diff options
author | BonfaceKilz | 2021-05-25 14:04:32 +0300 |
---|---|---|
committer | BonfaceKilz | 2021-05-26 20:01:28 +0300 |
commit | 9496c645af96c31ee20c7cf15721396c7d16248f (patch) | |
tree | 121586ece787d1fe8d0e4778b7e07ad51ab58155 /wqflask | |
parent | 7d3edb7ce668df5d072ed87a755f61782bb30a82 (diff) | |
download | genenetwork2-9496c645af96c31ee20c7cf15721396c7d16248f.tar.gz |
Use @admin_login_required to only enable Rob to do edits to traits
* wqflask/wqflask/decorators.py (admin_login_required): New decorator.
* wqflask/wqflask/views.py (edit_trait): Use admin_login_required
decorator.
Diffstat (limited to 'wqflask')
-rw-r--r-- | wqflask/wqflask/decorators.py | 14 | ||||
-rw-r--r-- | wqflask/wqflask/views.py | 2 |
2 files changed, 16 insertions, 0 deletions
diff --git a/wqflask/wqflask/decorators.py b/wqflask/wqflask/decorators.py new file mode 100644 index 00000000..f0978fd3 --- /dev/null +++ b/wqflask/wqflask/decorators.py @@ -0,0 +1,14 @@ +"""This module contains gn2 decorators""" +from flask import g +from functools import wraps + + +def admin_login_required(f): + """Use this for endpoints where admins are required""" + @wraps(f) + def wrap(*args, **kwargs): + if g.user_session.record.get(b"user_email_address") not in [ + b"labwilliams@gmail.com"]: + return "You need to be admin", 401 + return f(*args, **kwargs) + return wrap diff --git a/wqflask/wqflask/views.py b/wqflask/wqflask/views.py index cd77f64f..807e162e 100644 --- a/wqflask/wqflask/views.py +++ b/wqflask/wqflask/views.py @@ -65,6 +65,7 @@ from wqflask.export_traits import export_search_results_csv from wqflask.gsearch import GSearch from wqflask.update_search_results import GSearch as UpdateGSearch from wqflask.docs import Docs, update_text +from wqflask.decorators import admin_login_required from wqflask.db_info import InfoPage from utility import temp_data @@ -422,6 +423,7 @@ def submit_trait_form(): @app.route("/trait/<name>/edit/<inbred_set_id>") +@admin_login_required def edit_trait(name, inbred_set_id): conn = MySQLdb.Connect(db=current_app.config.get("DB_NAME"), user=current_app.config.get("DB_USER"), |