wip

bayer/admin.py

@@ -1,3 +1,19 @@
 from django.contrib import admin
 
 # Register your models here.
+from .models import (
+    PESCompound,
+    PESStructure
+)
+
+
+class PESCompoundAdmin(admin.ModelAdmin):
+    pass
+
+
+class PESStructureAdmin(admin.ModelAdmin):
+    pass
+
+
+admin.site.register(PESCompound, PESCompoundAdmin)
+admin.site.register(PESStructure, PESStructureAdmin)

bayer/epdb_hooks.py

@@ -0,0 +1,31 @@
+import logging
+
+from epdb.template_registry import register_template
+
+logger = logging.getLogger(__name__)
+
+# PES Create
+register_template(
+    "epdb.actions.collections.compound",
+    "actions/collections/new_pes.html",
+)
+register_template(
+    "modals.collections.compound",
+    "modals/collections/new_pes_modal.html",
+)
+
+# PES Viz
+register_template(
+    "epdb.objects.compound.viz",
+    "objects/compound_viz.html",
+)
+
+register_template(
+    "epdb.objects.compound_structure.viz",
+    "objects/compound_structure_viz.html",
+)
+
+register_template(
+    "epdb.objects.node.viz",
+    "objects/node_viz.html",
+)

bayer/migrations/0004_pescompound_pesstructure.py

@@ -0,0 +1,35 @@
+# Generated by Django 6.0.3 on 2026-04-15 20:03
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('bayer', '0003_package_data_pool'),
+        ('epdb', '0023_alter_compoundstructure_options_and_more'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='PESCompound',
+            fields=[
+                ('compound_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='epdb.compound')),
+            ],
+            options={
+                'abstract': False,
+            },
+            bases=('epdb.compound',),
+        ),
+        migrations.CreateModel(
+            name='PESStructure',
+            fields=[
+                ('compoundstructure_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='epdb.compoundstructure')),
+            ],
+            options={
+                'abstract': False,
+            },
+            bases=('epdb.compoundstructure',),
+        ),
+    ]

bayer/migrations/0005_pesstructure_pes_link.py

@@ -0,0 +1,19 @@
+# Generated by Django 6.0.3 on 2026-04-16 08:43
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('bayer', '0004_pescompound_pesstructure'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='pesstructure',
+            name='pes_link',
+            field=models.URLField(default=None, verbose_name='PES Link'),
+            preserve_default=False,
+        ),
+    ]

bayer/models.py

@@ -1,11 +1,15 @@
 from typing import List
-
+import urllib.parse
+import nh3
 from django.conf import settings as s
-from django.db import models
+from django.db import models, transaction
 from django.db.models import QuerySet
+from django.urls import reverse
 
 from epdb.models import (
     EnviPathModel,
+    Compound,
+    CompoundStructure,
     ParallelRule,
     SequentialRule,
     SimpleAmbitRule,
@@ -95,4 +99,70 @@ class Package(EnviPathModel):
         return rules
 
     class Meta:
-        db_table = "epdb_package"
+        db_table = "epdb_package"
+
+
+class PESCompound(Compound):
+
+    @staticmethod
+    @transaction.atomic
+    def create(
+        package: "Package", pes_data: dict, name: str = None, description: str = None, *args, **kwargs
+    ) -> "Compound":
+
+        pes_url = pes_data["pes_url"]
+
+        # Check if we find a direct match for a given pes_link
+        if PESStructure.objects.filter(pes_link=pes_url, compound__package=package).exists():
+            return PESStructure.objects.get(pes_link=pes_url, compound__package=package).compound
+
+        # Generate Compound
+        c = PESCompound()
+        c.package = package
+
+        if name is not None:
+            # Clean for potential XSS
+            name = nh3.clean(name, tags=s.ALLOWED_HTML_TAGS).strip()
+
+        if name is None or name == "":
+            name = f"Compound {Compound.objects.filter(package=package).count() + 1}"
+
+        c.name = name
+
+        # We have a default here only set the value if it carries some payload
+        if description is not None and description.strip() != "":
+            c.description = nh3.clean(description, tags=s.ALLOWED_HTML_TAGS).strip()
+
+        c.save()
+
+        is_standardized = standardized_smiles == smiles
+
+        if not is_standardized:
+            _ = CompoundStructure.create(
+                c,
+                standardized_smiles,
+                name="Normalized structure of {}".format(name),
+                description="{} (in its normalized form)".format(description),
+                normalized_structure=True,
+            )
+
+        cs = CompoundStructure.create(
+            c, smiles, name=name, description=description, normalized_structure=is_standardized
+        )
+
+        c.default_structure = cs
+        c.save()
+
+        return c
+
+
+class PESStructure(CompoundStructure):
+    pes_link = models.URLField(blank=False, null=False, verbose_name="PES Link")
+
+    def d3_json(self):
+        return {
+            "is_pes": True,
+            "pes_link": self.pes_link,
+            # Will overwrite image from Node
+            "image": f"{reverse("depict_pes")}?pesLink={urllib.parse.quote(self.pes_link)}"
+        }

