diff options
author | zsloan | 2020-08-04 12:40:31 -0500 |
---|---|---|
committer | zsloan | 2020-08-04 12:40:31 -0500 |
commit | db0f9ebcb3b9bed2f8dfe2f9a2370dc1a86204b3 (patch) | |
tree | 265ab920cfbcaedb9c2a10d36f69391e5bdc40ea | |
parent | 7884399b779e839f87a2667591aebf7d293b8f33 (diff) | |
download | genenetwork2-db0f9ebcb3b9bed2f8dfe2f9a2370dc1a86204b3.tar.gz |
Simplified logic in the @before_request that checks user permissions
* wqflask/wqflask/views.py - Removed an if statement that was
unnecessary, because it already checks if dataset is either the string
"Temp" or of type "Temp"
-rw-r--r-- | wqflask/wqflask/views.py | 37 |
1 files changed, 15 insertions, 22 deletions
diff --git a/wqflask/wqflask/views.py b/wqflask/wqflask/views.py index 57183eed..dde22bf7 100644 --- a/wqflask/wqflask/views.py +++ b/wqflask/wqflask/views.py @@ -61,7 +61,7 @@ from utility.authentication_tools import check_resource_availability from utility.redis_tools import get_redis_conn Redis = get_redis_conn() -from base.webqtlConfig import GENERATED_IMAGE_DIR +from base.webqtlConfig import GENERATED_IMAGE_DIR, DEFAULT_PRIVILEGES from utility.benchmark import Bench from pprint import pformat as pf @@ -91,27 +91,20 @@ def connect_db(): def check_access_permissions(): logger.debug("@app.before_request check_access_permissions") available = True - if "temp_trait" in request.args: - if request.args['temp_trait'] == "True": - pass - else: - if 'dataset' in request.args: - if request.args['dataset'] == "Temp": - permissions = check_resource_availability("Temp") - else: - dataset = create_dataset(request.args['dataset']) - - if dataset.type == "Temp": - permissions = False - if 'trait_id' in request.args: - permissions = check_resource_availability(dataset, request.args['trait_id']) - elif dataset.type != "Publish": - permissions = check_resource_availability(dataset) - else: - return None - - if 'view' not in permissions['data']: - return redirect(url_for("no_access_page")) + if 'dataset' in request.args: + permissions = DEFAULT_PRIVILEGES + if request.args['dataset'] != "Temp": + dataset = create_dataset(request.args['dataset']) + + if dataset.type == "Temp": + permissions = DEFAULT_PRIVILEGES + elif 'trait_id' in request.args: + permissions = check_resource_availability(dataset, request.args['trait_id']) + elif dataset.type != "Publish": + permissions = check_resource_availability(dataset) + + if 'view' not in permissions['data']: + return redirect(url_for("no_access_page")) @app.teardown_appcontext def shutdown_session(exception=None): |