From d3fd64fb5237febb9628c4ccbd259969327ab2ec Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Mon, 29 Jul 2024 14:38:32 -0500
Subject: Put endpoints behind an authorisation check

Put all endpoints that cause data changes behind authorisation.
---
 uploader/parse.py | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'uploader/parse.py')

diff --git a/uploader/parse.py b/uploader/parse.py
index 865dae2..dea4f95 100644
--- a/uploader/parse.py
+++ b/uploader/parse.py
@@ -11,6 +11,7 @@ from quality_control.errors import InvalidValue, DuplicateHeading
 from uploader import jobs
 from uploader.dbinsert import species_by_id
 from uploader.db_utils import with_db_connection
+from uploader.authorisation import require_login
 
 parsebp = Blueprint("parse", __name__)
 
@@ -23,6 +24,7 @@ def isduplicateheading(item):
     return isinstance(item, DuplicateHeading)
 
 @parsebp.route("/parse", methods=["GET"])
+@require_login
 def parse():
     """Trigger file parsing"""
     errors = False
@@ -160,6 +162,7 @@ def fail(job_id: str):
     return render_template("no_such_job.html", job_id=job_id)
 
 @parsebp.route("/abort", methods=["POST"])
+@require_login
 def abort():
     """Handle user request to abort file processing"""
     job_id = request.form["job_id"]
-- 
cgit v1.2.3