Skip to content
Snippets Groups Projects
Commit ed195af6 authored by Inga Kirschnick's avatar Inga Kirschnick
Browse files

corpus follower permission decorator update

parent b1586b36
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 6 additions and 6 deletions
app/corpora/routes.py
+ 6
6
View file @ ed195af6
...@@ -219,12 +219,9 @@ def delete_corpus(corpus_id): ...@@ -219,12 +219,9 @@ def delete_corpus(corpus_id):
@bp.route('/<hashid:corpus_id>/analyse') @bp.route('/<hashid:corpus_id>/analyse')
@login_required @login_required
@corpus_follower_permission_required('VIEW')
def analyse_corpus(corpus_id): def analyse_corpus(corpus_id):
corpus = Corpus.query.get_or_404(corpus_id) corpus = Corpus.query.get_or_404(corpus_id)
if not (corpus.user == current_user
or current_user.is_administrator()
or current_user.is_following_corpus(corpus)):
abort(403)
return render_template( return render_template(
'corpora/analyse_corpus.html.j2', 'corpora/analyse_corpus.html.j2',
corpus=corpus, corpus=corpus,
...@@ -234,6 +231,7 @@ def analyse_corpus(corpus_id): ...@@ -234,6 +231,7 @@ def analyse_corpus(corpus_id):
@bp.route('/<hashid:corpus_id>/build', methods=['POST']) @bp.route('/<hashid:corpus_id>/build', methods=['POST'])
@login_required @login_required
@corpus_owner_or_admin_required()
def build_corpus(corpus_id): def build_corpus(corpus_id):
def _build_corpus(app, corpus_id): def _build_corpus(app, corpus_id):
with app.app_context(): with app.app_context():
...@@ -258,6 +256,7 @@ def build_corpus(corpus_id): ...@@ -258,6 +256,7 @@ def build_corpus(corpus_id):
@bp.route('/<hashid:corpus_id>/files/create', methods=['GET', 'POST']) @bp.route('/<hashid:corpus_id>/files/create', methods=['GET', 'POST'])
@login_required @login_required
@corpus_follower_permission_required('ADD_CORPUS_FILE')
def create_corpus_file(corpus_id): def create_corpus_file(corpus_id):
corpus = Corpus.query.get_or_404(corpus_id) corpus = Corpus.query.get_or_404(corpus_id)
if not (corpus.user == current_user or current_user.is_administrator()): if not (corpus.user == current_user or current_user.is_administrator()):
...@@ -305,10 +304,9 @@ def create_corpus_file(corpus_id): ...@@ -305,10 +304,9 @@ def create_corpus_file(corpus_id):
@bp.route('/<hashid:corpus_id>/files/<hashid:corpus_file_id>', methods=['GET', 'POST']) @bp.route('/<hashid:corpus_id>/files/<hashid:corpus_file_id>', methods=['GET', 'POST'])
@login_required @login_required
@corpus_follower_permission_required('ADD_CORPUS_FILE', 'UPDATE_CORPUS_FILE', 'REMOVE_CORPUS_FILE')
def corpus_file(corpus_id, corpus_file_id): def corpus_file(corpus_id, corpus_file_id):
corpus_file = CorpusFile.query.filter_by(corpus_id = corpus_id, id=corpus_file_id).first_or_404() corpus_file = CorpusFile.query.filter_by(corpus_id = corpus_id, id=corpus_file_id).first_or_404()
if not (corpus_file.corpus.user == current_user or current_user.is_administrator()):
abort(403)
form = UpdateCorpusFileForm(data=corpus_file.to_json_serializeable()) form = UpdateCorpusFileForm(data=corpus_file.to_json_serializeable())
if form.validate_on_submit(): if form.validate_on_submit():
form.populate_obj(corpus_file) form.populate_obj(corpus_file)
...@@ -329,6 +327,7 @@ def corpus_file(corpus_id, corpus_file_id): ...@@ -329,6 +327,7 @@ def corpus_file(corpus_id, corpus_file_id):
@bp.route('/<hashid:corpus_id>/files/<hashid:corpus_file_id>', methods=['DELETE']) @bp.route('/<hashid:corpus_id>/files/<hashid:corpus_file_id>', methods=['DELETE'])
@login_required @login_required
@corpus_follower_permission_required('REMOVE_CORPUS_FILE')
def delete_corpus_file(corpus_id, corpus_file_id): def delete_corpus_file(corpus_id, corpus_file_id):
def _delete_corpus_file(app, corpus_file_id): def _delete_corpus_file(app, corpus_file_id):
with app.app_context(): with app.app_context():
...@@ -349,6 +348,7 @@ def delete_corpus_file(corpus_id, corpus_file_id): ...@@ -349,6 +348,7 @@ def delete_corpus_file(corpus_id, corpus_file_id):
@bp.route('/<hashid:corpus_id>/files/<hashid:corpus_file_id>/download') @bp.route('/<hashid:corpus_id>/files/<hashid:corpus_file_id>/download')
@login_required @login_required
@corpus_follower_permission_required('VIEW')
def download_corpus_file(corpus_id, corpus_file_id): def download_corpus_file(corpus_id, corpus_file_id):
corpus_file = CorpusFile.query.filter_by(corpus_id = corpus_id, id=corpus_file_id).first_or_404() corpus_file = CorpusFile.query.filter_by(corpus_id = corpus_id, id=corpus_file_id).first_or_404()
if not (corpus_file.corpus.user == current_user or current_user.is_administrator()): if not (corpus_file.corpus.user == current_user or current_user.is_administrator()):
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment