,
   removeUserFromGroup,
+  getAdminGroupsList,
 } from "@/server_fetch_utils.js";
 
 export default {
@@ -116,8 +116,8 @@ export default {
           this.display_name = newGroup.display_name;
           this.description = newGroup.description;
 
-          this.group_admins = this.loadUsersFromIds(newGroup.group_admins || []);
-          this.group_members = this.loadUsersFromIds(newGroup.members || []);
+          this.group_admins = newGroup.group_admins || [];
+          this.group_members = newGroup.members || [];
 
           this.originalGroup = { ...newGroup };
           this.originalAdmins = [...this.group_admins];
@@ -128,31 +128,13 @@ export default {
   },
   async created() {
     try {
-      this.allUsers = await getUsersList();
+      this.allUsers = await getAdminGroupsList();
     } catch (error) {
       console.error("Could not load users:", error);
       this.allUsers = [];
     }
   },
   methods: {
-    loadUsersFromIds(userIds) {
-      return userIds
-        .map((userId) => {
-          const user = this.allUsers.find(
-            (user) =>
-              (user._id && user._id === userId) ||
-              (user.user_id && user.user_id === userId) ||
-              (user.immutable_id && user.immutable_id === userId),
-          );
-
-          if (!user) {
-            console.warn(`User with ID ${userId} not found`);
-          }
-
-          return user;
-        })
-        .filter((user) => user !== undefined);
-    },
     async submitForm() {
       this.showValidation = true;
       if (!this.isFormValid) return;
@@ -160,7 +142,7 @@ export default {
       const groupData = {
         display_name: this.display_name,
         description: this.description,
-        group_admins: this.group_admins.map((admin) => admin.immutable_id || admin),
+        group_admins: this.group_admins.map((admin) => admin.immutable_id),
       };
 
       try {
diff --git a/webapp/src/components/GroupTable.vue b/webapp/src/components/GroupTable.vue
index 9aa162289..bdb0f327d 100644
--- a/webapp/src/components/GroupTable.vue
+++ b/webapp/src/components/GroupTable.vue
@@ -43,7 +43,7 @@
 </template>
 
 <script>
-import { getGroupsList, deleteGroup } from "@/server_fetch_utils.js";
+import { getAdminGroupsList, deleteGroup } from "@/server_fetch_utils.js";
 import EditGroupModal from "./EditGroupModal.vue";
 
 export default {
@@ -64,7 +64,7 @@ export default {
   },
   methods: {
     async getGroups() {
-      let data = await getGroupsList();
+      let data = await getAdminGroupsList();
       if (data != null) {
         this.groups = JSON.parse(JSON.stringify(data));
         this.original_groups = JSON.parse(JSON.stringify(data));
@@ -72,8 +72,6 @@ export default {
     },
 
     async confirmDeleteGroup(group) {
-      console.log("Group object:", group);
-
       if (
         window.confirm(
           `Are you sure you want to delete the group "${group.display_name}"? This action cannot be undone.`,
diff --git a/webapp/src/components/itemCreateModalAddons/CellCreateModalAddon.vue b/webapp/src/components/itemCreateModalAddons/CellCreateModalAddon.vue
index b129f539d..d53e8750a 100644
--- a/webapp/src/components/itemCreateModalAddons/CellCreateModalAddon.vue
+++ b/webapp/src/components/itemCreateModalAddons/CellCreateModalAddon.vue
@@ -1,5 +1,5 @@
 <template>
-  <div class="row form-inline">
+  <div class="row form-inline form-group">
     <label class="pl-3">(Optional) Cell components:</label>
     <div class="col-md-12 form-group form-row ml-2 mt-3">
       <label id="posConstituentsLabel" class="col-sm-3 text-right cell-component-label"
diff --git a/webapp/src/server_fetch_utils.js b/webapp/src/server_fetch_utils.js
index c60690376..5bd39bc73 100644
--- a/webapp/src/server_fetch_utils.js
+++ b/webapp/src/server_fetch_utils.js
@@ -114,18 +114,29 @@ export function createNewItem(
   startingData = {},
   copyFrom = null,
   generateIDAutomatically = false,
+  groupsData = null,
+  creatorsData = null,
 ) {
+  const newSampleData = {
+    item_id: item_id,
+    date: date,
+    name: name,
+    type: type,
+    collections: startingCollection,
+    ...startingData,
+  };
+
+  if (groupsData && groupsData.length > 0) {
+    newSampleData.share_with_groups = groupsData;
+  }
+
+  if (creatorsData && creatorsData.length > 0) {
+    newSampleData.additional_creators = creatorsData;
+  }
   return fetch_post(`${API_URL}/new-sample/`, {
     copy_from_item_id: copyFrom,
     generate_id_automatically: generateIDAutomatically,
-    new_sample_data: {
-      item_id: item_id,
-      date: date,
-      name: name,
-      type: type,
-      collections: startingCollection,
-      ...startingData,
-    },
+    new_sample_data: newSampleData,
   }).then(function (response_json) {
     console.log("received the following data from fetch new-sample:");
     console.log(response_json.sample_list_entry);
@@ -287,6 +298,18 @@ export function getGroupsList() {
     });
 }
 
+export function getAdminGroupsList() {
+  return fetch_get(`${API_URL}/admin/groups`)
+    .then(function (response_json) {
+      return response_json.data;
+    })
+    .catch((error) => {
+      console.error("Error when fetching admin groups list");
+      console.error(error);
+      throw error;
+    });
+}
+
 export function createGroup(groupData) {
   console.log("createGroup");
   return fetch_put(`${API_URL}/groups`, groupData)

From 0edafaa2165c61b57840ae2d1d7b9415a447bd0f Mon Sep 17 00:00:00 2001
From: Benjamin CHARMES <benjamin.charmes@gmail.com>
Date: Tue, 24 Jun 2025 15:39:37 +0200
Subject: [PATCH 13/18] Add same thing in BatchCreateItemModal

---
 .../src/components/BatchCreateItemModal.vue   | 96 +++++++++++++++----
 1 file changed, 80 insertions(+), 16 deletions(-)

