Add placeholder check for privileges
HEAD mainFor now, only one user is allowed to delete data from Genenetwork. To
get the code online as quickly as possible, in order to test out the
system, I have elected to do a quick and dirty check that prevents
everyone except @acenteno from being able to delete data from the
system.
To fix this, I'll need to actually implement (a) new role(s) to grant
certain users special permissions on **ALL** the data in the system
regardless of who owns it.
1 files changed, 4 insertions, 0 deletions
diff --git a/gn_auth/auth/authorisation/data/phenotypes.py b/gn_auth/auth/authorisation/data/phenotypes.py
index d484c44..d335314 100644
--- a/gn_auth/auth/authorisation/data/phenotypes.py
+++ b/gn_auth/auth/authorisation/data/phenotypes.py
@@ -232,6 +232,10 @@ def delete_linked_phenotypes_data(
authdb.connection(db_uri) as auth_conn,
authdb.cursor(auth_conn) as cursor):
# TODO: Check for user privileges here.
+ if _token.user.email not in (
+ 'acenteno@gmail.com', 'acenteno@uthsc.edu'):
+ raise AuthorisationError(
+ "You are not allowed to delete this resource's data.")
# - Does user have DELETE privilege on system (i.e. is data curator)?
# YES: go ahead and delete data as below.
# - Does user have DELETE privilege on resource(s)?
|
