Commit 174379c4 authored by Mikaël Salson's avatar Mikaël Salson
Browse files Check permissions before retrieving results

Fix vdj#880
parent 5f449d1a
Pipeline #80186 passed with stages
in 6 minutes and 36 seconds
......@@ -287,6 +287,13 @@ def result_files():
if isinstance(sample_set_ids, types.StringTypes):
sample_set_ids = [sample_set_ids]
permissions = [auth.can_view_sample_set(int(id)) for id in sample_set_ids]
if sum(permissions) < len(permissions):
res = {"message": "You don't have permissions to access those sample sets"}
log.error("An error occured when creating archive of sample_sets %s" % str(sample_set_ids))
return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
if int(config_id) == -1:
config_query = (db.results_file.config_id > 0)
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment