about summary refs log tree commit diff
path: root/wqflask
diff options
context:
space:
mode:
authorBonfaceKilz2021-09-21 21:36:32 +0300
committerBonfaceKilz2021-10-04 13:00:53 +0300
commit7f317126d7d422b073cb4e4a8698757fe1e763f3 (patch)
tree64ec7d7bc95784e66f08a75322809f988a3cf7b9 /wqflask
parent266d4c4a425ca0a215c8d789e2978d213d5ff37d (diff)
downloadgenenetwork2-7f317126d7d422b073cb4e4a8698757fe1e763f3.tar.gz
Replace hard-coded e-mails with gn-proxy queries
* wqflask/wqflask/decorators.py (edit_access_required.wrap): Query the
proxy to see the access rights of a given user.
Diffstat (limited to 'wqflask')
-rw-r--r--wqflask/wqflask/decorators.py26
1 files changed, 24 insertions, 2 deletions
diff --git a/wqflask/wqflask/decorators.py b/wqflask/wqflask/decorators.py
index f6e3eb8a..54aa6795 100644
--- a/wqflask/wqflask/decorators.py
+++ b/wqflask/wqflask/decorators.py
@@ -1,14 +1,36 @@
 """This module contains gn2 decorators"""
 from flask import g
+from typing import Dict
 from functools import wraps
+from utility.hmac import hmac_creation
+
+import json
+import requests
 
 
 def edit_access_required(f):
     """Use this for endpoints where admins are required"""
     @wraps(f)
     def wrap(*args, **kwargs):
-        if g.user_session.record.get(b"user_email_address") not in [
-                b"labwilliams@gmail.com"]:
+        resource_id: str = ""
+        if kwargs.get("inbredset_id"):  # data type: dataset-publish
+            resource_id = hmac_creation("dataset-publish:"
+                                        f"{kwargs.get('inbredset_id')}:"
+                                        f"{kwargs.get('name')}")
+        if kwargs.get("dataset_name"):  # data type: dataset-probe
+            resource_id = hmac_creation("dataset-probeset:"
+                                        f"{kwargs.get('dataset_name')}")
+        response: Dict = {}
+        try:
+            _user_id = g.user_session.record.get(b"user_id",
+                                                 "").decode("utf-8")
+            response = json.loads(
+                requests.get("http://localhost:8080/"
+                             "available?resource="
+                             f"{resource_id}&user={_user_id}").content)
+        except:
+            response = {}
+        if "edit" not in response.get("data", []):
             return "You need to be admin", 401
         return f(*args, **kwargs)
     return wrap