about summary refs log tree commit diff
path: root/wqflask
diff options
context:
space:
mode:
Diffstat (limited to 'wqflask')
-rw-r--r--wqflask/wqflask/decorators.py25
1 files changed, 25 insertions, 0 deletions
diff --git a/wqflask/wqflask/decorators.py b/wqflask/wqflask/decorators.py
index edbea90f..cd06aee7 100644
--- a/wqflask/wqflask/decorators.py
+++ b/wqflask/wqflask/decorators.py
@@ -7,6 +7,7 @@ from flask import current_app, g
 from typing import Dict
 from urllib.parse import urljoin
 from functools import wraps
+from wqflask.access_roles import AdminRole
 from wqflask.access_roles import DataRole
 
 import json
@@ -68,3 +69,27 @@ def edit_access_required(f):
             return "You need to have edit access", 401
         return f(*args, **kwargs)
     return wrap
+
+
+def edit_admins_access_required(f):
+    """Use this for endpoints where ownership of a resource is required"""
+    @wraps(f)
+    def wrap(*args, **kwargs):
+        resource_id: str = kwargs.get("resource_id", "")
+        response: Dict = {}
+        try:
+            _user_id = g.user_session.record.get(b"user_id",
+                                                 "").decode("utf-8")
+            response = json.loads(
+                requests.get(urljoin(
+                    current_app.config.get("GN2_PROXY"),
+                    ("available?resource="
+                     f"{resource_id}&user={_user_id}"))).content)
+        except:
+            response = {}
+        if max([AdminRole(role) for role in response.get(
+                "data", ["not-admin"])]) >= AdminRole.EDIT_ADMINS:
+            return "You need to have edit-admins access", 401
+        return f(*args, **kwargs)
+    return wrap
+
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-10-06 20:33:53 +0000