about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--wqflask/wqflask/decorators.py26
1 files changed, 24 insertions, 2 deletions
diff --git a/wqflask/wqflask/decorators.py b/wqflask/wqflask/decorators.py
index f6e3eb8a..54aa6795 100644
--- a/wqflask/wqflask/decorators.py
+++ b/wqflask/wqflask/decorators.py
@@ -1,14 +1,36 @@
 """This module contains gn2 decorators"""
 from flask import g
+from typing import Dict
 from functools import wraps
+from utility.hmac import hmac_creation
+
+import json
+import requests
 
 
 def edit_access_required(f):
     """Use this for endpoints where admins are required"""
     @wraps(f)
     def wrap(*args, **kwargs):
-        if g.user_session.record.get(b"user_email_address") not in [
-                b"labwilliams@gmail.com"]:
+        resource_id: str = ""
+        if kwargs.get("inbredset_id"):  # data type: dataset-publish
+            resource_id = hmac_creation("dataset-publish:"
+                                        f"{kwargs.get('inbredset_id')}:"
+                                        f"{kwargs.get('name')}")
+        if kwargs.get("dataset_name"):  # data type: dataset-probe
+            resource_id = hmac_creation("dataset-probeset:"
+                                        f"{kwargs.get('dataset_name')}")
+        response: Dict = {}
+        try:
+            _user_id = g.user_session.record.get(b"user_id",
+                                                 "").decode("utf-8")
+            response = json.loads(
+                requests.get("http://localhost:8080/"
+                             "available?resource="
+                             f"{resource_id}&user={_user_id}").content)
+        except:
+            response = {}
+        if "edit" not in response.get("data", []):
             return "You need to be admin", 401
         return f(*args, **kwargs)
     return wrap
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-10-06 15:48:17 +0000