aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBonfaceKilz2021-05-25 14:04:32 +0300
committerBonfaceKilz2021-05-26 20:01:28 +0300
commit9496c645af96c31ee20c7cf15721396c7d16248f (patch)
tree121586ece787d1fe8d0e4778b7e07ad51ab58155
parent7d3edb7ce668df5d072ed87a755f61782bb30a82 (diff)
downloadgenenetwork2-9496c645af96c31ee20c7cf15721396c7d16248f.tar.gz
Use @admin_login_required to only enable Rob to do edits to traits
* wqflask/wqflask/decorators.py (admin_login_required): New decorator. * wqflask/wqflask/views.py (edit_trait): Use admin_login_required decorator.
-rw-r--r--wqflask/wqflask/decorators.py14
-rw-r--r--wqflask/wqflask/views.py2
2 files changed, 16 insertions, 0 deletions
diff --git a/wqflask/wqflask/decorators.py b/wqflask/wqflask/decorators.py
new file mode 100644
index 00000000..f0978fd3
--- /dev/null
+++ b/wqflask/wqflask/decorators.py
@@ -0,0 +1,14 @@
+"""This module contains gn2 decorators"""
+from flask import g
+from functools import wraps
+
+
+def admin_login_required(f):
+ """Use this for endpoints where admins are required"""
+ @wraps(f)
+ def wrap(*args, **kwargs):
+ if g.user_session.record.get(b"user_email_address") not in [
+ b"labwilliams@gmail.com"]:
+ return "You need to be admin", 401
+ return f(*args, **kwargs)
+ return wrap
diff --git a/wqflask/wqflask/views.py b/wqflask/wqflask/views.py
index cd77f64f..807e162e 100644
--- a/wqflask/wqflask/views.py
+++ b/wqflask/wqflask/views.py
@@ -65,6 +65,7 @@ from wqflask.export_traits import export_search_results_csv
from wqflask.gsearch import GSearch
from wqflask.update_search_results import GSearch as UpdateGSearch
from wqflask.docs import Docs, update_text
+from wqflask.decorators import admin_login_required
from wqflask.db_info import InfoPage
from utility import temp_data
@@ -422,6 +423,7 @@ def submit_trait_form():
@app.route("/trait/<name>/edit/<inbred_set_id>")
+@admin_login_required
def edit_trait(name, inbred_set_id):
conn = MySQLdb.Connect(db=current_app.config.get("DB_NAME"),
user=current_app.config.get("DB_USER"),