diff options
author | zsloan | 2022-03-17 21:56:58 +0000 |
---|---|---|
committer | zsloan | 2022-03-17 16:58:42 -0500 |
commit | d85621bbba76a3dd50aea8a86eacf3c326a169c1 (patch) | |
tree | 52157ddac8e1d012b9d3ae45f7cb04a227fb40c4 /wqflask | |
parent | 4817ba35c1ca48ac1afa22ddc6ff6f167c6ee1cf (diff) | |
download | genenetwork2-d85621bbba76a3dd50aea8a86eacf3c326a169c1.tar.gz |
Fix authentication for phenotype search results
Previously authentication didn't work correctly if users had "edit" privileges, because the code specifically looked for just "view"; this changes it to check for either "view" or "edit"
Diffstat (limited to 'wqflask')
-rw-r--r-- | wqflask/wqflask/search_results.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/wqflask/wqflask/search_results.py b/wqflask/wqflask/search_results.py index 6062f354..807e7305 100644 --- a/wqflask/wqflask/search_results.py +++ b/wqflask/wqflask/search_results.py @@ -148,7 +148,7 @@ class SearchResultPage: trait_dict['name'] = trait_dict['display_name'] = str(result[0]) trait_dict['hmac'] = hmac.data_hmac('{}:{}'.format(trait_dict['name'], trait_dict['dataset'])) permissions = check_resource_availability(self.dataset, trait_dict['display_name']) - if "view" not in permissions['data']: + if not any(x in permissions['data'] for x in ["view", "edit"]): continue if result[10]: |