From 562413ba51fa64b3cdb340d54c888ca555004e06 Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Mon, 24 Jul 2023 11:26:03 +0300 Subject: Check user is logged in before checking privileges For editing, ensure the user is logged in before even attempting to check the authorisation privileges. --- wqflask/wqflask/metadata_edits.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/wqflask/wqflask/metadata_edits.py b/wqflask/wqflask/metadata_edits.py index e3e8cf15..d33dc55d 100644 --- a/wqflask/wqflask/metadata_edits.py +++ b/wqflask/wqflask/metadata_edits.py @@ -105,9 +105,9 @@ def edit_phenotype(conn, name, dataset_id): @metadata_edit.route("//traits/") +@login_required(pagename="phenotype edit") @required_access( ("group:resource:view-resource", "group:resource:edit-resource")) -@login_required(pagename="phenotype edit") def display_phenotype_metadata(dataset_id: str, name: str): from utility.tools import get_setting with database_connection(get_setting("SQL_URI")) as conn: @@ -150,9 +150,9 @@ def display_probeset_metadata(name: str): @metadata_edit.route("//traits/", methods=("POST",)) +@login_required(pagename="phenotype update") @required_access( ("group:resource:view-resource", "group:resource:edit-resource")) -@login_required(pagename="phenotype update") def update_phenotype(dataset_id: str, name: str): from utility.tools import get_setting data_ = request.form.to_dict() @@ -655,10 +655,10 @@ def __authorised_p__(dataset_name, trait_name): ).either(__error__, __success__) @metadata_edit.route("/diffs//reject") +@login_required(pagename="sample data rejection") @required_access( ("group:resource:view-resource", "group:resource:edit-resource"), trait_key="trait_name") -@login_required(pagename="sample data rejection") def reject_data(resource_id: str, file_name: str): diffs_page = redirect(url_for("metadata_edit.list_diffs")) TMPDIR = current_app.config.get("TMPDIR") @@ -682,10 +682,10 @@ def reject_data(resource_id: str, file_name: str): return diffs_page @metadata_edit.route("/diffs//approve") +@login_required(pagename="Sample Data Approval") @required_access( ("group:resource:view-resource", "group:resource:edit-resource"), trait_key="trait_name") -@login_required(pagename="Sample Data Approval") def approve_data(resource_id: str, file_name: str): from utility.tools import get_setting sample_data = {file_name: str} -- cgit v1.2.3