feat: require auth for edit api call

2 files changed, 4 insertions, 2 deletions

diff --git a/gn3/api/metadata_api/wiki.py b/gn3/api/metadata_api/wiki.py
index 6436f3d..72bbda2 100644
--- a/gn3/api/metadata_api/wiki.py
+++ b/gn3/api/metadata_api/wiki.py
@@ -2,6 +2,7 @@
 
 import datetime
 from typing import Any, Dict
+from gn3.auth.authorisation.oauth2.resource_server import require_oauth
 from flask import Blueprint, request, jsonify, current_app, make_response
 from gn3 import db_utils
 from gn3.db import wiki
@@ -13,6 +14,7 @@ wiki_blueprint = Blueprint("wiki", __name__, url_prefix="wiki")
 
 
 @wiki_blueprint.route("/<int:comment_id>/edit", methods=["POST"])
+@require_oauth("profile")
 def edit_wiki(comment_id: int):
     """Edit wiki comment. This is achieved by adding another entry with a new VersionId"""
     # FIXME: attempt to check and fix for types here with relevant errors
diff --git a/gn3/db/wiki.py b/gn3/db/wiki.py
index 7ef5e68..973175a 100644
--- a/gn3/db/wiki.py
+++ b/gn3/db/wiki.py
@@ -21,14 +21,14 @@ def get_latest_comment(connection, comment_id: int) -> int:
     """
     cursor.execute(query, (str(comment_id),))
     result = cursor.fetchone()
-    result["pubmed_ids"] = [x.strip() for x in result["pubmed_ids"].split()]
+    result["pubmed_ids"] = [x.strip() for x in result.get("pubmed_ids", "").split()]
     categories_query = """
         SELECT grx.GeneRIFId, grx.versionId, gc.Name FROM GeneRIFXRef grx
                 INNER JOIN GeneCategory gc ON grx.GeneCategoryId=gc.Id
                 WHERE GeneRIFId = %s AND versionId=%s;
     """
 
-    cursor.execute(categories_query, (comment_id, result["version"]))
+    cursor.execute(categories_query, (str(comment_id), result["version"]))
     categories = cursor.fetchall()
     result["categories"] = [x["Name"] for x in categories]
     return result