Put endpoints behind an authorisation check

Put all endpoints that cause data changes behind authorisation.
author: Frederick Muriuki Muriithi 2024-07-29 14:38:32 -0500
committer: Frederick Muriuki Muriithi 2024-08-05 09:52:18 -0500
commit: d3fd64fb5237febb9628c4ccbd259969327ab2ec (patch)
tree: 81ef0ec177188ca80b6f95c277bf9684cfaddccd /uploader/parse.py
parent: 09642e11e318d149cf628d6b536e04443845665d (diff)
download: gn-uploader-d3fd64fb5237febb9628c4ccbd259969327ab2ec.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/uploader/parse.py b/uploader/parse.py
index 865dae2..dea4f95 100644
--- a/uploader/parse.py
+++ b/uploader/parse.py
@@ -11,6 +11,7 @@ from quality_control.errors import InvalidValue, DuplicateHeading
 from uploader import jobs
 from uploader.dbinsert import species_by_id
 from uploader.db_utils import with_db_connection
+from uploader.authorisation import require_login
 
 parsebp = Blueprint("parse", __name__)
 
@@ -23,6 +24,7 @@ def isduplicateheading(item):
     return isinstance(item, DuplicateHeading)
 
 @parsebp.route("/parse", methods=["GET"])
+@require_login
 def parse():
     """Trigger file parsing"""
     errors = False
@@ -160,6 +162,7 @@ def fail(job_id: str):
     return render_template("no_such_job.html", job_id=job_id)
 
 @parsebp.route("/abort", methods=["POST"])
+@require_login
 def abort():
     """Handle user request to abort file processing"""
     job_id = request.form["job_id"]
author	Frederick Muriuki Muriithi	2024-07-29 14:38:32 -0500
committer	Frederick Muriuki Muriithi	2024-08-05 09:52:18 -0500
commit	d3fd64fb5237febb9628c4ccbd259969327ab2ec (patch)
tree	81ef0ec177188ca80b6f95c277bf9684cfaddccd /uploader/parse.py
parent	09642e11e318d149cf628d6b536e04443845665d (diff)
download	gn-uploader-d3fd64fb5237febb9628c4ccbd259969327ab2ec.tar.gz