wqflask: decorators: Make `edit_access_required` more generic

This now supports passing the `resource_id` directly.

1 files changed, 7 insertions, 4 deletions

diff --git a/wqflask/wqflask/decorators.py b/wqflask/wqflask/decorators.py
index b1141fb7..13867cda 100644
--- a/wqflask/wqflask/decorators.py
+++ b/wqflask/wqflask/decorators.py
@@ -6,6 +6,7 @@ import redis
 from flask import current_app, g
 from typing import Dict
 from functools import wraps
+from wqflask.access_roles import DataRole
 
 import json
 import requests
@@ -33,7 +34,7 @@ def login_required(f):
 
 
 def edit_access_required(f):
-    """Use this for endpoints where admins are required"""
+    """Use this for endpoints where people with admin or edit privileges are required"""
     @wraps(f)
     def wrap(*args, **kwargs):
         resource_id: str = ""
@@ -48,6 +49,8 @@ def edit_access_required(f):
                 data=("dataset-probeset:"
                       f"{kwargs.get('dataset_name')}"),
                 secret=current_app.config.get("SECRET_HMAC_CODE"))
+        if kwargs.get("resource_id"):  # The resource_id is already provided
+            resource_id = kwargs.get("resource_id")
         response: Dict = {}
         try:
             _user_id = g.user_session.record.get(b"user_id",
@@ -57,8 +60,8 @@ def edit_access_required(f):
                                 f"{resource_id}&user={_user_id}").content)
         except:
             response = {}
-
-        if "edit" not in response.get("data", []):
-            return "You need to be admin", 401
+        if max([DataRole(role) for role in response.get(
+                "data", ["no-access"])]) < DataRole.EDIT:
+            return "You need to have edit access", 401
         return f(*args, **kwargs)
     return wrap