diff --git a/webapp/src/components/BatchCreateItemModal.vue b/webapp/src/components/BatchCreateItemModal.vue
index a3a3593c7..c9037199a 100644
--- a/webapp/src/components/BatchCreateItemModal.vue
+++ b/webapp/src/components/BatchCreateItemModal.vue
@@ -76,11 +76,13 @@
                 <table data-testid="batch-add-table-template" class="table table-sm mb-2">
                   <thead>
                     <tr class="subheading template-subheading">
-                      <th style="width: calc(12%)">ID</th>
-                      <th>Name</th>
-                      <th style="width: calc(15%)">Date</th>
-                      <th style="width: calc(22%)">Copy from</th>
-                      <th style="width: calc(22%)">Components</th>
+                      <th style="width: 10%">ID</th>
+                      <th style="width: 15%">Name</th>
+                      <th style="width: 15%">Date</th>
+                      <th style="width: 15%">Copy from</th>
+                      <th style="width: 15%">Components</th>
+                      <th style="width: 15%">Groups</th>
+                      <th style="width: 15%">Creators</th>
                     </tr>
                   </thead>
                   <tbody>
@@ -174,6 +176,22 @@
                           />
                         </div>
                       </td>
+                      <td>
+                        <GroupSelect
+                          v-model="itemTemplate.shareWithGroups"
+                          multiple
+                          placeholder="Select groups..."
+                          @update:model-value="applyGroupsTemplate"
+                        />
+                      </td>
+                      <td>
+                        <UserSelect
+                          v-model="itemTemplate.additionalCreators"
+                          multiple
+                          placeholder="Select users..."
+                          @update:model-value="applyCreatorsTemplate"
+                        />
+                      </td>
                     </tr>
                   </tbody>
                 </table>
@@ -200,12 +218,14 @@
               <table data-testid="batch-add-table" class="table mb-2">
                 <thead>
                   <tr class="subheading">
-                    <th style="width: calc(12%)">ID</th>
-                    <th style="width: calc(25%)">Name</th>
-                    <th style="width: calc(15%)">Date</th>
-                    <th style="width: calc(22%)">Copy from</th>
-                    <th style="width: calc(22%) - 2rem">Components</th>
-                    <th style="width: 2rem"></th>
+                    <th style="width: 8%">ID</th>
+                    <th style="width: 15%">Name</th>
+                    <th style="width: 15%">Date</th>
+                    <th style="width: 15%">Copy from</th>
+                    <th style="width: 15%">Components</th>
+                    <th style="width: 15%">Groups</th>
+                    <th style="width: 15%">Creators</th>
+                    <th style="width: 2%"></th>
                   </tr>
                 </thead>
                 <tbody>
@@ -273,6 +293,20 @@
                           />
                         </div>
                       </td>
+                      <td>
+                        <GroupSelect
+                          v-model="item.shareWithGroups"
+                          multiple
+                          placeholder="Groups..."
+                        />
+                      </td>
+                      <td>
+                        <UserSelect
+                          v-model="item.additionalCreators"
+                          multiple
+                          placeholder="Users..."
+                        />
+                      </td>
                       <td>
                         <button
                           type="button"
@@ -284,10 +318,6 @@
                         </button>
                       </td>
                     </tr>
-                    <td colspan="3">
-                      <!-- eslint-disable-next-line vue/no-v-html -->
-                      <span class="form-error" v-html="isValidEntryID[index]" />
-                    </td>
                   </template>
                 </tbody>
               </table>
@@ -340,6 +370,8 @@
 <script>
 import Modal from "@/components/Modal.vue";
 import ItemSelect from "@/components/ItemSelect.vue";
+import GroupSelect from "@/components/GroupSelect.vue";
+import UserSelect from "@/components/UserSelect.vue";
 import { createNewSamples } from "@/server_fetch_utils.js";
 import { validateEntryID } from "@/field_utils.js";
 import { itemTypes, SAMPLE_TABLE_TYPES, AUTOMATICALLY_GENERATE_ID_DEFAULT } from "@/resources.js";
@@ -348,6 +380,8 @@ export default {
   components: {
     Modal,
     ItemSelect,
+    GroupSelect,
+    UserSelect,
   },
   props: {
     modelValue: Boolean,
@@ -375,6 +409,8 @@ export default {
           electrolyte: [],
           negativeElectrode: [],
           date: this.now(),
+          shareWithGroups: [],
+          additionalCreators: [],
         },
         {
           item_id: null,
@@ -385,6 +421,8 @@ export default {
           electrolyte: [],
           negativeElectrode: [],
           date: this.now(),
+          shareWithGroups: [],
+          additionalCreators: [],
         },
         {
           item_id: null,
@@ -395,6 +433,8 @@ export default {
           electrolyte: [],
           negativeElectrode: [],
           date: this.now(),
+          shareWithGroups: [],
+          additionalCreators: [],
         },
       ],
       takenItemIds: [], // this holds ids that have been tried, whereas the computed takenSampleIds holds ids in the item table
@@ -410,6 +450,8 @@ export default {
         electrolyte: null,
         negativeElectrode: null,
         date: this.now(),
+        shareWithGroups: [],
+        additionalCreators: [],
       },
 
       serverResponses: {}, // after the server responds, store error messages if any
@@ -462,7 +504,15 @@ export default {
       }
       if (newValue > oldValue) {
         for (let i = 0; i < newValue - oldValue; i++) {
-          this.items.push({ ...this.itemTemplate });
+          this.items.push({
+            ...this.itemTemplate,
+            shareWithGroups: [],
+            additionalCreators: [],
+            components: [],
+            positiveElectrode: [],
+            electrolyte: [],
+            negativeElectrode: [],
+          });
         }
         if (this.itemTemplate.item_id) {
           this.applyIdTemplate();
@@ -527,6 +577,16 @@ export default {
         item.negativeElectrode = this.itemTemplate.negativeElectrode;
       });
     },
+    applyGroupsTemplate() {
+      this.items.forEach((item) => {
+        item.shareWithGroups = [...this.itemTemplate.shareWithGroups];
+      });
+    },
+    applyCreatorsTemplate() {
+      this.items.forEach((item) => {
+        item.additionalCreators = [...this.itemTemplate.additionalCreators];
+      });
+    },
     removeRow(index) {
       this.items.splice(index, 1);
       this.nSamples = this.nSamples - 1;
@@ -557,6 +617,8 @@ export default {
             synthesis_constituents: item.components
               ? item.components.map((x) => ({ item: x, quantity: null }))
               : [],
+            share_with_groups: item.shareWithGroups || [],
+            additional_creators: item.additionalCreators || [],
           };
         });
       } else {
@@ -575,6 +637,8 @@ export default {
             negative_electrode: item.negativeElectrode
               ? item.negativeElectrode.map((x) => ({ item: x, quantity: null }))
               : [],
+            share_with_groups: item.shareWithGroups || [],
+            additional_creators: item.additionalCreators || [],
           };
         });
       }

From 0ad01780a71f6c59dc84f318ee4bd4f3acb5d6f0 Mon Sep 17 00:00:00 2001
From: Benjamin CHARMES <benjamin.charmes@gmail.com>
Date: Tue, 24 Jun 2025 17:59:49 +0200
Subject: [PATCH 14/18] Fix python tests

---
 pydatalab/tests/server/test_users.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pydatalab/tests/server/test_users.py b/pydatalab/tests/server/test_users.py
index 0704078ed..e373ddf40 100644
--- a/pydatalab/tests/server/test_users.py
+++ b/pydatalab/tests/server/test_users.py
@@ -52,7 +52,11 @@ def test_list_users(admin_client, client):
 def test_list_groups(admin_client, client):
     resp = admin_client.get("/groups")
     assert resp.status_code == 200
+
     resp = client.get("/groups")
+    assert resp.status_code == 200
+
+    resp = client.get("/admin/groups")
     assert resp.status_code == 403
 
 

From f69dffdd6b742951fd3b8acb2c00f5994c317f1d Mon Sep 17 00:00:00 2001
From: Benjamin CHARMES <benjamin.charmes@gmail.com>
Date: Wed, 25 Jun 2025 11:26:30 +0200
Subject: [PATCH 15/18] Fix cypress batchSampleFeature by using data-testid
 rather than index

---
 webapp/cypress/e2e/batchSampleFeature.cy.js   | 337 +++++++++---------
 .../src/components/BatchCreateItemModal.vue   |  98 +++--
 2 files changed, 228 insertions(+), 207 deletions(-)

diff --git a/webapp/cypress/e2e/batchSampleFeature.cy.js b/webapp/cypress/e2e/batchSampleFeature.cy.js
index 13c2e3183..0631b9946 100644
--- a/webapp/cypress/e2e/batchSampleFeature.cy.js
+++ b/webapp/cypress/e2e/batchSampleFeature.cy.js
@@ -11,22 +11,16 @@ function getSubmitButton() {
   return cy.get("[data-testid=batch-modal-container]").contains("Submit");
 }
 
