Add checks if the user is allowed to start an analysis.

2024-11-15 01:05:42 +00:00 · 2019-11-12 12:04:07 +01:00 · 2019-11-12 12:04:07 +01:00 · b0c6bb9c05
commit b0c6bb9c05
parent 19f1dea4fa
1 changed files with 13 additions and 6 deletions
--- a/app/corpora/events.py
+++ b/app/corpora/events.py
@ -2,19 +2,19 @@ from app import db, socketio
 from app.events import connected_sessions
 from app.models import Corpus
 from flask import current_app, request
-from flask_login import login_required
+from flask_login import current_user, login_required
 from .CQiWrapper.CQiWrapper import CQiWrapper
 import logging


 '''
-' A dictionary containing lists of with corpus ids associated Socket.IO session
-' ids (sid). {<corpus_id>: [<sid>, ...], ...}
+' A dictionary containing lists of, with corpus ids associated, Socket.IO
+' session ids (sid). {<corpus_id>: [<sid>, ...], ...}
 '''
 analysis_sessions = {}
 '''
 ' A dictionary containing Socket.IO session id - CQi client pairs.
-' {<sid>: CQi client, ...}
+' {<sid>: CQiClient, ...}
 '''
 analysis_clients = {}

@ -22,7 +22,13 @@ analysis_clients = {}
@socketio.on('init_corpus_analysis')
@login_required
 def init_corpus_analysis(corpus_id):
-    ''' TODO: Check if current_user is allowed to subscribe to this '''
+    corpus = Corpus.query.filter_by(id=corpus_id).first()
+    if corpus is None:
+        socketio.emit('init_corpus_analysis', '[ERROR 404]: Not Found',
+                      room=request.sid)
+    if not (corpus.creator == current_user or current_user.is_administrator()):
+        socketio.emit('init_corpus_analysis', '[ERROR 403]: Forbidden',
+                      room=request.sid)
    if str(corpus_id) not in analysis_sessions:
        analysis_sessions[str(corpus_id)] = [request.sid]
    socketio.start_background_task(observe_corpus_analysis_connection,
@ -31,6 +37,7 @@ def init_corpus_analysis(corpus_id):


@socketio.on('query_event')
+@login_required
 def recv_query(message):
    logger = logging.getLogger(__name__)
    logger.warning(message)
@ -72,4 +79,4 @@ def observe_corpus_analysis_connection(app, corpus_id, session_id):
        if not analysis_sessions[str(corpus_id)]:
            analysis_sessions.pop(str(corpus_id), None)
            corpus.status = 'stop analysis'
-        db.session.commit()
+            db.session.commit()