aboutsummaryrefslogtreecommitdiff
path: root/gn2
diff options
context:
space:
mode:
authorMunyoki Kilyungi2024-03-22 23:40:52 +0300
committerBonfaceKilz2024-03-26 10:01:13 +0300
commitf16d079979cf84894892ab876421f64d9687e57c (patch)
tree3dbffa4c7a2df0e2ff92ca21a9c6aa9e7653a233 /gn2
parentef1f109e795845e2f50a7230da7ff292415df450 (diff)
downloadgenenetwork2-f16d079979cf84894892ab876421f64d9687e57c.tar.gz
Implement "require_oauth2_edit_resource_access" decorator.
* gn2/wqflask/oauth2/checks.py (require_oauth2): New function. Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
Diffstat (limited to 'gn2')
-rw-r--r--gn2/wqflask/oauth2/checks.py23
1 files changed, 23 insertions, 0 deletions
diff --git a/gn2/wqflask/oauth2/checks.py b/gn2/wqflask/oauth2/checks.py
index 9a633b95..5f0d1376 100644
--- a/gn2/wqflask/oauth2/checks.py
+++ b/gn2/wqflask/oauth2/checks.py
@@ -39,3 +39,26 @@ def require_oauth2(func):
return session.user_token().either(__clear_session__, __with_token__)
return __token_valid__
+
+
+def require_oauth2_edit_resource_access(func):
+ """Check if a user has edit access for a given resource."""
+ @wraps(func)
+ def __check_edit_access__(*args, **kwargs):
+ # Check edit access, if not return to the same page.
+
+ # This is for a GET
+ resource_name = request.args.get("name", "")
+ # And for a POST request.
+ if request.method == "POST":
+ resource_name = request.form.get("name", "")
+ result = oauth2_get(
+ f"auth/resource/authorisation/{resource_name}"
+ ).either(
+ lambda _: {"roles": []},
+ lambda val: val
+ )
+ if "group:resource:edit-resource" not in result.get("roles", []):
+ return redirect(f"/datasets/{resource_name}")
+ return func(*args, **kwargs)
+ return __check_edit_access__