-function getBatchAddCell(row, column, additionalSelectors = "") {
-  return cy.get(
-    `[data-testid=batch-add-table] > tbody > tr:nth-of-type(${row}) > td:nth-of-type(${column}) ${additionalSelectors}`,
-  );
+function getBatchAddCell(row, columnName, additionalSelectors = "") {
+  return cy.get(`[data-testid="item-${row - 1}-${columnName}"] ${additionalSelectors}`);
 }
 
-function getBatchTemplateCell(column, additionalSelectors = "") {
-  return cy.get(
-    `[data-testid=batch-add-table-template] > tbody > tr > td:nth-of-type(${column}) ${additionalSelectors}`,
-  );
+function getBatchTemplateCell(columnName, additionalSelectors = "") {
+  return cy.get(`[data-testid="template-cell-${columnName}"] ${additionalSelectors}`);
 }
 
 function getBatchAddError(row, additionalSelectors = "") {
-  return cy.get(
-    `[data-testid=batch-add-table] > tbody > tr:nth-of-type(${row}) + td ${additionalSelectors}`,
-  );
+  return cy.get(`[data-testid="item-${row - 1}-error"]${additionalSelectors}`);
 }
 
 // Any sample ID touched by these tests should be listed here for clean-up
@@ -86,11 +80,11 @@ describe("Batch sample creation", () => {
   it("Adds 3 valid samples", () => {
     cy.contains("Add batch of items").click();
     getSubmitButton().should("be.disabled");
-    getBatchAddCell(1, 1).type("testA");
-    getBatchAddCell(2, 1).type("testB");
-    getBatchAddCell(2, 2).type("this sample has a name");
+    getBatchAddCell(1, "id").type("testA");
+    getBatchAddCell(2, "id").type("testB");
+    getBatchAddCell(2, "name").type("this sample has a name");
     getSubmitButton().should("be.disabled");
-    getBatchAddCell(3, 1).type("testC");
+    getBatchAddCell(3, "id").type("testC");
     getSubmitButton().click();
 
     cy.get("[data-testid=batch-modal-container]").contains("a", "testA");
@@ -111,10 +105,10 @@ describe("Batch sample creation", () => {
     cy.findByLabelText("Number of rows:").clear().type(2);
 
     cy.get('[data-testid="batch-modal-container"]').findByText("Submit").should("be.disabled");
-    getBatchAddCell(1, 1).type("baseA");
-    getBatchAddCell(2, 1).type("baseB");
-    getBatchAddCell(2, 2).type("the name of baseB");
-    getBatchAddCell(2, 3).type("1999-12-31T01:00");
+    getBatchAddCell(1, "id").type("baseA");
+    getBatchAddCell(2, "id").type("baseB");
+    getBatchAddCell(2, "name").type("the name of baseB");
+    getBatchAddCell(2, "date").type("1999-12-31T01:00");
     getSubmitButton().click();
     cy.get("[data-testid=batch-modal-container]").contains("a", "baseA");
     cy.get("[data-testid=batch-modal-container]").contains("a", "baseB");
@@ -130,11 +124,11 @@ describe("Batch sample creation", () => {
     cy.findByLabelText("Number of rows:").clear().type(4);
 
     cy.get('[data-testid="batch-modal-container"]').findByText("Submit").should("be.disabled");
-    getBatchAddCell(1, 1).type("component1");
-    getBatchAddCell(1, 2).type("this component has a name that is quite long");
-    getBatchAddCell(2, 1).type("component2");
-    getBatchAddCell(3, 1).type("component3");
-    getBatchAddCell(4, 1).type("component4");
+    getBatchAddCell(1, "id").type("component1");
+    getBatchAddCell(1, "name").type("this component has a name");
+    getBatchAddCell(2, "id").type("component2");
+    getBatchAddCell(3, "id").type("component3");
+    getBatchAddCell(4, "id").type("component4");
 
     getSubmitButton().click();
     cy.get("[data-testid=batch-modal-container]").contains("a", "component1");
@@ -192,17 +186,17 @@ describe("Batch sample creation", () => {
 
   it("makes samples copied from others", () => {
     cy.contains("Add batch of items").click();
-    getBatchAddCell(1, 1).type("baseA_copy");
-    getBatchAddCell(1, 2).type("a copied sample");
-    getBatchAddCell(1, 4, ".vs__search").type("BaseA");
+    getBatchAddCell(1, "id").type("baseA_copy");
+    getBatchAddCell(1, "name").type("a copied sample");
+    getBatchAddCell(1, "copy-from", ".vs__search").type("BaseA");
     cy.get(".vs__dropdown-menu").contains(".badge", "baseA").click();
 
-    getBatchAddCell(2, 1).type("baseB_copy");
-    getBatchAddCell(2, 4, ".vs__search").type("BaseB");
+    getBatchAddCell(2, "id").type("baseB_copy");
+    getBatchAddCell(2, "copy-from", ".vs__search").type("BaseB");
     cy.get(".vs__dropdown-menu").contains(".badge", "baseB").click();
 
-    getBatchAddCell(3, 1).type("baseB_copy2");
-    getBatchAddCell(3, 4, ".vs__search").type("BaseB");
+    getBatchAddCell(3, "id").type("baseB_copy2");
+    getBatchAddCell(3, "copy-from", ".vs__search").type("BaseB");
     cy.get(".vs__dropdown-menu").contains(".badge", "baseB").click();
 
     getSubmitButton().click();
@@ -259,54 +253,54 @@ describe("Batch sample creation", () => {
     cy.findByLabelText("Number of rows:").clear().type(4);
 
     // sample with two components
-    getBatchAddCell(1, 1).type("test101");
-    getBatchAddCell(1, 2).type("sample with two components");
-    getBatchAddCell(1, 5, ".vs__search").type("component1");
+    getBatchAddCell(1, "id").type("test101");
+    getBatchAddCell(1, "name").type("sample with two components");
+    getBatchAddCell(1, "components", ".vs__search").type("component1");
     cy.get(".vs__dropdown-menu").contains(".badge", "component1").click();
 
-    getBatchAddCell(1, 5, ".vs__search").type("component2");
+    getBatchAddCell(1, "components", ".vs__search").type("component2");
     cy.get(".vs__dropdown-menu").contains(".badge", "component2").click();
 
     // sample with two components, copied from a sample with no components
-    getBatchAddCell(2, 1).type("test102");
-    getBatchAddCell(2, 2).type(
+    getBatchAddCell(2, "id").type("test102");
+    getBatchAddCell(2, "name").type(
       "sample with two components, copied from a sample with no components",
     );
-    getBatchAddCell(2, 4, ".vs__search").type("baseA");
+    getBatchAddCell(2, "copy-from", ".vs__search").type("baseA");
     cy.get(".vs__dropdown-menu").contains(".badge", "baseA").click();
 
-    getBatchAddCell(2, 5, ".vs__search").type("component1");
+    getBatchAddCell(2, "components", ".vs__search").type("component1");
     cy.get(".vs__dropdown-menu").contains(".badge", "component1").click();
 
-    getBatchAddCell(2, 5, ".vs__search").type("component2");
+    getBatchAddCell(2, "components", ".vs__search").type("component2");
     cy.get(".vs__dropdown-menu").contains(".badge", "component2").click();
 
     // sample with one components, copied from a sample with two components
-    getBatchAddCell(3, 1).type("test103");
-    getBatchAddCell(3, 2).type(
+    getBatchAddCell(3, "id").type("test103");
+    getBatchAddCell(3, "name").type(
       "sample with one component, copied from a sample with two components",
     );
-    getBatchAddCell(3, 4, ".vs__search").type("baseB");
+    getBatchAddCell(3, "copy-from", ".vs__search").type("baseB");
     cy.get(".vs__dropdown-menu").contains(".badge", "baseB").click();
 
