aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBonfaceKilz2021-10-19 16:40:57 +0300
committerBonfaceKilz2021-10-25 14:00:14 +0300
commitc7899f6d55a3063a99e19e402ae753030a2ecff8 (patch)
treed50a0b9726b6c476fdd9bf2dfc19de4e7ea5c377
parent3c074638ca0b5e175e2dbb93aaf3bf21e8af8151 (diff)
downloadgenenetwork2-c7899f6d55a3063a99e19e402ae753030a2ecff8.tar.gz
wqflask: decorators: Make `edit_access_required` more generic
This now supports passing the `resource_id` directly.
-rw-r--r--wqflask/wqflask/decorators.py11
1 files changed, 7 insertions, 4 deletions
diff --git a/wqflask/wqflask/decorators.py b/wqflask/wqflask/decorators.py
index b1141fb7..13867cda 100644
--- a/wqflask/wqflask/decorators.py
+++ b/wqflask/wqflask/decorators.py
@@ -6,6 +6,7 @@ import redis
from flask import current_app, g
from typing import Dict
from functools import wraps
+from wqflask.access_roles import DataRole
import json
import requests
@@ -33,7 +34,7 @@ def login_required(f):
def edit_access_required(f):
- """Use this for endpoints where admins are required"""
+ """Use this for endpoints where people with admin or edit privileges are required"""
@wraps(f)
def wrap(*args, **kwargs):
resource_id: str = ""
@@ -48,6 +49,8 @@ def edit_access_required(f):
data=("dataset-probeset:"
f"{kwargs.get('dataset_name')}"),
secret=current_app.config.get("SECRET_HMAC_CODE"))
+ if kwargs.get("resource_id"): # The resource_id is already provided
+ resource_id = kwargs.get("resource_id")
response: Dict = {}
try:
_user_id = g.user_session.record.get(b"user_id",
@@ -57,8 +60,8 @@ def edit_access_required(f):
f"{resource_id}&user={_user_id}").content)
except:
response = {}
-
- if "edit" not in response.get("data", []):
- return "You need to be admin", 401
+ if max([DataRole(role) for role in response.get(
+ "data", ["no-access"])]) < DataRole.EDIT:
+ return "You need to have edit access", 401
return f(*args, **kwargs)
return wrap