From 1f71672c6eb57e64299afa415569ac64dcf4a152 Mon Sep 17 00:00:00 2001
From: Munyoki Kilyungi
Date: Fri, 22 Mar 2024 23:42:29 +0300
Subject: Use "require_oauth2_edit_resource_access" for edit/save endpoints.

Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
---
 gn2/wqflask/edit.py | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'gn2/wqflask')

diff --git a/gn2/wqflask/edit.py b/gn2/wqflask/edit.py
index 36028861..8e64ad41 100644
--- a/gn2/wqflask/edit.py
+++ b/gn2/wqflask/edit.py
@@ -15,6 +15,7 @@ from flask import (Blueprint,
                    request)
 
 from gn2.wqflask.oauth2.checks import require_oauth2
+from gn2.wqflask.oauth2.checks import require_oauth2_edit_resource_access
 
 
 metadata = Blueprint("metadata", __name__)
@@ -55,6 +56,7 @@ push origin master --dry-run".split(" ")))
 
 
 @metadata.route("/edit")
+@require_oauth2_edit_resource_access
 @require_oauth2
 def metadata_edit():
     from gn2.utility.tools import GN3_LOCAL_URL
@@ -79,6 +81,7 @@ def metadata_edit():
 
 
 @metadata.route("/save", methods=["POST"])
+@require_oauth2_edit_resource_access
 @require_oauth2
 def save():
     from gn2.utility.tools import get_setting
-- 
cgit v1.2.3