-    getBatchAddCell(3, 5, ".vs__search").type("component1");
+    getBatchAddCell(3, "components", ".vs__search").type("component1");
     cy.get(".vs__dropdown-menu").contains(".badge", "component1").click();
 
     // sample with three components, copied from a sample with some of the same components
-    getBatchAddCell(4, 1).type("test104");
-    getBatchAddCell(4, 2).type(
+    getBatchAddCell(4, "id").type("test104");
+    getBatchAddCell(4, "name").type(
       "sample with three components, copied from a sample with some of the same components",
     );
-    getBatchAddCell(4, 4, ".vs__search").type("baseB");
+    getBatchAddCell(4, "copy-from", ".vs__search").type("baseB");
     cy.get(".vs__dropdown-menu").contains(".badge", "baseB").click();
 
-    getBatchAddCell(4, 5, ".vs__search").type("component2");
+    getBatchAddCell(4, "components", ".vs__search").type("component2");
     cy.get(".vs__dropdown-menu").contains(".badge", "component2").click();
 
-    getBatchAddCell(4, 5, ".vs__search").type("component3");
+    getBatchAddCell(4, "components", ".vs__search").type("component3");
     cy.get(".vs__dropdown-menu").contains(".badge", "component3").click();
 
-    getBatchAddCell(4, 5, ".vs__search").type("component4");
+    getBatchAddCell(4, "components", ".vs__search").type("component4");
     cy.get(".vs__dropdown-menu").contains(".badge", "component4").click();
 
     getSubmitButton().click();
@@ -419,13 +413,14 @@ describe("Batch sample creation", () => {
 
   it("uses the template id", () => {
     cy.contains("Add batch of items").click();
-    getBatchTemplateCell(1).type("test_{{}#{}}");
+
+    getBatchTemplateCell("id", "input.form-control").type("test_{{}#{}}");
 
     // manually type names and a date
-    getBatchAddCell(1, 2).type("testing 1");
-    getBatchAddCell(2, 2).type("testing 1,2");
-    getBatchAddCell(3, 2).type("testing 1,2,3");
-    getBatchAddCell(1, 3).type("1992-12-10T14:34");
+    getBatchAddCell(1, "name").type("testing 1");
+    getBatchAddCell(2, "name").type("testing 1,2");
+    getBatchAddCell(3, "name").type("testing 1,2,3");
+    getBatchAddCell(1, "date").type("1992-12-10T14:34");
 
     getSubmitButton().click();
 
@@ -444,9 +439,9 @@ describe("Batch sample creation", () => {
 
   it("uses the template id, name, and date", () => {
     cy.contains("Add batch of items").click();
-    getBatchTemplateCell(1).type("test_{{}#{}}");
-    getBatchTemplateCell(2).type("this is the test sample #{{}#{}}");
-    getBatchTemplateCell(3).type("1980-02-01T05:35");
+    getBatchTemplateCell("id", "input.form-control").type("test_{{}#{}}");
+    getBatchTemplateCell("name").type("this is the test sample #{{}#{}}");
+    getBatchTemplateCell("date").type("1980-02-01T05:35");
 
     cy.findByLabelText("start counting {#} at:").clear().type(5);
 
@@ -467,44 +462,44 @@ describe("Batch sample creation", () => {
 
   it("uses the template id, name, date, copyFrom, and components", () => {
     cy.contains("Add batch of items").click();
-    getBatchTemplateCell(1).type("test_{{}#{}}");
-    getBatchTemplateCell(2).type("this is the test sample #{{}#{}}");
-    getBatchTemplateCell(3).type("1980-02-01T23:59");
+    getBatchTemplateCell("id", "input.form-control").type("test_{{}#{}}");
+    getBatchTemplateCell("name").type("this is the test sample #{#}");
+    getBatchTemplateCell("date").type("1980-02-01T23:59");
 
     // select copyFrom sample, check that it is applied correctly
-    getBatchTemplateCell(4, ".vs__search").type("baseA");
+    getBatchTemplateCell("copy-from", ".vs__search").type("baseA");
     cy.get(".vs__dropdown-menu").contains(".badge", "baseA").click();
 
-    getBatchAddCell(1, 4).contains("baseA");
-    getBatchAddCell(2, 4).contains("baseA");
-    getBatchAddCell(3, 4).contains("baseA");
+    getBatchAddCell(1, "copy-from").contains("baseA");
+    getBatchAddCell(2, "copy-from").contains("baseA");
+    getBatchAddCell(3, "copy-from").contains("baseA");
 
     // change the copyFrom sample, check that it is applied correctly
-    getBatchTemplateCell(4, ".vs__search").type("baseB");
+    getBatchTemplateCell("copy-from", ".vs__search").type("baseB");
     cy.get(".vs__dropdown-menu").contains(".badge", "baseB").click();
 
-    getBatchAddCell(1, 4).contains("baseB");
-    getBatchAddCell(2, 4).contains("baseB");
-    getBatchAddCell(3, 4).contains("baseB");
+    getBatchAddCell(1, "copy-from").contains("baseB");
+    getBatchAddCell(2, "copy-from").contains("baseB");
+    getBatchAddCell(3, "copy-from").contains("baseB");
 
     // add a component, check that it is applied correctly
-    getBatchTemplateCell(5, ".vs__search").type("component1");
+    getBatchTemplateCell("components", ".vs__search").type("component1");
     cy.get(".vs__dropdown-menu").contains(".badge", "component1").click();
 
-    getBatchAddCell(1, 5).contains("component1");
-    getBatchAddCell(2, 5).contains("component1");
-    getBatchAddCell(3, 5).contains("component1");
+    getBatchAddCell(1, "components").contains("component1");
+    getBatchAddCell(2, "components").contains("component1");
+    getBatchAddCell(3, "components").contains("component1");
 
     // add another component, check that it is applied correctly
-    getBatchTemplateCell(5, ".vs__search").type("component2");
+    getBatchTemplateCell("components", ".vs__search").type("component2");
     cy.get(".vs__dropdown-menu").contains(".badge", "component2").click();
 
-    getBatchAddCell(1, 5).contains("component1");
-    getBatchAddCell(1, 5).contains("component2");
-    getBatchAddCell(2, 5).contains("component1");
-    getBatchAddCell(2, 5).contains("component2");
-    getBatchAddCell(3, 5).contains("component1");
-    getBatchAddCell(3, 5).contains("component2");
+    getBatchAddCell(1, "components").contains("component1");
+    getBatchAddCell(1, "components").contains("component2");
+    getBatchAddCell(2, "components").contains("component1");
+    getBatchAddCell(2, "components").contains("component2");
+    getBatchAddCell(3, "components").contains("component1");
+    getBatchAddCell(3, "components").contains("component2");
 
     getSubmitButton().click();
 
@@ -554,19 +549,19 @@ describe("Batch sample creation", () => {
     cy.findByLabelText("Number of rows:").clear().type(0);
     cy.get("[data-testid=batch-add-table] > tbody > tr").should("have.length", 0);
 
-    getBatchTemplateCell(1).type("test{{}#{}}");
-    getBatchTemplateCell(2).type("name{{}#{}}");
+    getBatchTemplateCell("id", "input.form-control").type("test{{}#{}}");
+    getBatchTemplateCell("name", "input.form-control").type("name{{}#{}}");
 
-    getBatchTemplateCell(4, ".vs__search").type("baseB");
+    getBatchTemplateCell("copy-from", ".vs__search").type("baseB");
     cy.get(".vs__dropdown-menu").contains(".badge", "baseB").click();
 
