aboutsummaryrefslogtreecommitdiff
path: root/wqflask
diff options
context:
space:
mode:
authorBonfaceKilz2021-10-26 17:10:50 +0300
committerBonfaceKilz2021-10-28 08:34:35 +0300
commit433f62500408d84a49153628384f4b4c3e9a7b2e (patch)
treec7d259d9c1f55f2c4e7fadf7a7c71bf9016ba462 /wqflask
parentca23d4ed6943d25c14ffac767b64fd60bded515e (diff)
downloadgenenetwork2-433f62500408d84a49153628384f4b4c3e9a7b2e.tar.gz
Get "resource-id" from query parameters instead of computing it
Diffstat (limited to 'wqflask')
-rw-r--r--wqflask/wqflask/decorators.py39
1 files changed, 12 insertions, 27 deletions
diff --git a/wqflask/wqflask/decorators.py b/wqflask/wqflask/decorators.py
index 843539ee..a4ff7ce3 100644
--- a/wqflask/wqflask/decorators.py
+++ b/wqflask/wqflask/decorators.py
@@ -1,9 +1,7 @@
"""This module contains gn2 decorators"""
-import hashlib
-import hmac
import redis
-from flask import current_app, g
+from flask import current_app, g, request
from typing import Dict
from urllib.parse import urljoin
from functools import wraps
@@ -14,18 +12,12 @@ import json
import requests
-def create_hmac(data: str, secret: str) -> str:
- return hmac.new(bytearray(secret, "latin-1"),
- bytearray(data, "utf-8"),
- hashlib.sha1).hexdigest()[:20]
-
-
def login_required(f):
"""Use this for endpoints where login is required"""
@wraps(f)
def wrap(*args, **kwargs):
user_id = (g.user_session.record.get(b"user_id",
- b"").decode("utf-8") or
+ b"").decode("utf-8") or
g.user_session.record.get("user_id", ""))
redis_conn = redis.from_url(current_app.config["REDIS_URL"],
decode_responses=True)
@@ -40,28 +32,21 @@ def edit_access_required(f):
@wraps(f)
def wrap(*args, **kwargs):
resource_id: str = ""
- if kwargs.get("inbredset_id"): # data type: dataset-publish
- resource_id = create_hmac(
- data=("dataset-publish:"
- f"{kwargs.get('inbredset_id')}:"
- f"{kwargs.get('name')}"),
- secret=current_app.config.get("SECRET_HMAC_CODE"))
- if kwargs.get("dataset_name"): # data type: dataset-probe
- resource_id = create_hmac(
- data=("dataset-probeset:"
- f"{kwargs.get('dataset_name')}"),
- secret=current_app.config.get("SECRET_HMAC_CODE"))
- if kwargs.get("resource_id"): # The resource_id is already provided
+ if request.args.get("resource-id"):
+ resource_id = request.args.get("resource-id")
+ elif kwargs.get("resource_id"):
resource_id = kwargs.get("resource_id")
response: Dict = {}
try:
- _user_id = g.user_session.record.get(b"user_id",
- "").decode("utf-8")
+ _user_id = (g.user_session.record.get(b"user_id",
+ b"").decode("utf-8") or
+ g.user_session.record.get("user_id", ""))
response = json.loads(
requests.get(urljoin(
current_app.config.get("GN2_PROXY"),
("available?resource="
f"{resource_id}&user={_user_id}"))).content)
+
except:
response = {}
if max([DataRole(role) for role in response.get(
@@ -78,8 +63,9 @@ def edit_admins_access_required(f):
resource_id: str = kwargs.get("resource_id", "")
response: Dict = {}
try:
- _user_id = g.user_session.record.get(b"user_id",
- "").decode("utf-8")
+ _user_id = (g.user_session.record.get(b"user_id",
+ b"").decode("utf-8") or
+ g.user_session.record.get("user_id", ""))
response = json.loads(
requests.get(urljoin(
current_app.config.get("GN2_PROXY"),
@@ -92,4 +78,3 @@ def edit_admins_access_required(f):
return "You need to have edit-admins access", 401
return f(*args, **kwargs)
return wrap
-