From 75802ed1f9e5d955987bf5f5eb78a9cb120116ec Mon Sep 17 00:00:00 2001
From: zsloan
Date: Sat, 20 Jun 2020 17:33:22 -0500
Subject: Added some admin functionality and fixed issue with temp traits

---
 wqflask/utility/authentication_tools.py | 79 ++++++++++++++++++---------------
 1 file changed, 42 insertions(+), 37 deletions(-)

(limited to 'wqflask/utility/authentication_tools.py')

diff --git a/wqflask/utility/authentication_tools.py b/wqflask/utility/authentication_tools.py
index dfa0e2d9..6c88949b 100644
--- a/wqflask/utility/authentication_tools.py
+++ b/wqflask/utility/authentication_tools.py
@@ -3,7 +3,7 @@ from __future__ import absolute_import, print_function, division
 import json
 import requests
 
-from base import data_set
+from base import data_set, webqtlConfig
 
 from utility import hmac
 from utility.redis_tools import get_redis_conn, get_resource_info, get_resource_id
@@ -18,45 +18,47 @@ def check_resource_availability(dataset, trait_id=None):
 
     #ZS: Check if super-user - we should probably come up with some way to integrate this into the proxy
     if g.user_session.user_id in Redis.smembers("super_users"):
-        return "edit"
+       return webqtlConfig.SUPER_PRIVILEGES
 
-    resource_id = get_resource_id(dataset, trait_id)
     response = None
-    if resource_id:
-        resource_info = get_resource_info(resource_id)
-
-        the_url = "http://localhost:8080/available?resource={}&user={}".format(resource_id, g.user_session.user_id)
-        try:
-            response = json.loads(requests.get(the_url).content)['data']
-        except:
-            response = resource_info['default_mask']['data']
 
-        if 'edit' in response:
-            return "edit"
-        elif 'view' in response:
-            return "view"
-        else:
-            return "no-access"
+    #At least for now assume temporary entered traits are accessible#At least for now assume temporary entered traits are accessible
+    if type(dataset) == str:
+        return webqtlConfig.DEFAULT_PRIVILEGES
+    if dataset.type == "Temp":
+        return webqtlConfig.DEFAULT_PRIVILEGES
 
-    return False
+    resource_id = get_resource_id(dataset, trait_id)
 
-def check_admin(resource_id=None):
+    if resource_id:
+        resource_info = get_resource_info(resource_id)
+    else:
+        return response #ZS: Need to substitute in something that creates the resource in Redis later
 
-    return "not-admin"
+    the_url = "http://localhost:8081/available?resource={}&user={}".format(resource_id, g.user_session.user_id)
+    try:
+        response = json.loads(requests.get(the_url).content)
+    except:
+        response = resource_info['default_mask']
 
-    # ZS: commented out until proxy can return this
-    # the_url = "http://localhost:8080/available?resource={}&user={}".format(resource_id, g.user_session.user_id)
-    # try:
-    #     response = json.loads(requests.get(the_url).content)
-    # except:
-    #     response = resource_info['default_mask']['admin']
+    if response:
+        return response
+    else: #ZS: No idea how this would happen, but just in case
+        return False
 
-    # if 'edit-admins' in response:
-    #     return "edit-admins"
-    # elif 'edit-access' in response:
-    #     return "edit-access"
-    # else:
-    #     return "not-admin"
+def check_admin(resource_id=None):
+    the_url = "http://localhost:8081/available?resource={}&user={}".format(resource_id, g.user_session.user_id)
+    try:
+        response = json.loads(requests.get(the_url).content)['admin']
+    except:
+        response = resource_info['default_mask']['admin']
+
+    if 'edit-admins' in response:
+        return "edit-admins"
+    elif 'edit-access' in response:
+        return "edit-access"
+    else:
+        return "not-admin"
 
 def check_owner(dataset=None, trait_id=None, resource_id=None):
     if resource_id:
@@ -74,15 +76,18 @@ def check_owner(dataset=None, trait_id=None, resource_id=None):
 
 def check_owner_or_admin(dataset=None, trait_id=None, resource_id=None):
     if not resource_id:
-        resource_id = get_resource_id(dataset, trait_id)
+        if dataset.type == "Temp":
+            return "not-admin"
+        else:
+            resource_id = get_resource_id(dataset, trait_id)
 
     if g.user_session.user_id in Redis.smembers("super_users"):
-        return [resource_id, "owner"]
+        return "owner"
 
     resource_info = get_resource_info(resource_id)
     if g.user_session.user_id == resource_info['owner_id']:
-        return [resource_id, "owner"]
+        return "owner"
     else:
-        return [resource_id, check_admin(resource_id)]
+        return check_admin(resource_id)
 
-    return [resource_id, "not-admin"]
\ No newline at end of file
+    return "not-admin"
\ No newline at end of file
-- 
cgit v1.2.3