-    getBatchTemplateCell(5, ".vs__search").type("component1");
+    getBatchTemplateCell("components", ".vs__search").type("component1");
     cy.get(".vs__dropdown-menu").contains(".badge", "component1").click();
 
-    getBatchTemplateCell(5, ".vs__search").type("component3");
+    getBatchTemplateCell("components", ".vs__search").type("component3");
     cy.get(".vs__dropdown-menu").contains(".badge", "component3").click();
 
-    getBatchTemplateCell(5, ".vs__search").type("component4");
+    getBatchTemplateCell("components", ".vs__search").type("component4");
     cy.get(".vs__dropdown-menu").contains(".badge", "component4").click();
 
     cy.findByLabelText("Number of rows:").clear().type(100);
@@ -578,43 +573,43 @@ describe("Batch sample creation", () => {
     cy.findByLabelText("Number of rows:").clear().type(4);
     cy.get("[data-testid=batch-add-table] > tbody > tr").should("have.length", 4);
 
-    getBatchAddCell(1, 1, "input").should("have.value", "test1");
-    getBatchAddCell(2, 1, "input").should("have.value", "test2");
-    getBatchAddCell(3, 1, "input").should("have.value", "test3");
-    getBatchAddCell(4, 1, "input").should("have.value", "test4");
+    getBatchAddCell(1, "id", "input").should("have.value", "test1");
+    getBatchAddCell(2, "id", "input").should("have.value", "test2");
+    getBatchAddCell(3, "id", "input").should("have.value", "test3");
+    getBatchAddCell(4, "id", "input").should("have.value", "test4");
 
-    getBatchAddCell(1, 2, "input").should("have.value", "name1");
-    getBatchAddCell(2, 2, "input").should("have.value", "name2");
-    getBatchAddCell(3, 2, "input").should("have.value", "name3");
-    getBatchAddCell(4, 2, "input").should("have.value", "name4");
+    getBatchAddCell(1, "name", "input").should("have.value", "name1");
+    getBatchAddCell(2, "name", "input").should("have.value", "name2");
+    getBatchAddCell(3, "name", "input").should("have.value", "name3");
+    getBatchAddCell(4, "name", "input").should("have.value", "name4");
 
-    getBatchAddCell(1, 4).contains("baseB");
-    getBatchAddCell(2, 4).contains("baseB");
-    getBatchAddCell(3, 4).contains("baseB");
-    getBatchAddCell(4, 4).contains("baseB");
+    getBatchAddCell(1, "copy-from").contains("baseB");
+    getBatchAddCell(2, "copy-from").contains("baseB");
+    getBatchAddCell(3, "copy-from").contains("baseB");
+    getBatchAddCell(4, "copy-from").contains("baseB");
 
-    getBatchAddCell(1, 5).contains("component1");
-    getBatchAddCell(2, 5).contains("component1");
-    getBatchAddCell(3, 5).contains("component1");
-    getBatchAddCell(4, 5).contains("component1");
+    getBatchAddCell(1, "components").contains("component1");
+    getBatchAddCell(2, "components").contains("component1");
+    getBatchAddCell(3, "components").contains("component1");
+    getBatchAddCell(4, "components").contains("component1");
 
-    getBatchAddCell(1, 5).contains("component3");
-    getBatchAddCell(2, 5).contains("component3");
-    getBatchAddCell(3, 5).contains("component3");
-    getBatchAddCell(4, 5).contains("component3");
+    getBatchAddCell(1, "components").contains("component3");
+    getBatchAddCell(2, "components").contains("component3");
+    getBatchAddCell(3, "components").contains("component3");
+    getBatchAddCell(4, "components").contains("component3");
 
-    getBatchAddCell(1, 5).contains("component4");
-    getBatchAddCell(2, 5).contains("component4");
-    getBatchAddCell(3, 5).contains("component4");
-    getBatchAddCell(4, 5).contains("component4");
+    getBatchAddCell(1, "components").contains("component4");
+    getBatchAddCell(2, "components").contains("component4");
+    getBatchAddCell(3, "components").contains("component4");
+    getBatchAddCell(4, "components").contains("component4");
 
     cy.findByLabelText("Number of rows:").clear().type(10);
     cy.get("[data-testid=batch-add-table] > tbody > tr").should("have.length", 10);
 
     cy.findByLabelText("Number of rows:").type("{backspace}");
     cy.get("[data-testid=batch-add-table] > tbody > tr").should("have.length", 1);
-    getBatchAddCell(1, 1, "input").should("have.value", "test1");
-    getBatchAddCell(1, 2, "input").should("have.value", "name1");
+    getBatchAddCell(1, "id", "input").should("have.value", "test1");
+    getBatchAddCell(1, "name", "input").should("have.value", "name1");
 
     cy.findByLabelText("Number of rows:").clear().type(2);
 
@@ -655,10 +650,16 @@ describe("Batch sample creation", () => {
   });
 
   it("checks errors on the row", () => {
+    cy.wait(10000);
     cy.contains("Add batch of items").click();
-    getBatchTemplateCell("1").type("test10{{}#{}}");
+    cy.wait(10000);
+    getBatchTemplateCell("id", "input.form-control").type("test10{{}#{}}");
+    cy.wait(10000);
+
     cy.wait(100);
     getSubmitButton().should("be.disabled");
+    cy.wait(10000);
+
     getBatchAddError(1).should("have.text", "test101 already in use.");
     getBatchAddError(2).should("have.text", "test102 already in use.");
     getBatchAddError(3).should("have.text", "test103 already in use.");
@@ -667,32 +668,32 @@ describe("Batch sample creation", () => {
     getSubmitButton().should("be.disabled");
     getBatchAddError(4).should("have.text", "test104 already in use.");
 
-    getBatchAddCell(1, 1).type("_unique");
-    getBatchTemplateCell(1, "input").should("have.value", ""); // test_id template should be cleared by modifying an item_id
-    getBatchAddError(1).invoke("text").invoke("trim").should("equal", ""); // expect no error for this row
+    getBatchAddCell(1, "id").type("_unique");
+    getBatchTemplateCell("id", "input").should("have.value", ""); // test_id template should be cleared by modifying an item_id
+    getBatchAddError(1).should("not.exist"); // expect no error for this row
     getSubmitButton().should("be.disabled"); // but submit is still disabled because there are still errors
 
-    getBatchAddCell(3, 1).type("_unique");
-    getBatchAddError(1).invoke("text").invoke("trim").should("equal", ""); // expect no error
-    getBatchAddError(3).invoke("text").invoke("trim").should("equal", ""); // expect no error
+    getBatchAddCell(3, "id").type("_unique");
+    getBatchAddError(1).should("not.exist"); // expect no error
+    getBatchAddError(3).should("not.exist"); // expect no error
 
-    getBatchAddCell(2, 1).type("_unique");
-    getBatchAddError(1).invoke("text").invoke("trim").should("equal", ""); // expect no error
-    getBatchAddError(2).invoke("text").invoke("trim").should("equal", ""); // expect no error
-    getBatchAddError(3).invoke("text").invoke("trim").should("equal", ""); // expect no error
+    getBatchAddCell(2, "id").type("_unique");
+    getBatchAddError(1).should("not.exist"); // expect no error
+    getBatchAddError(2).should("not.exist"); // expect no error
+    getBatchAddError(3).should("not.exist"); // expect no error
 
-    getBatchAddCell(2, 3).type("2000-01-01T10:05");
+    getBatchAddCell(2, "date").type("2000-01-01T10:05");
 
-    getBatchAddCell(4, 1).clear();
+    getBatchAddCell(4, "id").clear();
     getBatchAddError(4).invoke("text").invoke("trim").should("not.equal", ""); // expect some error
 
