From 9496c645af96c31ee20c7cf15721396c7d16248f Mon Sep 17 00:00:00 2001 From: BonfaceKilz Date: Tue, 25 May 2021 14:04:32 +0300 Subject: Use @admin_login_required to only enable Rob to do edits to traits * wqflask/wqflask/decorators.py (admin_login_required): New decorator. * wqflask/wqflask/views.py (edit_trait): Use admin_login_required decorator. --- wqflask/wqflask/decorators.py | 14 ++++++++++++++ wqflask/wqflask/views.py | 2 ++ 2 files changed, 16 insertions(+) create mode 100644 wqflask/wqflask/decorators.py diff --git a/wqflask/wqflask/decorators.py b/wqflask/wqflask/decorators.py new file mode 100644 index 00000000..f0978fd3 --- /dev/null +++ b/wqflask/wqflask/decorators.py @@ -0,0 +1,14 @@ +"""This module contains gn2 decorators""" +from flask import g +from functools import wraps + + +def admin_login_required(f): + """Use this for endpoints where admins are required""" + @wraps(f) + def wrap(*args, **kwargs): + if g.user_session.record.get(b"user_email_address") not in [ + b"labwilliams@gmail.com"]: + return "You need to be admin", 401 + return f(*args, **kwargs) + return wrap diff --git a/wqflask/wqflask/views.py b/wqflask/wqflask/views.py index cd77f64f..807e162e 100644 --- a/wqflask/wqflask/views.py +++ b/wqflask/wqflask/views.py @@ -65,6 +65,7 @@ from wqflask.export_traits import export_search_results_csv from wqflask.gsearch import GSearch from wqflask.update_search_results import GSearch as UpdateGSearch from wqflask.docs import Docs, update_text +from wqflask.decorators import admin_login_required from wqflask.db_info import InfoPage from utility import temp_data @@ -422,6 +423,7 @@ def submit_trait_form(): @app.route("/trait//edit/") +@admin_login_required def edit_trait(name, inbred_set_id): conn = MySQLdb.Connect(db=current_app.config.get("DB_NAME"), user=current_app.config.get("DB_USER"), -- cgit v1.2.3