From d85621bbba76a3dd50aea8a86eacf3c326a169c1 Mon Sep 17 00:00:00 2001
From: zsloan
Date: Thu, 17 Mar 2022 21:56:58 +0000
Subject: Fix authentication for phenotype search results

Previously authentication didn't work correctly if users had "edit" privileges, because the code specifically looked for just "view"; this changes it to check for either "view" or "edit"
---
 wqflask/wqflask/search_results.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wqflask/wqflask/search_results.py b/wqflask/wqflask/search_results.py
index 6062f354..807e7305 100644
--- a/wqflask/wqflask/search_results.py
+++ b/wqflask/wqflask/search_results.py
@@ -148,7 +148,7 @@ class SearchResultPage:
                 trait_dict['name'] = trait_dict['display_name'] = str(result[0])
                 trait_dict['hmac'] = hmac.data_hmac('{}:{}'.format(trait_dict['name'], trait_dict['dataset']))
                 permissions = check_resource_availability(self.dataset, trait_dict['display_name'])
-                if "view" not in permissions['data']:
+                if not any(x in permissions['data'] for x in ["view", "edit"]):
                     continue
 
                 if result[10]:
-- 
cgit v1.2.3