Commit c3117006 authored by Mathieu Giraud's avatar Mathieu Giraud
Browse files

Merge branch 'hotfix-s/880-download-results-permission' into 'dev'

Check permissions before retrieving results

Closes vdj#880

See merge request !476
parents ee7e0c6d 174379c4
Pipeline #80983 failed with stages
in 22 minutes and 22 seconds
......@@ -287,6 +287,13 @@ def result_files():
if isinstance(sample_set_ids, types.StringTypes):
sample_set_ids = [sample_set_ids]
permissions = [auth.can_view_sample_set(int(id)) for id in sample_set_ids]
if sum(permissions) < len(permissions):
res = {"message": "You don't have permissions to access those sample sets"}
log.error("An error occured when creating archive of sample_sets %s" % str(sample_set_ids))
return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
if int(config_id) == -1:
config_query = (db.results_file.config_id > 0)
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment