diff options
| author | Frederick Muriuki Muriithi | 2026-01-30 09:29:59 -0600 |
|---|---|---|
| committer | Frederick Muriuki Muriithi | 2026-01-30 09:42:21 -0600 |
| commit | a96a4647cc3e35f177926ff711b1a31ab7513e03 (patch) | |
| tree | f642ebe71f3d47983013ae67b2c15daf8dcfb11b /gn_auth | |
| parent | 551012559a5872336be151b7a1364b4eb3109681 (diff) | |
| download | gn-auth-main.tar.gz | |
For now, only one user is allowed to delete data from Genenetwork. To get the code online as quickly as possible, in order to test out the system, I have elected to do a quick and dirty check that prevents everyone except @acenteno from being able to delete data from the system. To fix this, I'll need to actually implement (a) new role(s) to grant certain users special permissions on **ALL** the data in the system regardless of who owns it.
Diffstat (limited to 'gn_auth')
| -rw-r--r-- | gn_auth/auth/authorisation/data/phenotypes.py | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/gn_auth/auth/authorisation/data/phenotypes.py b/gn_auth/auth/authorisation/data/phenotypes.py index d484c44..d335314 100644 --- a/gn_auth/auth/authorisation/data/phenotypes.py +++ b/gn_auth/auth/authorisation/data/phenotypes.py @@ -232,6 +232,10 @@ def delete_linked_phenotypes_data( authdb.connection(db_uri) as auth_conn, authdb.cursor(auth_conn) as cursor): # TODO: Check for user privileges here. + if _token.user.email not in ( + 'acenteno@gmail.com', 'acenteno@uthsc.edu'): + raise AuthorisationError( + "You are not allowed to delete this resource's data.") # - Does user have DELETE privilege on system (i.e. is data curator)? # YES: go ahead and delete data as below. # - Does user have DELETE privilege on resource(s)? |