-    getBatchAddCell(4, 1).type("test101_unique");
+    getBatchAddCell(4, "id").type("test101_unique");
     getBatchAddError(4).invoke("text").invoke("trim").should("not.equal", ""); // expect some error
 
     getSubmitButton().should("be.disabled");
 
-    getBatchAddCell(4, 1).type("2");
-    getBatchAddError(4).invoke("text").invoke("trim").should("equal", ""); // expect no error
+    getBatchAddCell(4, "id").type("2");
+    getBatchAddError(4).should("not.exist"); // expect no error
 
     getSubmitButton().should("not.be.disabled"); // now all errors are fixed so submit is enabled
     getSubmitButton().click();
@@ -724,18 +725,18 @@ describe("Batch cell creation", () => {
     cy.get("[data-testid=batch-add-table] > tbody > tr").should("have.length", 4);
 
     getSubmitButton().should("be.disabled");
-    getBatchAddCell(1, 1, "input").type("cell_A");
+    getBatchAddCell(1, "id", "input").type("cell_A");
     // set positive electrode for the first cell
-    getBatchAddCell(1, 5, "input.vs__search").eq(0).type("abcdef");
+    getBatchAddCell(1, "components", "input.vs__search").eq(0).type("abcdef");
     cy.get(".vs__dropdown-menu").contains("abcdef").click();
 
-    getBatchAddCell(2, 1, "input").type("cell_B");
-    getBatchAddCell(2, 2, "input").type("this cell has a name");
+    getBatchAddCell(2, "id", "input").type("cell_B");
+    getBatchAddCell(2, "name", "input").type("this cell has a name");
 
     getSubmitButton().should("be.disabled");
-    getBatchAddCell(3, 1, "input").type("cell_C");
-    getBatchAddCell(3, 3, "input").type("2017-06-01T08:30");
-    getBatchAddCell(4, 1, "input").type("cell_D");
+    getBatchAddCell(3, "id", "input").type("cell_C");
+    getBatchAddCell(3, "date", "input").type("2017-06-01T08:30");
+    getBatchAddCell(4, "id", "input").type("cell_D");
 
     getSubmitButton().click();
 
@@ -749,9 +750,9 @@ describe("Batch cell creation", () => {
     cy.contains("Add batch of items").click();
     cy.findByLabelText("Number of rows:").clear().type(2);
 
-    getBatchAddCell(1, 1).type("comp1");
-    getBatchAddCell(1, 2).type("comp1 name");
-    getBatchAddCell(2, 1).type("comp2");
+    getBatchAddCell(1, "id").type("comp1");
+    getBatchAddCell(1, "name").type("comp1 name");
+    getBatchAddCell(2, "id").type("comp2");
 
     getSubmitButton().click();
     cy.get("[data-testid=batch-modal-container]").contains("a", "comp1");
@@ -763,58 +764,58 @@ describe("Batch cell creation", () => {
 
     cy.get("[data-testid=batch-modal-container]").findByLabelText("Type:").select("cell");
 
-    getBatchTemplateCell(1, "input").eq(0).type("cell_{{}#{}}");
-    getBatchTemplateCell(2, "input").type("this is the test cell #{{}#{}}");
-    getBatchTemplateCell(3, "input").type("1980-02-01T23:59");
+    getBatchTemplateCell("id", "input").eq(0).type("cell_{{}#{}}");
+    getBatchTemplateCell("name", "input").type("this is the test cell #{{}#{}}");
+    getBatchTemplateCell("date", "input").type("1980-02-01T23:59");
 
     // select copyFrom sample, check that it is applied correctly
-    getBatchTemplateCell(4, ".vs__search").type("cell_B");
+    getBatchTemplateCell("copy-from", ".vs__search").type("cell_B");
     cy.get(".vs__dropdown-menu").contains(".badge", "cell_B").click();
 
-    getBatchAddCell(1, 4).contains("cell_B");
-    getBatchAddCell(2, 4).contains("cell_B");
-    getBatchAddCell(3, 4).contains("cell_B");
+    getBatchAddCell(1, "copy-from").contains("cell_B");
+    getBatchAddCell(2, "copy-from").contains("cell_B");
+    getBatchAddCell(3, "copy-from").contains("cell_B");
 
     // change the copyFrom sample, check that it is applied correctly
-    getBatchTemplateCell(4, ".vs__search").type("cell_A");
+    getBatchTemplateCell("copy-from", ".vs__search").type("cell_A");
     cy.get(".vs__dropdown-menu").contains(".badge", "cell_A").click();
 
-    getBatchAddCell(1, 4).contains("cell_A");
-    getBatchAddCell(2, 4).contains("cell_A");
-    getBatchAddCell(3, 4).contains("cell_A");
+    getBatchAddCell(1, "copy-from").contains("cell_A");
+    getBatchAddCell(2, "copy-from").contains("cell_A");
+    getBatchAddCell(3, "copy-from").contains("cell_A");
 
     // add a positive electrode, check that it is applied correctly
-    getBatchTemplateCell(5, ".vs__search").eq(0).type("comp1");
+    getBatchTemplateCell("components", ".vs__search").eq(0).type("comp1");
     cy.get(".vs__dropdown-menu").contains(".badge", "comp1").click();
 
-    getBatchAddCell(1, 5).contains("comp1");
-    getBatchAddCell(2, 5).contains("comp1");
-    getBatchAddCell(3, 5).contains("comp1");
+    getBatchAddCell(1, "components").contains("comp1");
+    getBatchAddCell(2, "components").contains("comp1");
+    getBatchAddCell(3, "components").contains("comp1");
 
     // add another component, this one tagged (i.e., not in the db) check that it is applied correctly
-    getBatchTemplateCell(5, ".vs__search").eq(0).type("tagged");
+    getBatchTemplateCell("components", ".vs__search").eq(0).type("tagged");
     cy.get(".vs__dropdown-menu").eq(0).contains("tagged").click();
 
-    getBatchAddCell(1, 5).contains("comp1");
-    getBatchAddCell(1, 5).contains("tagged");
-    getBatchAddCell(2, 5).contains("comp1");
-    getBatchAddCell(2, 5).contains("tagged");
-    getBatchAddCell(3, 5).contains("comp1");
-    getBatchAddCell(3, 5).contains("tagged");
+    getBatchAddCell(1, "components").contains("comp1");
+    getBatchAddCell(1, "components").contains("tagged");
+    getBatchAddCell(2, "components").contains("comp1");
+    getBatchAddCell(2, "components").contains("tagged");
+    getBatchAddCell(3, "components").contains("comp1");
+    getBatchAddCell(3, "components").contains("tagged");
 
     // add electrolyte
-    getBatchTemplateCell(5, ".vs__search").eq(1).type("elyte");
+    getBatchTemplateCell("components", ".vs__search").eq(1).type("elyte");
     cy.get(".vs__dropdown-menu").eq(0).contains("elyte").click();
-    getBatchAddCell(1, 5).contains("elyte");
-    getBatchAddCell(2, 5).contains("elyte");
-    getBatchAddCell(3, 5).contains("elyte");
+    getBatchAddCell(1, "components").contains("elyte");
+    getBatchAddCell(2, "components").contains("elyte");
+    getBatchAddCell(3, "components").contains("elyte");
 
