diff options
| author | Frederick Muriuki Muriithi | 2024-07-29 14:38:32 -0500 |
|---|---|---|
| committer | Frederick Muriuki Muriithi | 2024-08-05 09:52:18 -0500 |
| commit | d3fd64fb5237febb9628c4ccbd259969327ab2ec (patch) | |
| tree | 81ef0ec177188ca80b6f95c277bf9684cfaddccd /uploader/samples.py | |
| parent | 09642e11e318d149cf628d6b536e04443845665d (diff) | |
| download | gn-uploader-d3fd64fb5237febb9628c4ccbd259969327ab2ec.tar.gz | |
Put endpoints behind an authorisation check
Put all endpoints that cause data changes behind authorisation.
Diffstat (limited to 'uploader/samples.py')
| -rw-r--r-- | uploader/samples.py | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/uploader/samples.py b/uploader/samples.py index 9c95770..7a80336 100644 --- a/uploader/samples.py +++ b/uploader/samples.py @@ -22,6 +22,7 @@ from functional_tools import take from uploader import jobs from uploader.files import save_file +from uploader.authorisation import require_login from uploader.input_validation import is_integer_input from uploader.db_utils import ( with_db_connection, @@ -37,6 +38,7 @@ from uploader.db import ( samples = Blueprint("samples", __name__) @samples.route("/upload/species", methods=["GET", "POST"]) +@require_login def select_species(): """Select the species.""" if request.method == "GET": @@ -58,6 +60,7 @@ def select_species(): @samples.route("/upload/species/<int:species_id>/create-population", methods=["POST"]) +@require_login def create_population(species_id: int): """Create new grouping/population.""" if not is_integer_input(species_id): @@ -100,6 +103,7 @@ def create_population(species_id: int): @samples.route("/upload/species/<int:species_id>/population", methods=["GET", "POST"]) +@require_login def select_population(species_id: int): """Select from existing groupings/populations.""" if not is_integer_input(species_id): @@ -233,6 +237,7 @@ def build_sample_upload_job(# pylint: disable=[too-many-arguments] @samples.route("/upload/species/<int:species_id>/populations/<int:population_id>/samples", methods=["GET", "POST"]) +@require_login def upload_samples(species_id: int, population_id: int):#pylint: disable=[too-many-return-statements] """Upload the samples.""" samples_uploads_page = redirect(url_for("samples.upload_samples", |