bayer/templates/actions/collections/new_pes.html

@@ -0,0 +1,9 @@
+{% if meta.can_edit %}
+    <button
+      type="button"
+      class="btn btn-primary btn-sm"
+      onclick="document.getElementById('new_pes_modal').showModal(); return false;"
+    >
+      New PES
+    </button>
+{% endif %}

bayer/templates/modals/collections/new_package_modal.html

@@ -9,11 +9,7 @@
 
     reset() {
       this.isSubmitting = false;
-      this.selectedType = '';
+      this.packageClassification = null;
-      this.buildAppDomain = false;
-      this.requiresRulePackages = false;
-      this.requiresDataPackages = false;
-      this.additional_parameters = null;
     },
 
     setFormData(data) {
@@ -137,10 +133,8 @@
             class="select select-bordered w-full"
           >
             <option value="" disabled selected>Select Data Pool</option>
-              {% for obj in meta.available_groups %}
+              {% for obj in meta.secret_groups %}
-                {% if obj.secret %}
+                <option value="{{ obj.url }}">{{ obj.name|safe }}</option>
-                  <option value="{{ obj.url }}">{{ obj.name|safe }}</option>
-                {% endif %}
               {% endfor %}
           </select>
         </div>

bayer/templates/modals/collections/new_pes_modal.html

@@ -0,0 +1,174 @@
+{% load static %}
+
+<dialog
+  id="new_pes_modal"
+  class="modal"
+  x-data="{
+    isSubmitting: false,
+    pesLink: null,
+    pesVizHtml: '',
+
+    reset() {
+      this.isSubmitting = false;
+    },
+
+    get isPESSet() {
+      console.log(this.pesLink);
+      return this.pesLink !== null;
+    },
+
+    updatePesViz() {
+      if (!this.isPESSet) {
+        this.pesVizHtml = '';
+        return;
+      }
+
+      const img = new Image();
+      img.src = '{% url 'depict_pes' %}?pesLink=' + encodeURIComponent(this.pesLink);
+      img.style.width = '100%';
+      img.style.height = '100%';
+      img.style.objectFit = 'cover';
+
+      img.onload = () => {
+        this.pesVizHtml = img.outerHTML;
+      };
+
+      img.onerror = () => {
+        this.pesVizHtml = `
+          <div class='alert alert-error' role='alert'>
+            <h4 class='alert-heading'>Could not render PES!</h4>
+            <p>Could not render PES - Do you have access?</p>
+          </div>`;
+      };
+    },
+
+    submit(formId) {
+      const form = document.getElementById(formId);
+
+      // Remove previously injected inputs
+      form.querySelectorAll('.dynamic-param').forEach(el => el.remove());
+
+      // Add values from dynamic form into the html form
+      if (this.formData) {
+        Object.entries(this.formData).forEach(([key, value]) => {
+          const input = document.createElement('input');
+          input.type = 'hidden';
+          input.name = key;
+          input.value = value;
+          input.classList.add('dynamic-param');
+
+          form.appendChild(input);
+        });
+      }
+
+      if (form && form.checkValidity()) {
+        this.isSubmitting = true;
+        form.submit();
+      } else if (form) {
+        form.reportValidity();
+      }
+    }
+  }"
+  @close="reset()"
+>
+  <div class="modal-box max-w-3xl">
+  <!-- Header -->
+  <h3 class="text-lg font-bold">New PES</h3>
+
+    <!-- Close button (X) -->
+    <form method="dialog">
+      <button
+        class="btn btn-sm btn-circle btn-ghost absolute top-2 right-2"
+        :disabled="isSubmitting"
+      >
+        ✕
+      </button>
+    </form>
+
+    <!-- Body -->
+    <div class="py-4">
+      <form
+        id="new-pes-modal-form"
+        accept-charset="UTF-8"
+        action="{% url 'create pes' meta.current_package.uuid %}"
+        method="post"
+      >
+        {% csrf_token %}
+
+        <div class="form-control mb-3">
+          <label class="label" for="compound-name">
+            <span class="label-text">Name</span>
+          </label>
+          <input
+            id="compound-name"
+            class="input input-bordered w-full"
+            name="compound-name"
+            placeholder="Name"
+            required
+          />
+        </div>
+
+        <div class="form-control mb-3">
+          <label class="label" for="compound-description">
+            <span class="label-text">Description</span>
+          </label>
+          <input
+            id="compound-description"
+            class="input input-bordered w-full"
+            name="compound-description"
+            placeholder="Description"
+          />
+        </div>
+
+        <div class="form-control mb-3">
+          <label class="label" for="pes-link">
+            <span class="label-text">Link to PES</span>
+          </label>
+          <input
+            id="pes-link"
+            name="pes-link"
+            type="text"
+            class="input input-bordered w-full"
+            placeholder="Link to PES e.g. https://pesregapp-test.cropkey-np.ag/entities/PES-000126"
+            x-model="pesLink"
+            @input="updatePesViz()"
+            required
+          />
+        </div>
+
+        <div id="pes-viz" class="mb-3" x-html="pesVizHtml"></div>
+
+      </form>
+    </div>
+
+    <!-- Footer -->
+    <div class="modal-action">
+      <button
+        type="button"
+        class="btn"
+        onclick="this.closest('dialog').close()"
+        :disabled="isSubmitting"
+      >
+        Close
+      </button>
+      <button
+        type="button"
+        class="btn btn-primary"
+        @click="submit('new-compound-modal-form')"
+        :disabled="isSubmitting"
+      >
+        <span x-show="!isSubmitting">Submit</span>
+        <span
+          x-show="isSubmitting"
+          class="loading loading-spinner loading-sm"
+        ></span>
+        <span x-show="isSubmitting">Creating...</span>
+      </button>
+    </div>
+  </div>
+
+  <!-- Backdrop -->
+  <form method="dialog" class="modal-backdrop">
+    <button :disabled="isSubmitting">close</button>
+  </form>
+</dialog>

