aboutsummaryrefslogtreecommitdiff
path: root/wqflask/utility
diff options
context:
space:
mode:
authorzsloan2020-06-17 16:28:15 -0500
committerzsloan2020-06-17 16:28:15 -0500
commitfcb3cb1105cf2a1d97c1a08fa636b118ed231ffa (patch)
treecab30579676503bef2596206684a66783bde6832 /wqflask/utility
parent15f5df7fe795a32e2d61dd11f825e53b1a1175ec (diff)
downloadgenenetwork2-fcb3cb1105cf2a1d97c1a08fa636b118ed231ffa.tar.gz
A user's id is now set as a parameter if it doesn't already existauthentication_test
Diffstat (limited to 'wqflask/utility')
-rw-r--r--wqflask/utility/authentication_tools.py30
-rw-r--r--wqflask/utility/redis_tools.py4
2 files changed, 20 insertions, 14 deletions
diff --git a/wqflask/utility/authentication_tools.py b/wqflask/utility/authentication_tools.py
index 07ceacc0..dfa0e2d9 100644
--- a/wqflask/utility/authentication_tools.py
+++ b/wqflask/utility/authentication_tools.py
@@ -7,6 +7,7 @@ from base import data_set
from utility import hmac
from utility.redis_tools import get_redis_conn, get_resource_info, get_resource_id
+Redis = get_redis_conn()
from flask import Flask, g, redirect, url_for
@@ -14,8 +15,12 @@ import logging
logger = logging.getLogger(__name__ )
def check_resource_availability(dataset, trait_id=None):
- resource_id = get_resource_id(dataset, trait_id)
+ #ZS: Check if super-user - we should probably come up with some way to integrate this into the proxy
+ if g.user_session.user_id in Redis.smembers("super_users"):
+ return "edit"
+
+ resource_id = get_resource_id(dataset, trait_id)
response = None
if resource_id:
resource_info = get_resource_info(resource_id)
@@ -68,19 +73,16 @@ def check_owner(dataset=None, trait_id=None, resource_id=None):
return False
def check_owner_or_admin(dataset=None, trait_id=None, resource_id=None):
- if resource_id:
- resource_info = get_resource_info(resource_id)
- if g.user_session.user_id == resource_info['owner_id']:
- return [resource_id, "owner"]
- else:
- return [resource_id, check_admin(resource_id)]
- else:
+ if not resource_id:
resource_id = get_resource_id(dataset, trait_id)
- if resource_id:
- resource_info = get_resource_info(resource_id)
- if g.user_session.user_id == resource_info['owner_id']:
- return [resource_id, "owner"]
- else:
- return [resource_id, check_admin(resource_id)]
+
+ if g.user_session.user_id in Redis.smembers("super_users"):
+ return [resource_id, "owner"]
+
+ resource_info = get_resource_info(resource_id)
+ if g.user_session.user_id == resource_info['owner_id']:
+ return [resource_id, "owner"]
+ else:
+ return [resource_id, check_admin(resource_id)]
return [resource_id, "not-admin"] \ No newline at end of file
diff --git a/wqflask/utility/redis_tools.py b/wqflask/utility/redis_tools.py
index c6d221ff..9d09a66b 100644
--- a/wqflask/utility/redis_tools.py
+++ b/wqflask/utility/redis_tools.py
@@ -30,6 +30,7 @@ def is_redis_available():
def get_user_id(column_name, column_value):
user_list = Redis.hgetall("users")
+ key_list = []
for key in user_list:
user_ob = json.loads(user_list[key])
if column_name in user_ob and user_ob[column_name] == column_value:
@@ -62,6 +63,9 @@ def get_users_like_unique_column(column_name, column_value):
if column_name != "user_id":
for key in user_list:
user_ob = json.loads(user_list[key])
+ if "user_id" not in user_ob:
+ set_user_attribute(key, "user_id", key)
+ user_ob["user_id"] = key
if column_name in user_ob:
if column_value in user_ob[column_name]:
matched_users.append(user_ob)