     // add negative electrode
-    getBatchTemplateCell(5, ".vs__search").eq(2).type("comp2");
+    getBatchTemplateCell("components", ".vs__search").eq(2).type("comp2");
     cy.get(".vs__dropdown-menu").eq(0).contains(".badge", "comp2").click();
-    getBatchAddCell(1, 5).contains("comp2");
-    getBatchAddCell(2, 5).contains("comp2");
-    getBatchAddCell(3, 5).contains("comp2");
+    getBatchAddCell(1, "components").contains("comp2");
+    getBatchAddCell(2, "components").contains("comp2");
+    getBatchAddCell(3, "components").contains("comp2");
 
     getSubmitButton().click();
     cy.get("[data-testid=batch-modal-container]").contains("a", "cell_1");
diff --git a/webapp/src/components/BatchCreateItemModal.vue b/webapp/src/components/BatchCreateItemModal.vue
index c9037199a..28a2144f9 100644
--- a/webapp/src/components/BatchCreateItemModal.vue
+++ b/webapp/src/components/BatchCreateItemModal.vue
@@ -76,18 +76,18 @@
                 <table data-testid="batch-add-table-template" class="table table-sm mb-2">
                   <thead>
                     <tr class="subheading template-subheading">
-                      <th style="width: 10%">ID</th>
-                      <th style="width: 15%">Name</th>
-                      <th style="width: 15%">Date</th>
-                      <th style="width: 15%">Copy from</th>
-                      <th style="width: 15%">Components</th>
-                      <th style="width: 15%">Groups</th>
-                      <th style="width: 15%">Creators</th>
+                      <th style="width: 10%" data-testid="template-col-id">ID</th>
+                      <th style="width: 15%" data-testid="template-col-name">Name</th>
+                      <th style="width: 15%" data-testid="template-col-date">Date</th>
+                      <th style="width: 15%" data-testid="template-col-copy-from">Copy from</th>
+                      <th style="width: 15%" data-testid="template-col-components">Components</th>
+                      <th style="width: 15%" data-testid="template-col-groups">Groups</th>
+                      <th style="width: 15%" data-testid="template-col-creators">Creators</th>
                     </tr>
                   </thead>
                   <tbody>
                     <tr>
-                      <td>
+                      <td data-testid="template-cell-id">
                         <input
                           v-model="itemTemplate.item_id"
                           class="form-control"
@@ -112,7 +112,7 @@
                           </label>
                         </div>
                       </td>
-                      <td>
+                      <td data-testid="template-cell-name">
                         <input
                           v-model="itemTemplate.name"
                           class="form-control"
@@ -120,7 +120,7 @@
                           @input="applyNameTemplate"
                         />
                       </td>
-                      <td>
+                      <td data-testid="template-cell-date">
                         <input
                           v-model="itemTemplate.date"
                           class="form-control"
@@ -130,14 +130,14 @@
                           @input="applyDateTemplate"
                         />
                       </td>
-                      <td>
+                      <td data-testid="template-cell-copy-from">
                         <ItemSelect
                           v-model="itemTemplate.copyFrom"
                           :formatted-item-name-max-length="8"
                           @update:model-value="applyCopyFromTemplate"
                         />
                       </td>
-                      <td>
+                      <td data-testid="template-cell-components">
                         <div v-if="item_type == 'samples'">
                           <ItemSelect
                             v-model="itemTemplate.components"
@@ -176,7 +176,7 @@
                           />
                         </div>
                       </td>
-                      <td>
+                      <td data-testid="template-cell-groups">
                         <GroupSelect
                           v-model="itemTemplate.shareWithGroups"
                           multiple
@@ -184,7 +184,7 @@
                           @update:model-value="applyGroupsTemplate"
                         />
                       </td>
-                      <td>
+                      <td data-testid="template-cell-creators">
                         <UserSelect
                           v-model="itemTemplate.additionalCreators"
                           multiple
@@ -218,20 +218,20 @@
               <table data-testid="batch-add-table" class="table mb-2">
                 <thead>
                   <tr class="subheading">
-                    <th style="width: 8%">ID</th>
-                    <th style="width: 15%">Name</th>
-                    <th style="width: 15%">Date</th>
-                    <th style="width: 15%">Copy from</th>
-                    <th style="width: 15%">Components</th>
-                    <th style="width: 15%">Groups</th>
-                    <th style="width: 15%">Creators</th>
-                    <th style="width: 2%"></th>
+                    <th style="width: 8%" data-testid="col-id">ID</th>
+                    <th style="width: 15%" data-testid="col-name">Name</th>
+                    <th style="width: 15%" data-testid="col-date">Date</th>
+                    <th style="width: 15%" data-testid="col-copy-from">Copy from</th>
+                    <th style="width: 15%" data-testid="col-components">Components</th>
+                    <th style="width: 15%" data-testid="col-groups">Groups</th>
+                    <th style="width: 15%" data-testid="col-creators">Creators</th>
+                    <th style="width: 2%" data-testid="col-delete"></th>
                   </tr>
                 </thead>
                 <tbody>
                   <template v-for="(item, index) in items" :key="index">
-                    <tr>
-                      <td>
+                    <tr :data-testid="`item-row-${index}`">
+                      <td :data-testid="`item-${index}-id`">
                         <input
                           v-model="item.item_id"
                           class="form-control"
@@ -239,14 +239,14 @@
                           @input="itemTemplate.item_id = ''"
                         />
                       </td>
-                      <td>
+                      <td :data-testid="`item-${index}-name`">
                         <input
                           v-model="item.name"
                           class="form-control"
                           @input="itemTemplate.name = ''"
                         />
                       </td>
-                      <td>
+                      <td :data-testid="`item-${index}-date`">
                         <input
                           v-model="item.date"
                           class="form-control"
@@ -255,10 +255,10 @@
                           :max="oneYearOn"
                         />
                       </td>
-                      <td>
+                      <td :data-testid="`item-${index}-copy-from`">
                         <ItemSelect v-model="item.copyFrom" :formatted-item-name-max-length="8" />
                       </td>
-                      <td>
+                      <td :data-testid="`item-${index}-components`">
                         <div v-if="item_type == 'samples'">
                           <ItemSelect
                             v-model="item.components"
@@ -293,21 +293,21 @@
                           />
                         </div>
                       </td>
-                      <td>
+                      <td :data-testid="`item-${index}-groups`">
                         <GroupSelect
                           v-model="item.shareWithGroups"
                           multiple
                           placeholder="Groups..."
                         />
                       </td>
-                      <td>
+                      <td :data-testid="`item-${index}-creators`">
                         <UserSelect
                           v-model="item.additionalCreators"
                           multiple
                           placeholder="Users..."
                         />
                       </td>
-                      <td>
+                      <td :data-testid="`item-${index}-delete`">
                         <button
                           type="button"
                           class="close"
@@ -318,6 +318,16 @@
                         </button>
                       </td>
                     </tr>
+                    <tr v-if="isValidEntryID[index]">
+                      <td colspan="8">
+                        <!-- eslint-disable vue/no-v-html -->
+                        <span
+                          class="form-error"
+                          :data-testid="`item-${index}-error`"
+                          v-html="isValidEntryID[index]"
+                        />
+                      </td>
+                    </tr>
                   </template>
                 </tbody>
               </table>
@@ -489,7 +499,6 @@ export default {
       return this.batchSizeError;
     },
   },
-
   watch: {
     nSamples(newValue, oldValue) {
       if (newValue > 100) {
@@ -505,13 +514,24 @@ export default {
       if (newValue > oldValue) {
         for (let i = 0; i < newValue - oldValue; i++) {
           this.items.push({
-            ...this.itemTemplate,
-            shareWithGroups: [],
-            additionalCreators: [],
-            components: [],
-            positiveElectrode: [],
-            electrolyte: [],
-            negativeElectrode: [],
+            item_id: null,
+            name: "",
+            copyFrom: this.itemTemplate.copyFrom,
+            components: this.itemTemplate.components ? [...this.itemTemplate.components] : [],
+            positiveElectrode: this.itemTemplate.positiveElectrode
+              ? [...this.itemTemplate.positiveElectrode]
+              : [],
+            electrolyte: this.itemTemplate.electrolyte ? [...this.itemTemplate.electrolyte] : [],
+            negativeElectrode: this.itemTemplate.negativeElectrode
+              ? [...this.itemTemplate.negativeElectrode]
+              : [],
+            date: this.itemTemplate.date || this.now(),
+            shareWithGroups: this.itemTemplate.shareWithGroups
+              ? [...this.itemTemplate.shareWithGroups]
+              : [],
+            additionalCreators: this.itemTemplate.additionalCreators
+              ? [...this.itemTemplate.additionalCreators]
+              : [],
           });
         }
         if (this.itemTemplate.item_id) {

