From 6857bed21319f88895404548a10e010d5cbe1a02 Mon Sep 17 00:00:00 2001 From: John Nduli Date: Thu, 5 Sep 2024 02:09:50 +0300 Subject: feat: require auth for edit api call --- gn3/api/metadata_api/wiki.py | 2 ++ gn3/db/wiki.py | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/gn3/api/metadata_api/wiki.py b/gn3/api/metadata_api/wiki.py index 6436f3d..72bbda2 100644 --- a/gn3/api/metadata_api/wiki.py +++ b/gn3/api/metadata_api/wiki.py @@ -2,6 +2,7 @@ import datetime from typing import Any, Dict +from gn3.auth.authorisation.oauth2.resource_server import require_oauth from flask import Blueprint, request, jsonify, current_app, make_response from gn3 import db_utils from gn3.db import wiki @@ -13,6 +14,7 @@ wiki_blueprint = Blueprint("wiki", __name__, url_prefix="wiki") @wiki_blueprint.route("//edit", methods=["POST"]) +@require_oauth("profile") def edit_wiki(comment_id: int): """Edit wiki comment. This is achieved by adding another entry with a new VersionId""" # FIXME: attempt to check and fix for types here with relevant errors diff --git a/gn3/db/wiki.py b/gn3/db/wiki.py index 7ef5e68..973175a 100644 --- a/gn3/db/wiki.py +++ b/gn3/db/wiki.py @@ -21,14 +21,14 @@ def get_latest_comment(connection, comment_id: int) -> int: """ cursor.execute(query, (str(comment_id),)) result = cursor.fetchone() - result["pubmed_ids"] = [x.strip() for x in result["pubmed_ids"].split()] + result["pubmed_ids"] = [x.strip() for x in result.get("pubmed_ids", "").split()] categories_query = """ SELECT grx.GeneRIFId, grx.versionId, gc.Name FROM GeneRIFXRef grx INNER JOIN GeneCategory gc ON grx.GeneCategoryId=gc.Id WHERE GeneRIFId = %s AND versionId=%s; """ - cursor.execute(categories_query, (comment_id, result["version"])) + cursor.execute(categories_query, (str(comment_id), result["version"])) categories = cursor.fetchall() result["categories"] = [x["Name"] for x in categories] return result -- cgit v1.2.3