Problem
On hca-dcp project detail pages, when a user opens a project they don't have access to (an "Access Required" project), the Download and Export tabs correctly show a "request access" warning instead of attempting to render the gated content:
To export this project, please sign in and, if necessary, request access.
But the Matrices tab does not check access — it still renders the full matrix list, including download / copy actions whose underlying file URLs are gated. Clicking those actions fails with 404 from the unauthorised fetch, producing a broken-experience surface rather than a clear "you don't have access" message.
The Matrices tab should mirror the Download/Export tabs: detect the access-required state, show the same warning, and not render the matrices at all.
Repro
- Signed-in user (without per-project access) visits an "Access Required" project on hca-dcp, e.g.
/projects/edc54c5d-8240-4681-8444-62a086d1d1be/project-matrices — renders matrices (wrong)./projects/edc54c5d-8240-4681-8444-62a086d1d1be/get-curl-command — shows the warning (correct).
- On the matrices page, click a matrix's Download or Copy icon → 404 from the file-location fetch, confusing console errors, no clear "you don't have access" surface.
Fix
On the project-matrices view, apply the same access-required guard that Download/Export already use. Either:
- Render the existing warning component when access is required, OR
- Wrap the project-matrices content in the same shared guard wrapper that Download/Export use.
The matrix rows should not render at all when the user lacks access.
Acceptance
- Signed-in user without project access visits
/projects/<id>/project-matrices for an Access Required project → sees the same "To export this project, please sign in and, if necessary, request access." warning that appears on Download/Export.
- No matrix rows render in this state — no broken-looking download/copy buttons sitting on top of inaccessible URLs.
- Once the user has access to the project (or for projects without access restrictions), the matrices render normally.
Out of scope
Problem
On hca-dcp project detail pages, when a user opens a project they don't have access to (an "Access Required" project), the Download and Export tabs correctly show a "request access" warning instead of attempting to render the gated content:
But the Matrices tab does not check access — it still renders the full matrix list, including download / copy actions whose underlying file URLs are gated. Clicking those actions fails with 404 from the unauthorised fetch, producing a broken-experience surface rather than a clear "you don't have access" message.
The Matrices tab should mirror the Download/Export tabs: detect the access-required state, show the same warning, and not render the matrices at all.
Repro
/projects/edc54c5d-8240-4681-8444-62a086d1d1be/project-matrices— renders matrices (wrong)./projects/edc54c5d-8240-4681-8444-62a086d1d1be/get-curl-command— shows the warning (correct).Fix
On the project-matrices view, apply the same access-required guard that Download/Export already use. Either:
The matrix rows should not render at all when the user lacks access.
Acceptance
/projects/<id>/project-matricesfor an Access Required project → sees the same "To export this project, please sign in and, if necessary, request access." warning that appears on Download/Export.Out of scope
exportsRequireAuthin the hca-dcp site config (per discussion with @NoopDog, that flag remains as set by feat: removed auth for exports #4482 #4483).