Add checks if the user is allowed to start an analysis.

app/corpora/events.py

@@ -2,19 +2,19 @@ from app import db, socketio
 from app.events import connected_sessions
 from app.models import Corpus
 from flask import current_app, request
-from flask_login import login_required
+from flask_login import current_user, login_required
 from .CQiWrapper.CQiWrapper import CQiWrapper
 import logging
 
 
 '''
-' A dictionary containing lists of with corpus ids associated Socket.IO session
-' ids (sid). {<corpus_id>: [<sid>, ...], ...}
+' A dictionary containing lists of, with corpus ids associated, Socket.IO
+' session ids (sid). {<corpus_id>: [<sid>, ...], ...}
 '''
 analysis_sessions = {}
 '''
 ' A dictionary containing Socket.IO session id - CQi client pairs.
-' {<sid>: CQi client, ...}
+' {<sid>: CQiClient, ...}
 '''
 analysis_clients = {}
 
@@ -22,7 +22,13 @@ analysis_clients = {}
 @socketio.on('init_corpus_analysis')
 @login_required
 def init_corpus_analysis(corpus_id):
-    ''' TODO: Check if current_user is allowed to subscribe to this '''
+    corpus = Corpus.query.filter_by(id=corpus_id).first()
+    if corpus is None:
+        socketio.emit('init_corpus_analysis', '[ERROR 404]: Not Found',
+                      room=request.sid)
+    if not (corpus.creator == current_user or current_user.is_administrator()):
+        socketio.emit('init_corpus_analysis', '[ERROR 403]: Forbidden',
+                      room=request.sid)
     if str(corpus_id) not in analysis_sessions:
         analysis_sessions[str(corpus_id)] = [request.sid]
     socketio.start_background_task(observe_corpus_analysis_connection,
@@ -31,6 +37,7 @@ def init_corpus_analysis(corpus_id):
 
 
 @socketio.on('query_event')
+@login_required
 def recv_query(message):
     logger = logging.getLogger(__name__)
     logger.warning(message)