From 5cd6596cfffb81c1176c9dd56056cf710622e3b0 Mon Sep 17 00:00:00 2001
From: Benjamin CHARMES <benjamin.charmes@gmail.com>
Date: Wed, 25 Jun 2025 12:25:22 +0200
Subject: [PATCH 16/18] Update getBatchTemplateCell for date

---
 webapp/cypress/e2e/batchSampleFeature.cy.js | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/webapp/cypress/e2e/batchSampleFeature.cy.js b/webapp/cypress/e2e/batchSampleFeature.cy.js
index 0631b9946..48d40c539 100644
--- a/webapp/cypress/e2e/batchSampleFeature.cy.js
+++ b/webapp/cypress/e2e/batchSampleFeature.cy.js
@@ -440,8 +440,10 @@ describe("Batch sample creation", () => {
   it("uses the template id, name, and date", () => {
     cy.contains("Add batch of items").click();
     getBatchTemplateCell("id", "input.form-control").type("test_{{}#{}}");
-    getBatchTemplateCell("name").type("this is the test sample #{{}#{}}");
-    getBatchTemplateCell("date").type("1980-02-01T05:35");
+
+    getBatchTemplateCell("name", "input.form-control").type("this is the test sample #{{}#{}}");
+
+    getBatchTemplateCell("date", "input.form-control").type("1980-02-01T05:35");
 
     cy.findByLabelText("start counting {#} at:").clear().type(5);
 
@@ -463,8 +465,8 @@ describe("Batch sample creation", () => {
   it("uses the template id, name, date, copyFrom, and components", () => {
     cy.contains("Add batch of items").click();
     getBatchTemplateCell("id", "input.form-control").type("test_{{}#{}}");
-    getBatchTemplateCell("name").type("this is the test sample #{#}");
-    getBatchTemplateCell("date").type("1980-02-01T23:59");
+    getBatchTemplateCell("name", "input.form-control").type("this is the test sample #{#}");
+    getBatchTemplateCell("date", "input.form-control").type("1980-02-01T23:59");
 
     // select copyFrom sample, check that it is applied correctly
     getBatchTemplateCell("copy-from", ".vs__search").type("baseA");
@@ -764,9 +766,9 @@ describe("Batch cell creation", () => {
 
     cy.get("[data-testid=batch-modal-container]").findByLabelText("Type:").select("cell");
 
-    getBatchTemplateCell("id", "input").eq(0).type("cell_{{}#{}}");
-    getBatchTemplateCell("name", "input").type("this is the test cell #{{}#{}}");
-    getBatchTemplateCell("date", "input").type("1980-02-01T23:59");
+    getBatchTemplateCell("id", "input.form-control").eq(0).type("cell_{{}#{}}");
+    getBatchTemplateCell("name", "input.form-control").type("this is the test cell #{{}#{}}");
+    getBatchTemplateCell("date", "input.form-control").type("1980-02-01T23:59");
 
     // select copyFrom sample, check that it is applied correctly
     getBatchTemplateCell("copy-from", ".vs__search").type("cell_B");

From 426c7d14f548d0dfc581778d65739d313bcb0ac9 Mon Sep 17 00:00:00 2001
From: Benjamin CHARMES <benjamin.charmes@gmail.com>
Date: Wed, 25 Jun 2025 13:14:18 +0200
Subject: [PATCH 17/18] Update getBatchTemplateCell for date

---
 webapp/cypress/e2e/batchSampleFeature.cy.js | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/webapp/cypress/e2e/batchSampleFeature.cy.js b/webapp/cypress/e2e/batchSampleFeature.cy.js
index 48d40c539..bb0768733 100644
--- a/webapp/cypress/e2e/batchSampleFeature.cy.js
+++ b/webapp/cypress/e2e/batchSampleFeature.cy.js
@@ -465,7 +465,7 @@ describe("Batch sample creation", () => {
   it("uses the template id, name, date, copyFrom, and components", () => {
     cy.contains("Add batch of items").click();
     getBatchTemplateCell("id", "input.form-control").type("test_{{}#{}}");
-    getBatchTemplateCell("name", "input.form-control").type("this is the test sample #{#}");
+    getBatchTemplateCell("name", "input.form-control").type("this is the test sample #{{}#{}}");
     getBatchTemplateCell("date", "input.form-control").type("1980-02-01T23:59");
 
     // select copyFrom sample, check that it is applied correctly
@@ -652,15 +652,11 @@ describe("Batch sample creation", () => {
   });
 
   it("checks errors on the row", () => {
-    cy.wait(10000);
     cy.contains("Add batch of items").click();
-    cy.wait(10000);
     getBatchTemplateCell("id", "input.form-control").type("test10{{}#{}}");
-    cy.wait(10000);
 
     cy.wait(100);
     getSubmitButton().should("be.disabled");
-    cy.wait(10000);
 
     getBatchAddError(1).should("have.text", "test101 already in use.");
     getBatchAddError(2).should("have.text", "test102 already in use.");

From 87c61b692384e432a092f2c04c35e7002efdd317 Mon Sep 17 00:00:00 2001
From: Benjamin CHARMES <benjamin.charmes@gmail.com>
Date: Wed, 25 Jun 2025 13:33:32 +0200
Subject: [PATCH 18/18] Removes the possibility of adding yourself twice as a
 creator

---
 pydatalab/src/pydatalab/routes/v0_1/items.py | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/pydatalab/src/pydatalab/routes/v0_1/items.py b/pydatalab/src/pydatalab/routes/v0_1/items.py
index 217e1a333..061c594d1 100644
--- a/pydatalab/src/pydatalab/routes/v0_1/items.py
+++ b/pydatalab/src/pydatalab/routes/v0_1/items.py
@@ -568,16 +568,16 @@ def _create_sample(
             elif isinstance(creator, str):
                 additional_creator_ids.append(ObjectId(creator))
 
-        new_sample["creator_ids"].extend(additional_creator_ids)
-
-        for creator in sample_dict["additional_creators"]:
-            if isinstance(creator, dict):
-                new_sample["creators"].append(
-                    {
-                        "display_name": creator.get("display_name", ""),
-                        "contact_email": creator.get("contact_email", ""),
-                    }
-                )
+                new_sample["creator_ids"] = list(dict.fromkeys(new_sample["creator_ids"]))
+
+        seen_creators = set()
+        unique_creators = []
+        for creator in new_sample["creators"]:
+            creator_key = (creator.get("display_name", ""), creator.get("contact_email", ""))
+            if creator_key not in seen_creators:
+                seen_creators.add(creator_key)
+                unique_creators.append(creator)
+        new_sample["creators"] = unique_creators
 
     if "share_with_groups" in sample_dict and sample_dict["share_with_groups"]:
         group_ids = []