bayer/templates/objects/compound_structure_viz.html

@@ -0,0 +1,12 @@
+{% if compound_structure.pes_link %}
+  <!-- Image Representation -->
+  <div class="collapse-arrow bg-base-200 collapse">
+    <input type="checkbox" checked />
+    <div class="collapse-title text-xl font-medium">PES Image Representation</div>
+    <div class="collapse-content">
+      <div class="flex justify-center">
+        <img src='{% url 'depict_pes' %}?pesLink={{ compound_structure.pes_link|urlencode }}'/>
+      </div>
+    </div>
+  </div>
+{% endif %}

bayer/templates/objects/compound_viz.html

@@ -0,0 +1,12 @@
+{% if compound.default_structure.pes_link %}
+  <!-- Image Representation -->
+  <div class="collapse-arrow bg-base-200 collapse">
+    <input type="checkbox" checked />
+    <div class="collapse-title text-xl font-medium">PES Image Representation</div>
+    <div class="collapse-content">
+      <div class="flex justify-center">
+        <img src='{% url 'depict_pes' %}?pesLink={{ compound.default_structure.pes_link|urlencode }}'/>
+      </div>
+    </div>
+  </div>
+{% endif %}

bayer/templates/objects/node_viz.html

@@ -0,0 +1,12 @@
+{% if node.default_node_label.pes_link %}
+  <!-- Image Representation -->
+  <div class="collapse-arrow bg-base-200 collapse">
+    <input type="checkbox" checked />
+    <div class="collapse-title text-xl font-medium">PES Image Representation</div>
+    <div class="collapse-content">
+      <div class="flex justify-center">
+        <img src='{% url 'depict_pes' %}?pesLink={{ node.default_node_label.pes_link|urlencode }}'/>
+      </div>
+    </div>
+  </div>
+{% endif %}

bayer/templates/static/login.html

@@ -0,0 +1,149 @@
+{% extends "static/login_base.html" %}
+
+{% block title %}enviPath - Sign In{% endblock %}
+
+{% block extra_styles %}
+  <style>
+    /* Tab styling */
+    .tab-content {
+      display: none;
+    }
+    .tab-content.active {
+      display: block;
+    }
+    input[type="radio"].tab-radio {
+      display: none;
+    }
+    .tab-label {
+      cursor: pointer;
+      padding: 0.75rem 1.5rem;
+      border-bottom: 2px solid transparent;
+      transition: all 0.3s ease;
+    }
+    .tab-label:hover {
+      background-color: rgba(0, 0, 0, 0.05);
+    }
+    input[type="radio"].tab-radio:checked + .tab-label {
+      border-bottom-color: #3b82f6;
+      font-weight: 600;
+    }
+  </style>
+{% endblock %}
+
+{% block content %}
+  <div class="card bg-base-200 mb-6 ">
+    <div class="card-body">
+      <h3 class="card-title">Welcome to the new enviPath!</h3>
+    </div>
+  </div>
+  <!-- Tab Navigation -->
+  <div class="border-base-300 mb-6 border-b">
+    <div class="flex justify-start">
+      <input
+        type="radio"
+        name="auth-tab"
+        id="tab-sso"
+        class="tab-radio"
+        checked
+      />
+      <label for="tab-sso" class="tab-label">SSO</label>
+
+      <input
+        type="radio"
+        name="auth-tab"
+        id="tab-signin"
+        class="tab-radio"
+      />
+      <label for="tab-signin" class="tab-label">Local User</label>
+    </div>
+  </div>
+
+  <!-- SSO Tab -->
+  <div id="content-sso" class="tab-content active">
+      <button role="link" onclick="window.location.href='/entra/login'" name="sso" class="btn btn-primary w-full">
+        Login with Microsoft
+      </button>
+  </div>
+
+  <!-- Sign In Tab -->
+  <div id="content-signin" class="tab-content">
+    <form method="post" action="{% url 'login' %}" class="space-y-4">
+      {% csrf_token %}
+      <input type="hidden" name="login" value="true" />
+
+      <div class="form-control">
+        <label class="label" for="username">
+          <span class="label-text">Account</span>
+        </label>
+        <input
+          type="text"
+          id="username"
+          name="username"
+          placeholder="Username or Email"
+          class="input input-bordered w-full"
+          required
+          autocomplete="username"
+        />
+      </div>
+
+      <div class="form-control">
+        <label class="label" for="passwordinput">
+          <span class="label-text">Password</span>
+        </label>
+        <input
+          type="password"
+          id="passwordinput"
+          name="password"
+          placeholder="••••••••"
+          class="input input-bordered w-full"
+          required
+          autocomplete="current-password"
+        />
+      </div>
+
+      <div class="text-right">
+        <a href="{% url 'password_reset' %}" class="link link-primary text-sm"
+          >Forgot password?</a
+        >
+      </div>
+
+      <input type="hidden" name="next" value="{{ next }}" />
+
+      <button type="submit" name="signin" class="btn btn-primary w-full">
+        Sign In
+      </button>
+    </form>
+  </div>
+
+{% endblock %}
+
+{% block extra_scripts %}
+  <script>
+    // Tab switching functionality
+    document.querySelectorAll('input[name="auth-tab"]').forEach((radio) => {
+      radio.addEventListener("change", function () {
+        // Hide all content
+        document.querySelectorAll(".tab-content").forEach((content) => {
+          content.classList.remove("active");
+        });
+
+        // Show selected content
+        const contentId = "content-" + this.id.replace("tab-", "");
+        document.getElementById(contentId).classList.add("active");
+      });
+    });
+
+    // Check for hash in URL to auto-select tab
+    window.addEventListener("DOMContentLoaded", function () {
+      const hash = window.location.hash.substring(1); // Remove the # symbol
+      if (hash === "signup" || hash === "signin") {
+        const tabRadio = document.getElementById("tab-" + hash);
+        if (tabRadio) {
+          tabRadio.checked = true;
+          // Trigger change event to show correct content
+          tabRadio.dispatchEvent(new Event("change"));
+        }
+      }
+    });
+  </script>
+{% endblock %}

