From 050391c297f35fa4073d3360de47b889a39f0829 Mon Sep 17 00:00:00 2001 From: BonfaceKilz Date: Wed, 20 Oct 2021 12:29:08 +0300 Subject: Add `edit_admins_required` decorator --- wqflask/wqflask/decorators.py | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'wqflask') diff --git a/wqflask/wqflask/decorators.py b/wqflask/wqflask/decorators.py index edbea90f..cd06aee7 100644 --- a/wqflask/wqflask/decorators.py +++ b/wqflask/wqflask/decorators.py @@ -7,6 +7,7 @@ from flask import current_app, g from typing import Dict from urllib.parse import urljoin from functools import wraps +from wqflask.access_roles import AdminRole from wqflask.access_roles import DataRole import json @@ -68,3 +69,27 @@ def edit_access_required(f): return "You need to have edit access", 401 return f(*args, **kwargs) return wrap + + +def edit_admins_access_required(f): + """Use this for endpoints where ownership of a resource is required""" + @wraps(f) + def wrap(*args, **kwargs): + resource_id: str = kwargs.get("resource_id", "") + response: Dict = {} + try: + _user_id = g.user_session.record.get(b"user_id", + "").decode("utf-8") + response = json.loads( + requests.get(urljoin( + current_app.config.get("GN2_PROXY"), + ("available?resource=" + f"{resource_id}&user={_user_id}"))).content) + except: + response = {} + if max([AdminRole(role) for role in response.get( + "data", ["not-admin"])]) >= AdminRole.EDIT_ADMINS: + return "You need to have edit-admins access", 401 + return f(*args, **kwargs) + return wrap + -- cgit v1.2.3