diff options
author | Munyoki Kilyungi | 2024-03-22 23:40:52 +0300 |
---|---|---|
committer | BonfaceKilz | 2024-03-26 10:01:13 +0300 |
commit | f16d079979cf84894892ab876421f64d9687e57c (patch) | |
tree | 3dbffa4c7a2df0e2ff92ca21a9c6aa9e7653a233 /gn2 | |
parent | ef1f109e795845e2f50a7230da7ff292415df450 (diff) | |
download | genenetwork2-f16d079979cf84894892ab876421f64d9687e57c.tar.gz |
Implement "require_oauth2_edit_resource_access" decorator.
* gn2/wqflask/oauth2/checks.py (require_oauth2): New function.
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
Diffstat (limited to 'gn2')
-rw-r--r-- | gn2/wqflask/oauth2/checks.py | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/gn2/wqflask/oauth2/checks.py b/gn2/wqflask/oauth2/checks.py index 9a633b95..5f0d1376 100644 --- a/gn2/wqflask/oauth2/checks.py +++ b/gn2/wqflask/oauth2/checks.py @@ -39,3 +39,26 @@ def require_oauth2(func): return session.user_token().either(__clear_session__, __with_token__) return __token_valid__ + + +def require_oauth2_edit_resource_access(func): + """Check if a user has edit access for a given resource.""" + @wraps(func) + def __check_edit_access__(*args, **kwargs): + # Check edit access, if not return to the same page. + + # This is for a GET + resource_name = request.args.get("name", "") + # And for a POST request. + if request.method == "POST": + resource_name = request.form.get("name", "") + result = oauth2_get( + f"auth/resource/authorisation/{resource_name}" + ).either( + lambda _: {"roles": []}, + lambda val: val + ) + if "group:resource:edit-resource" not in result.get("roles", []): + return redirect(f"/datasets/{resource_name}") + return func(*args, **kwargs) + return __check_edit_access__ |