bayer/urls.py

@@ -0,0 +1,14 @@
+from django.urls import re_path
+
+from . import views as v
+
+UUID = "[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}"
+
+urlpatterns = [
+    re_path(r"^depict_pes$", v.visualize_pes, name="depict_pes"),
+    re_path(
+        rf"^package/(?P<package_uuid>{UUID})/compound$",
+        v.create_pes,
+        name="create pes",
+    ),
+]

bayer/views.py

@@ -1,3 +1,96 @@
-from django.shortcuts import render
+import base64
 
-# Create your views here.
+import requests
+from django.conf import settings as s
+from django.core.exceptions import BadRequest
+from django.http import HttpResponse
+from django.shortcuts import redirect
+
+from bayer.models import PESCompound
+from epdb.logic import PackageManager
+from epdb.views import _anonymous_or_real
+from utilities.decorators import package_permission_required
+
+
+@package_permission_required()
+def create_pes(request, package_uuid):
+    current_user = _anonymous_or_real(request)
+    current_package = PackageManager.get_package_by_id(current_user, package_uuid)
+
+    if request.method == "POST":
+        compound_name = request.POST.get('compound-name')
+        compound_description = request.POST.get('compound-description')
+        pes_link = request.POST.get('pes-link')
+
+        if pes_link:
+            try:
+                pes_data = fetch_pes(request, pes_link)
+            except ValueError as e:
+                return BadRequest(f"Could not fetch PES data for {pes_link}")
+
+            pes = PESCompound.create(current_package, pes_data, compound_name, compound_description)
+
+            return redirect(pes.url)
+        else:
+            return BadRequest("Please provide a PES link.")
+    else:
+        pass
+
+
+
+def fetch_pes(request, pes_url) -> dict:
+    proxies = {
+        "http": "http://10.185.190.100:8080",
+        "https": "http://10.185.190.100:8080",
+    }
+
+    from epauth.views import get_access_token_from_request
+    token = get_access_token_from_request(request)
+
+    if token or True:
+        for k, v in s.PES_API_MAPPING.items():
+            if pes_url.startswith(k):
+                pes_id = pes_url.split('/')[-1]
+
+                if pes_id == 'dummy' or True:
+                    import json
+                    res_data = json.load(open(s.BASE_DIR / "fixtures/pes.json"))
+                    res_data["pes_url"] = pes_url
+                    return res_data
+                else:
+                    headers = {"Authorization": f"Bearer {token['access_token']}"}
+                    params = {"pes_reg_entity_corporate_id": pes_id}
+
+                    res = requests.get(v, headers=headers, params=params, proxies=proxies)
+
+                    try:
+                        res.raise_for_status()
+                        pes_data = res.json()
+
+                        if len(pes_data) == 0:
+                            raise ValueError(f"PES with id {pes_id} not found")
+
+                        res_data = pes_data[0]
+                        res_data["pes_url"] = pes_url
+                        return res_data
+
+                    except requests.exceptions.HTTPError as e:
+                        raise ValueError(f"Error fetching PES with id {pes_id}: {e}")
+        else:
+            raise ValueError(f"Unknown URL {pes_url}")
+    else:
+        raise ValueError("Could not fetch access token from request.")
+
+
+def visualize_pes(request):
+    pes_link = request.GET.get('pesLink')
+
+    if pes_link:
+        pes_data = fetch_pes(request, pes_link)
+
+        representations = pes_data.get('representations')
+
+        for rep in representations:
+            if rep.get('type') == 'color':
+                image_data = base64.b64decode(rep.get('base64').replace("data:image/png;base64,", ""))
+                return HttpResponse(image_data, content_type="image/png")

envipath/settings.py

@@ -451,5 +451,26 @@ if PES_API_MAPPING:
 else:
     PES_API_MAPPING = {}
 
-# AD Group Mapping
+# Entra Groups
+ENTRA_GROUPS = os.environ.get("ENTRA_GROUPS", None)
+if ENTRA_GROUPS:
+    import json
+    ENTRA_GROUPS = json.loads(ENTRA_GROUPS)
+else:
+    ENTRA_GROUPS = {}
+
+ENTRA_SECRET_GROUPS = os.environ.get("ENTRA_SECRET_GROUPS", None)
+if ENTRA_SECRET_GROUPS:
+    import json
+    ENTRA_SECRET_GROUPS = json.loads(ENTRA_SECRET_GROUPS)
+else:
+    ENTRA_SECRET_GROUPS = {}
+
+# PES Data Pools vs Entra Mapping
+DATA_POOL_MAPPING = os.environ.get("DATA_POOL_MAPPING", None)
+if DATA_POOL_MAPPING:
+    import json
+    DATA_POOL_MAPPING = json.loads(DATA_POOL_MAPPING)
+else:
+    DATA_POOL_MAPPING = {}
 

envipath/urls.py

@@ -40,6 +40,11 @@ if "migration" in s.INSTALLED_APPS:
 if s.MS_ENTRA_ENABLED:
     urlpatterns.append(path(f"{PATH_PREFIX}", include("epauth.urls")))
 
+if s.TENANT != "public":
+    urlpatterns.append(
+        path(f"{PATH_PREFIX}", include(f"{s.TENANT}.urls"))
+    )
+
 # Custom error handlers
 handler400 = "epdb.views.handler400"
 handler403 = "epdb.views.handler403"

epauth/views.py

@@ -1,10 +1,31 @@
 import msal
 from django.conf import settings as s
+from django.contrib.auth import get_user_model
 from django.contrib.auth import login
 from django.shortcuts import redirect
-from django.contrib.auth import get_user_model
 
-from epdb.logic import UserManager
+from epdb.logic import UserManager, GroupManager
+from epdb.models import Group
+
+
+def get_msal_app_with_cache(request):
+    """
+    Create MSAL app with session-based token cache.
+    """
+    cache = msal.SerializableTokenCache()
+
+    # Load cache from session if it exists
+    if request.session.get("msal_token_cache"):
+        cache.deserialize(request.session["msal_token_cache"])
+
+    msal_app = msal.ConfidentialClientApplication(
+        client_id=s.MS_ENTRA_CLIENT_ID,
+        client_credential=s.MS_ENTRA_CLIENT_SECRET,
+        authority=s.MS_ENTRA_AUTHORITY,
+        token_cache=cache
+    )
+
+    return msal_app, cache
 
 
 def entra_login(request):
@@ -23,11 +44,7 @@ def entra_login(request):
 
 
 def entra_callback(request):
-    msal_app = msal.ConfidentialClientApplication(
+    msal_app, cache = get_msal_app_with_cache(request)
-        client_id=s.MS_ENTRA_CLIENT_ID,
-        client_credential=s.MS_ENTRA_CLIENT_SECRET,
-        authority=s.MS_ENTRA_AUTHORITY,
-    )
 
     flow = request.session.pop("msal_auth_flow", None)
     if not flow:
@@ -36,10 +53,14 @@ def entra_callback(request):
     # Acquire token using the flow and callback request
     result = msal_app.acquire_token_by_auth_code_flow(flow, request.GET)
 
+    # Save the token cache to session
+    if cache.has_state_changed:
+        request.session["msal_token_cache"] = cache.serialize()
+
     claims = result["id_token_claims"]
 
     user_name = claims["name"]
-    user_email = claims["emailaddress"]
+    user_email = claims.get("emailaddress", claims["email"])
     user_oid = claims["oid"]
 
     # Get implementing class
@@ -57,4 +78,80 @@ def entra_callback(request):
 
     login(request, u)
 
-    return redirect("/")  # Handle errors
+    # EDIT START
+    # Ensure groups exists in eP
+    for id, name in s.ENTRA_SECRET_GROUPS.items():
+        if not Group.objects.filter(uuid=id).exists():
+            g = GroupManager.create_group(User.objects.get(username="admin"), name, f"Synced Entra Group {name} ",
+                                          uuid=id)
+        else:
+            g = Group.objects.get(uuid=id)
+        # Ensure its secret
+        g.secret = True
+        g.save()
+
+    for id, name in s.ENTRA_GROUPS.items():
+        if not Group.objects.filter(uuid=id).exists():
+            g = GroupManager.create_group(User.objects.get(username="admin"), name, f"Synced Entra Group {name} ",
+                                          uuid=id)
+        else:
+            g = Group.objects.get(uuid=id)
+
+    for group_uuid in claims.get("groups", []):
+        if Group.objects.filter(uuid=group_uuid).exists():
+            g = Group.objects.get(uuid=group_uuid)
+            g.user_member.add(u)
+
+    # EDIT END
+
+    return redirect(s.SERVER_URL)  # Handle errors
+
+
+def get_access_token_from_request(request, scopes=None):
+    """
+    Get an access token from the request using MSAL token cache.
+    """
+    if scopes is None:
+        scopes = s.MS_ENTRA_SCOPES
+
+    # Get user from request (must be authenticated)
+    if not request.user.is_authenticated:
+        return None
+
+    # Create MSAL app with persistent cache
+    msal_app, cache = get_msal_app_with_cache(request)
+
+    # Try to get accounts from cache
+    accounts = msal_app.get_accounts()
+
+    if not accounts:
+        return None
+
+    # Find the account that matches the current user
+    user_account = None
+    for account in accounts:
+        if account.get("local_account_id") == str(request.user.uuid):
+            user_account = account
+            break
+
+    # If no matching account found, use the first available account
+    if not user_account and accounts:
+        user_account = accounts[0]
+
+    if not user_account:
+        return None
+
+    # Try to acquire token silently from cache
+    result = msal_app.acquire_token_silent(
+        scopes=scopes,
+        account=user_account
+    )
+
+    # Save cache changes back to session
+    if cache.has_state_changed:
+        request.session["msal_token_cache"] = cache.serialize()
+
+    if result and "access_token" in result:
+        return result
+
+    return None

epdb/legacy_api.py

@@ -1,17 +1,22 @@
+import hashlib
 from collections import defaultdict
 from typing import Any, Dict, List, Optional
 
+import jwt
+import requests
+
 import nh3
 from django.conf import settings as s
 from django.contrib.auth import get_user_model
 from django.http import HttpResponse, JsonResponse
 from django.shortcuts import redirect
 from ninja import Field, Form, Query, Router, Schema
+from ninja.errors import HttpError
+from ninja.security import HttpBearer
 from ninja.security import SessionAuth
 
 from utilities.chem import FormatConverter
 from utilities.misc import PackageExporter
-
 from .logic import (
     EPDBURLParser,
     GroupManager,
@@ -59,7 +64,46 @@ def _anonymous_or_real(request):
     return get_user_model().objects.get(username="anonymous")
 
 
-router = Router(auth=SessionAuth(csrf=False))
+def validate_token(token: str) -> dict:
+    TENANT_ID = s.MS_ENTRA_TENANT_ID
+    CLIENT_ID = s.MS_ENTRA_CLIENT_ID
+
+    # Fetch Microsoft's public keys
+    jwks_uri = f"https://login.microsoftonline.com/{TENANT_ID}/discovery/v2.0/keys"
+    jwks = requests.get(jwks_uri).json()
+
+    header = jwt.get_unverified_header(token)
+
+    public_key = jwt.algorithms.RSAAlgorithm.from_jwk(
+        next(k for k in jwks["keys"] if k["kid"] == header["kid"])
+    )
+
+    claims = jwt.decode(
+        token,
+        public_key,
+        algorithms=["RS256"],
+        audience=[CLIENT_ID, f"api://{CLIENT_ID}"],
+        issuer=f"https://sts.windows.net/{TENANT_ID}/",
+    )
+    return claims
+
+
+class MSBearerTokenAuth(HttpBearer):
+
+    def authenticate(self, request, token):
+        if token is None:
+            return None
+
+        claims = validate_token(token)
+
+        if not User.objects.filter(uuid=claims['oid']).exists():
+            return None
+
+        request.user = User.objects.get(uuid=claims['oid'])
+        return request.user
+
+
+router = Router(auth=MSBearerTokenAuth())
 
 
 class Error(Schema):
@@ -153,21 +197,6 @@ class SimpleModel(SimpleObject):
     identifier: str = "relative-reasoning"
 
 
-################
-# Login/Logout #
-################
-@router.post("/", response={200: SimpleUser, 403: Error}, auth=None)
-def login(request, loginusername: Form[str], loginpassword: Form[str]):
-    from django.contrib.auth import authenticate, login
-
-    email = User.objects.get(username=loginusername).email
-    user = authenticate(username=email, password=loginpassword)
-    if user:
-        login(request, user)
-        return user
-    else:
-        return 403, {"message": "Invalid username and/or password"}
-
 
 ########
 # User #

epdb/logic.py

@@ -264,8 +264,12 @@ class GroupManager(object):
         return bool(re.findall(GroupManager.group_pattern, url))
 
     @staticmethod
-    def create_group(current_user, name, description):
+    def create_group(current_user, name, description, *args, **kwargs):
         g = Group()
+
+        if "uuid" in kwargs:
+            g.uuid = kwargs["uuid"]
+
         # Clean for potential XSS
         g.name = nh3.clean(name, tags=s.ALLOWED_HTML_TAGS).strip()
         g.description = nh3.clean(description, tags=s.ALLOWED_HTML_TAGS).strip()
@@ -623,6 +627,25 @@ class PackageManager(object):
         else:
             pack.reviewed = False
 
+        # EDIT START
+        if data.get("classification"):
+            if data["classification"] == "INTERNAL":
+                pack.classification = Package.Classification.RESTRICTED
+            elif data["classification"] == "RESTRICTED":
+                pack.classification = Package.Classification.RESTRICTED
+            elif data["classification"] == "SECRET":
+                pack.classification = Package.Classification.SECRET
+
+                if not "datapool" in data:
+                    raise ValueError("Missing datapool in package")
+
+                g = Group.objects.get(uuid=data["datapool"].split('/')[-1])
+                pack.data_pool = g
+            else:
+                raise ValueError(f"Invalid classification {data['classification']}")
+
+        # EDIT END
+
         pack.description = data["description"]
         pack.save()
 
@@ -708,7 +731,13 @@ class PackageManager(object):
             default_structure = None
 
             for structure in compound["structures"]:
-                struc = CompoundStructure()
+                if structure.get("pesLink"):
+                    from bayer.models import PESStructure
+                    struc = PESStructure()
+                    struc.pes_link = structure["pesLink"]
+                else:
+                    struc = CompoundStructure()
+
                 # struc.object_url = Command.get_id(structure, keep_ids)
                 struc.compound = comp
                 struc.uuid = UUID(structure["id"].split("/")[-1]) if keep_ids else uuid4()
@@ -716,6 +745,10 @@ class PackageManager(object):
                 struc.description = structure["description"]
                 struc.aliases = structure.get("aliases", [])
                 struc.smiles = structure["smiles"]
+
+                if structure.get("molfile"):
+                    struc.molfile = structure["molfile"]
+
                 struc.save()
 
                 for scen in structure["scenarios"]:

epdb/models.py

@@ -1113,6 +1113,7 @@ class CompoundStructure(
     canonical_smiles = models.TextField(blank=False, null=False, verbose_name="Canonical SMILES")
     inchikey = models.TextField(max_length=27, blank=False, null=False, verbose_name="InChIKey")
     normalized_structure = models.BooleanField(null=False, blank=False, default=False)
+    molfile = models.TextField(blank=True, null=True, verbose_name="Molfile")
 
     external_identifiers = GenericRelation("ExternalIdentifier")
 
@@ -1209,6 +1210,9 @@ class CompoundStructure(
 
         return dict(hls)
 
+    def d3_json(self):
+        return {}
+
 
 class EnzymeLink(EnviPathModel, KEGGIdentifierMixin):
     rule = models.ForeignKey("Rule", on_delete=models.CASCADE, db_index=True)
@@ -2215,7 +2219,9 @@ class Node(EnviPathModel, AliasMixin, ScenarioMixin, AdditionalInformationMixin)
             if isinstance(ai.get(), PropertyPrediction):
                 predicted_properties[ai.get().__class__.__name__].append(ai.data)
 
-        return {
+        extra_structure_data = self.default_node_label.d3_json()
+
+        res = {
             "depth": self.depth,
             "stereo_removed": self.stereo_removed,
             "url": self.url,
@@ -2224,6 +2230,7 @@ class Node(EnviPathModel, AliasMixin, ScenarioMixin, AdditionalInformationMixin)
             "image_svg": IndigoUtils.mol_to_svg(
                 self.default_node_label.smiles, width=40, height=40
             ),
+
             "name": self.get_name(),
             "smiles": self.default_node_label.smiles,
             "scenarios": [{"name": s.get_name(), "url": s.url} for s in self.scenarios.all()],
@@ -2238,6 +2245,9 @@ class Node(EnviPathModel, AliasMixin, ScenarioMixin, AdditionalInformationMixin)
             "timeseries": self.get_timeseries_data(),
         }
 
+        res.update(**extra_structure_data)
+        return res
+
     @staticmethod
     @transaction.atomic
     def create(

epdb/views.py

@@ -388,6 +388,9 @@ def get_base_context(request, for_user=None) -> Dict[str, Any]:
             "debug": s.DEBUG,
             "external_databases": ExternalDatabase.get_databases(),
             "site_id": s.MATOMO_SITE_ID,
+            # EDIT START
+            "secret_groups": Group.objects.filter(secret=True),
+            # EDIT END
         },
     }
 

static/js/pw.js

@@ -637,44 +637,54 @@ function draw(pathway, elem) {
     node.filter(d => !d.pseudo).each(function (d, i) {
         const g = d3.select(this);
 
-        // Parse the SVG string
+        if (d.is_pes) {
-        const parser = new DOMParser();
+            g.append("svg:image")
-        const svgDoc = parser.parseFromString(d.image_svg, "image/svg+xml");
+              .attr("xlink:href", d.image)
-        const svgElem = svgDoc.documentElement;
+              .attr("width", 40)
+              .attr("height", 40)
+              .attr("x", -20)
+              .attr("y", -20);
+        } else {
+            // Parse the SVG string
+            const parser = new DOMParser();
+            const svgDoc = parser.parseFromString(d.image_svg, "image/svg+xml");
+            const svgElem = svgDoc.documentElement;
 
-        // Create a unique prefix per node
+            // Create a unique prefix per node
-        const prefix = `node-${i}-`;
+            const prefix = `node-${i}-`;
 
