diff options
author | BonfaceKilz | 2021-10-26 17:10:50 +0300 |
---|---|---|
committer | BonfaceKilz | 2021-10-28 08:34:35 +0300 |
commit | 433f62500408d84a49153628384f4b4c3e9a7b2e (patch) | |
tree | c7d259d9c1f55f2c4e7fadf7a7c71bf9016ba462 | |
parent | ca23d4ed6943d25c14ffac767b64fd60bded515e (diff) | |
download | genenetwork2-433f62500408d84a49153628384f4b4c3e9a7b2e.tar.gz |
Get "resource-id" from query parameters instead of computing it
-rw-r--r-- | wqflask/wqflask/decorators.py | 39 |
1 files changed, 12 insertions, 27 deletions
diff --git a/wqflask/wqflask/decorators.py b/wqflask/wqflask/decorators.py index 843539ee..a4ff7ce3 100644 --- a/wqflask/wqflask/decorators.py +++ b/wqflask/wqflask/decorators.py @@ -1,9 +1,7 @@ """This module contains gn2 decorators""" -import hashlib -import hmac import redis -from flask import current_app, g +from flask import current_app, g, request from typing import Dict from urllib.parse import urljoin from functools import wraps @@ -14,18 +12,12 @@ import json import requests -def create_hmac(data: str, secret: str) -> str: - return hmac.new(bytearray(secret, "latin-1"), - bytearray(data, "utf-8"), - hashlib.sha1).hexdigest()[:20] - - def login_required(f): """Use this for endpoints where login is required""" @wraps(f) def wrap(*args, **kwargs): user_id = (g.user_session.record.get(b"user_id", - b"").decode("utf-8") or + b"").decode("utf-8") or g.user_session.record.get("user_id", "")) redis_conn = redis.from_url(current_app.config["REDIS_URL"], decode_responses=True) @@ -40,28 +32,21 @@ def edit_access_required(f): @wraps(f) def wrap(*args, **kwargs): resource_id: str = "" - if kwargs.get("inbredset_id"): # data type: dataset-publish - resource_id = create_hmac( - data=("dataset-publish:" - f"{kwargs.get('inbredset_id')}:" - f"{kwargs.get('name')}"), - secret=current_app.config.get("SECRET_HMAC_CODE")) - if kwargs.get("dataset_name"): # data type: dataset-probe - resource_id = create_hmac( - data=("dataset-probeset:" - f"{kwargs.get('dataset_name')}"), - secret=current_app.config.get("SECRET_HMAC_CODE")) - if kwargs.get("resource_id"): # The resource_id is already provided + if request.args.get("resource-id"): + resource_id = request.args.get("resource-id") + elif kwargs.get("resource_id"): resource_id = kwargs.get("resource_id") response: Dict = {} try: - _user_id = g.user_session.record.get(b"user_id", - "").decode("utf-8") + _user_id = (g.user_session.record.get(b"user_id", + b"").decode("utf-8") or + g.user_session.record.get("user_id", "")) response = json.loads( requests.get(urljoin( current_app.config.get("GN2_PROXY"), ("available?resource=" f"{resource_id}&user={_user_id}"))).content) + except: response = {} if max([DataRole(role) for role in response.get( @@ -78,8 +63,9 @@ def edit_admins_access_required(f): resource_id: str = kwargs.get("resource_id", "") response: Dict = {} try: - _user_id = g.user_session.record.get(b"user_id", - "").decode("utf-8") + _user_id = (g.user_session.record.get(b"user_id", + b"").decode("utf-8") or + g.user_session.record.get("user_id", "")) response = json.loads( requests.get(urljoin( current_app.config.get("GN2_PROXY"), @@ -92,4 +78,3 @@ def edit_admins_access_required(f): return "You need to have edit-admins access", 401 return f(*args, **kwargs) return wrap - |