diff options
Diffstat (limited to 'gn_auth/auth')
| -rw-r--r-- | gn_auth/auth/authorisation/data/phenotypes.py | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/gn_auth/auth/authorisation/data/phenotypes.py b/gn_auth/auth/authorisation/data/phenotypes.py index d484c44..d335314 100644 --- a/gn_auth/auth/authorisation/data/phenotypes.py +++ b/gn_auth/auth/authorisation/data/phenotypes.py @@ -232,6 +232,10 @@ def delete_linked_phenotypes_data( authdb.connection(db_uri) as auth_conn, authdb.cursor(auth_conn) as cursor): # TODO: Check for user privileges here. + if _token.user.email not in ( + 'acenteno@gmail.com', 'acenteno@uthsc.edu'): + raise AuthorisationError( + "You are not allowed to delete this resource's data.") # - Does user have DELETE privilege on system (i.e. is data curator)? # YES: go ahead and delete data as below. # - Does user have DELETE privilege on resource(s)? |