-        // Rename all IDs and fix <use> references
+            // Rename all IDs and fix <use> references
-        svgElem.querySelectorAll('[id]').forEach(el => {
+            svgElem.querySelectorAll("[id]").forEach(el => {
-            const oldId = el.id;
+                const oldId = el.id;
-            const newId = prefix + oldId;
+                const newId = prefix + oldId;
-            el.id = newId;
+                el.id = newId;
 
-            const XLINK_NS = "http://www.w3.org/1999/xlink";
+                const XLINK_NS = "http://www.w3.org/1999/xlink";
-            // Update <use> elements that reference this old ID
+                // Update <use> elements that reference this old ID
-            const uses = Array.from(svgElem.querySelectorAll('use')).filter(
+                const uses = Array.from(svgElem.querySelectorAll("use")).filter(
-                u => u.getAttributeNS(XLINK_NS, 'href') === `#${oldId}`
+                  u => u.getAttributeNS(XLINK_NS, "href") === `#${oldId}`
-            );
+                );
 
-            uses.forEach(u => {
+                uses.forEach(u => {
-                u.setAttributeNS(XLINK_NS, 'href', `#${newId}`);
+                    u.setAttributeNS(XLINK_NS, "href", `#${newId}`);
+                });
             });
-        });
 
-        g.node().appendChild(svgElem);
+            g.node().appendChild(svgElem);
 
-        const vb = svgElem.viewBox.baseVal;
+            const vb = svgElem.viewBox.baseVal;
-        const svgWidth = vb.width || 40;
+            const svgWidth = vb.width || 40;
-        const svgHeight = vb.height || 40;
+            const svgHeight = vb.height || 40;
 
-        const scale = (nodeRadius * 2) / Math.max(svgWidth, svgHeight);
+            const scale = (nodeRadius * 2) / Math.max(svgWidth, svgHeight);
+
+            g.select("svg")
+              .attr("width", svgWidth * scale)
+              .attr("height", svgHeight * scale)
+              .attr("x", -svgWidth * scale / 2)
+              .attr("y", -svgHeight * scale / 2);
+        }
 
-        g.select("svg")
-            .attr("width", svgWidth * scale)
-            .attr("height", svgHeight * scale)
-            .attr("x", -svgWidth * scale / 2)
-            .attr("y", -svgHeight * scale / 2);
     });
 
     // add element to nodes array

templates/components/navbar.html

@@ -88,6 +88,12 @@
                   >Scenario</a
                 >
               </li>
+                <hr/>
+              <li>
+                <a href="{{ meta.server_url }}/group" id="scenarioLink"
+                  >Group</a
+                >
+              </li>
             </ul>
           </div>
         </div>

templates/objects/compound.html

@@ -1,4 +1,5 @@
 {% extends "framework_modern.html" %}
+{% load envipytags %}
 
 {% block content %}
 
@@ -82,6 +83,12 @@
       <div class="collapse-content">{{ compound.description }}</div>
     </div>
 
+    {% epdb_slot_templates "epdb.objects.compound.viz" as viz_templates %}
+
+    {% for tpl in viz_templates %}
+      {% include tpl %}
+    {% endfor %}
+
     <!-- Image Representation -->
     <div class="collapse-arrow bg-base-200 collapse">
       <input type="checkbox" checked />

templates/objects/compound_structure.html

@@ -1,4 +1,5 @@
 {% extends "framework_modern.html" %}
+{% load envipytags %}
 
 {% block content %}
 
@@ -50,6 +51,12 @@
       </div>
     </div>
 
+    {% epdb_slot_templates "epdb.objects.compound_structure.viz" as viz_templates %}
+
+    {% for tpl in viz_templates %}
+      {% include tpl %}
+    {% endfor %}
+
     <!-- Image Representation -->
     <div class="collapse-arrow bg-base-200 collapse">
       <input type="checkbox" checked />

templates/objects/node.html

@@ -1,4 +1,5 @@
 {% extends "framework_modern.html" %}
+{% load envipytags %}
 
 {% block content %}
 
@@ -54,6 +55,12 @@
       </div>
     </div>
 
+    {% epdb_slot_templates "epdb.objects.node.viz" as viz_templates %}
+
+    {% for tpl in viz_templates %}
+      {% include tpl %}
+    {% endfor %}
+
     <!-- Image Representation -->
     <div class="collapse-arrow bg-base-200 collapse">
       <input type="checkbox" checked />

utilities/chem.py

@@ -171,12 +171,19 @@ class FormatConverter(object):
             try:
                 Chem.Kekulize(mol)
             except Exception:
-                mc = Chem.Mol(mol.ToBinary())
+                mol = Chem.Mol(mol.ToBinary())
 
-        if not mc.GetNumConformers():
+        if not mol.GetNumConformers():
-            Chem.rdDepictor.Compute2DCoords(mc)
+            Chem.rdDepictor.Compute2DCoords(mol)
 
-        pass
+        drawer = rdMolDraw2D.MolDraw2DCairo(*mol_size)
+        opts = drawer.drawOptions()
+
+        opts.clearBackground = False
+        drawer.DrawMolecule(mol)
+        drawer.FinishDrawing()
+
+        return drawer.GetDrawingText()
 
     @staticmethod
     def normalize(smiles):