Fix authentication for phenotype search results

Previously authentication didn't work correctly if users had "edit" privileges, because the code specifically looked for just "view"; this changes it to check for either "view" or "edit"
author: zsloan 2022-03-17 21:56:58 +0000
committer: zsloan 2022-03-17 16:58:42 -0500
commit: d85621bbba76a3dd50aea8a86eacf3c326a169c1 (patch)
tree: 52157ddac8e1d012b9d3ae45f7cb04a227fb40c4
parent: 4817ba35c1ca48ac1afa22ddc6ff6f167c6ee1cf (diff)
download: genenetwork2-d85621bbba76a3dd50aea8a86eacf3c326a169c1.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/wqflask/wqflask/search_results.py b/wqflask/wqflask/search_results.py
index 6062f354..807e7305 100644
--- a/wqflask/wqflask/search_results.py
+++ b/wqflask/wqflask/search_results.py
@@ -148,7 +148,7 @@ class SearchResultPage:
                 trait_dict['name'] = trait_dict['display_name'] = str(result[0])
                 trait_dict['hmac'] = hmac.data_hmac('{}:{}'.format(trait_dict['name'], trait_dict['dataset']))
                 permissions = check_resource_availability(self.dataset, trait_dict['display_name'])
-                if "view" not in permissions['data']:
+                if not any(x in permissions['data'] for x in ["view", "edit"]):
                     continue
 
                 if result[10]:
author	zsloan	2022-03-17 21:56:58 +0000
committer	zsloan	2022-03-17 16:58:42 -0500
commit	d85621bbba76a3dd50aea8a86eacf3c326a169c1 (patch)
tree	52157ddac8e1d012b9d3ae45f7cb04a227fb40c4
parent	4817ba35c1ca48ac1afa22ddc6ff6f167c6ee1cf (diff)
download	genenetwork2-d85621bbba76a3dd50aea8a86eacf3c326a169c1.tar.gz