diff options
| author | Frederick Muriuki Muriithi | 2024-07-29 14:38:32 -0500 |
|---|---|---|
| committer | Frederick Muriuki Muriithi | 2024-08-05 09:52:18 -0500 |
| commit | d3fd64fb5237febb9628c4ccbd259969327ab2ec (patch) | |
| tree | 81ef0ec177188ca80b6f95c277bf9684cfaddccd /uploader/dbinsert.py | |
| parent | 09642e11e318d149cf628d6b536e04443845665d (diff) | |
| download | gn-uploader-d3fd64fb5237febb9628c4ccbd259969327ab2ec.tar.gz | |
Put endpoints behind an authorisation check
Put all endpoints that cause data changes behind authorisation.
Diffstat (limited to 'uploader/dbinsert.py')
| -rw-r--r-- | uploader/dbinsert.py | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/uploader/dbinsert.py b/uploader/dbinsert.py index 88d16ef..66b0c41 100644 --- a/uploader/dbinsert.py +++ b/uploader/dbinsert.py @@ -11,6 +11,7 @@ from flask import ( flash, request, url_for, Blueprint, redirect, render_template, current_app as app) +from uploader.authorisation import require_login from uploader.db_utils import with_db_connection, database_connection from uploader.db import species, species_by_id, populations_by_species @@ -90,6 +91,7 @@ def tissues() -> tuple: return tuple() @dbinsertbp.route("/platform", methods=["POST"]) +@require_login def select_platform(): "Select the platform (GeneChipId) used for the data." job_id = request.form["job_id"] @@ -113,6 +115,7 @@ def select_platform(): return render_error("Unknown error") @dbinsertbp.route("/study", methods=["POST"]) +@require_login def select_study(): "View to select/create the study (ProbeFreeze) associated with the data." form = request.form @@ -142,6 +145,7 @@ def select_study(): return render_error(f"Missing data: {aserr.args[0]}") @dbinsertbp.route("/create-study", methods=["POST"]) +@require_login def create_study(): "Create a new study (ProbeFreeze)." form = request.form @@ -218,6 +222,7 @@ def dataset_datascales() -> tuple: return tuple() @dbinsertbp.route("/dataset", methods=["POST"]) +@require_login def select_dataset(): "Select the dataset to add the file contents against" form = request.form @@ -238,6 +243,7 @@ def select_dataset(): return render_error(f"Missing data: {aserr.args[0]}") @dbinsertbp.route("/create-dataset", methods=["POST"]) +@require_login def create_dataset(): "Select the dataset to add the file contents against" form = request.form @@ -317,6 +323,7 @@ def selected_keys(original: dict, keys: tuple) -> dict: return {key: value for key,value in original.items() if key in keys} @dbinsertbp.route("/final-confirmation", methods=["POST"]) +@require_login def final_confirmation(): "Preview the data before triggering entry into the database" form = request.form @@ -352,6 +359,7 @@ def final_confirmation(): return render_error(f"Missing data: {aserr.args[0]}") @dbinsertbp.route("/insert-data", methods=["POST"]) +@require_login def insert_data(): "Trigger data insertion" form = request.form |