diff options
| author | Frederick Muriuki Muriithi | 2023-06-26 08:36:10 +0300 |
|---|---|---|
| committer | Frederick Muriuki Muriithi | 2023-06-26 08:36:10 +0300 |
| commit | e2c83f971c1ba251dba7df196883bd468a19c022 (patch) | |
| tree | 3b11dc308c505f0abaa787458a5f9d8f4c46233a | |
| parent | 971d29e82391cc269405f59b5aad5f31061b633d (diff) | |
| download | genenetwork2-e2c83f971c1ba251dba7df196883bd468a19c022.tar.gz | |
Bug: Pass the dataset name/id for authorisation checks
The new authorisation checks need the dataset name/id for checking the
access level the user has on any data. This commit passes the dataset
name/id through the requests.
We also add some exceptions to ensure that this data is passed through
before even attempting to check for the authorisation.
| -rw-r--r-- | wqflask/wqflask/decorators.py | 10 | ||||
| -rw-r--r-- | wqflask/wqflask/metadata_edits.py | 2 | ||||
| -rw-r--r-- | wqflask/wqflask/templates/edit_probeset.html | 4 |
3 files changed, 14 insertions, 2 deletions
diff --git a/wqflask/wqflask/decorators.py b/wqflask/wqflask/decorators.py index b281e9bd..e33e6bb6 100644 --- a/wqflask/wqflask/decorators.py +++ b/wqflask/wqflask/decorators.py @@ -113,9 +113,19 @@ def required_access(access_levels: tuple[str, ...], dataset_name = kwargs.get( dataset_key, request.args.get(dataset_key, request.form.get(dataset_key, ""))) + if not bool(dataset_name): + raise AuthorisationError( + "DeveloperError: Dataset name not provided. It is needed " + "for the authorisation checks.", + session_info()["user"]) trait_name = kwargs.get( trait_key, request.args.get(trait_key, request.form.get(trait_key, ""))) + if not bool(trait_name): + raise AuthorisationError( + "DeveloperError: Trait name not provided. It is needed for " + "the authorisation checks.", + session_info()["user"]) return client.post( "oauth2/data/authorisation", json={"traits": [f"{dataset_name}::{trait_name}"]}).either( diff --git a/wqflask/wqflask/metadata_edits.py b/wqflask/wqflask/metadata_edits.py index ca7e8ae7..d24a3098 100644 --- a/wqflask/wqflask/metadata_edits.py +++ b/wqflask/wqflask/metadata_edits.py @@ -166,6 +166,7 @@ def display_probeset_metadata(name: str): name=name, resource_id=request.args.get("resource-id"), version=os.environ.get("GN_VERSION"), + dataset_name=request.args["dataset_name"] ) @@ -484,6 +485,7 @@ def update_probeset(name: str): return redirect( f"/datasets/traits/{name}" f"?resource-id={request.args.get('resource-id')}" + f"&dataset_name={request.args['dataset_id']}" ) diff --git a/wqflask/wqflask/templates/edit_probeset.html b/wqflask/wqflask/templates/edit_probeset.html index c5ef992e..02185c2a 100644 --- a/wqflask/wqflask/templates/edit_probeset.html +++ b/wqflask/wqflask/templates/edit_probeset.html @@ -32,9 +32,9 @@ <h1>Probeset Editing Form: {{ probeset.name }}</h1> <small><a href="{{url_for('metadata_edit.show_history', name=name)}}" target="_blank">[View History]</a></small> </div> - <form id="edit-form" class="container form-horizontal" method="post" action="/datasets/traits/{{ name }}?resource-id={{ resource_id }}" enctype='multipart/form-data'> + <form id="edit-form" class="container form-horizontal" method="post" action="/datasets/traits/{{name}}?resource-id={{resource_id}}&dataset_id={{dataset_name}}" enctype='multipart/form-data'> <div class="form-group"> - <div class="controls left-block col-sm-8 col-lg-8" style="width: max-content;"> + <div class="controls left-block col-sm-8 col-lg-8" style="width: max-content;"> <input name="id" class="changed" type="hidden" value="{{ probeset.id_ }}"/> <input name="old_id_" class="changed" type="hidden" value="{{ probeset.id_ }}"/> <input name="probeset_name" class="changed" type="hidden" value="{{ probeset.name }}"/> |