Add access control filtering for protein_structure queries

[olsonanl]

Summary

• Remove protein_structure from the publicFree list in PublicDataTypes.js
• Add join-based access control in DecorateQuery.js for collections that reference genomes but do not have their own permission fields
• Uses Solr cross-collection join to filter protein_structure results based on the associated genome access permissions

Problem

Protein structure records were being returned without access control checks. Since protein_structure was in the publicFree list, queries would return structures linked to private genomes that users should not have access to.

Solution

Implement join-based access control that:

• For anonymous users: Only returns structures where the linked genome has public:true
• For authenticated users: Returns structures where the linked genome is public OR owned by the user OR shared with the user

Files Changed

• middleware/PublicDataTypes.js - Removed protein_structure from publicFree array
• middleware/DecorateQuery.js - Added joinAccessControlCollections config and logic for join-based filtering

Related

This PR should be deployed alongside BV-BRC/BV-BRC-Web#1221 which adds the UI for creating genome/feature groups from protein structure selections.

Test plan

• Query protein_structure as anonymous user - should only see structures from public genomes
• Query protein_structure as authenticated user - should see structures from public genomes and private genomes they own/have access to
• Verify structures from other users private genomes are not visible

Generated with Claude Code