Commit 797f3a51 authored by HERBERT Ryan's avatar HERBERT Ryan
Browse files

VidjilAuth Apply new sample_set-specific permission checks

parent 953ecbd2
......@@ -131,7 +131,7 @@ def run_request():
id_config = None
else:
id_config = request.vars["config_id"]
if not auth.can_process_file():
if not auth.can_process_sample_set(request.vars['sample_set_id']):
error += "permission needed"
id_sample_set = request.vars["sample_set_id"]
......
......@@ -14,16 +14,17 @@ if request.env.http_origin:
response.headers['Access-Control-Max-Age'] = 86400
def add():
if not auth.can_upload_file():
def add():
sample_set = db.sample_set[request.vars["id"]]
if not auth.can_upload_sample_set(sample_set.id):
return error_message("you don't have right to upload files")
else:
patient_id = None
run_id = None
if db.sample_set[request.vars["id"]].sample_type == "patient" :
if sample_set.sample_type == "patient" :
patient_id = db( db.patient.sample_set_id == request.vars["id"]).select()[0].id
if db.sample_set[request.vars["id"]].sample_type == "run" :
if sample_set.sample_type == "run" :
run_id = db( db.run.sample_set_id == request.vars["id"]).select()[0].id
......
......@@ -154,7 +154,7 @@ def index():
config_id=config_id,
info=info_file,
can_modify=auth.can_modify_sample_set(sample_set_id),
can_upload=auth.can_upload_file(),
can_upload=auth.can_upload_sample_set(sample_set_id),
fused_count=fused_count,
fused_file=fused_file,
fused_filename=fused_filename,
......
......@@ -16,7 +16,7 @@
<div class="db_block_left"> {{=info["label"]}} </div>
<div class="db_block_right"> {{if auth.can_process_file() :}}
<div class="db_block_right"> {{if auth.can_process_sample_set(request.vars['id']) :}}
config
<span>
<select id="choose_config" name="config" onchange="db.call('sample_set/index', {'id' :'{{=request.vars['id']}}', 'config_id' : this.value})">
......@@ -116,7 +116,7 @@
type="application/octet-stream">dl</a>
{{pass}}
</td>
{{if can_modify and auth.can_process_file():}}
{{if can_modify and auth.can_process_sample_set(request.vars['id']):}}
<td class="pointer" onclick="db.call('results_file/confirm', {'results_file_id' :'{{=row.results_file.id}}'})" > <i class="icon-erase" title="delete process"></i> </td>
{{else:}}
<td></td>
......@@ -126,7 +126,7 @@
{{pass}}
<td>
{{if row.sequence_file.data_file != None and ( row.results_file.id == None or ( status != "RUNNING" and status != "QUEUED" and status != "ASSIGNED") ):}}
{{if auth.can_process_file() and auth.can_use_config(config_id) :}}
{{if auth.can_process_sample_set(request.vars['id']) and auth.can_use_config(config_id) :}}
<span class="button" onclick="db.call('default/run_request', { 'sequence_file_id' : '{{=row.sequence_file.id}}', 'sample_set_id' : {{=request.vars["id"]}}, 'config_id' : {{=config_id}} } )"> run >> </span>
sample_set_id = fake_sample_set_id
{{pass}}
......@@ -149,7 +149,7 @@
{{=info["info"]}}
{{if can_upload: }}
{{if not auth.can_process_file() :}}
{{if not auth.can_process_sample_set(request.vars['id']) :}}
<br /> Once your data are uploaded, please
<a href="mailto:contact@vidjil.org?Subject=%5Bvidjil%5D%20New%20sequences&Body=%0AHi%2C%0A%0AI%20uploaded%20some%20sequences%20on%20the%20rbx.vidjil.org%20server.%0ACould%20you%20run%20Vidjil%20on%20these%20data%20%3F%0A%0A">request an analysis</a>.
{{pass}}
......@@ -157,7 +157,7 @@
{{pass}}
{{if auth.can_process_file() :}}
{{if auth.can_process_sample_set(request.vars['id']) :}}
<!--
<div class="db_block_right">
<b>News (2015-May-08)</b>
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment