From c3c3b70030f7007d30adcf411147bef528c4e6dc Mon Sep 17 00:00:00 2001
From: Patrick Jentsch
Date: Sun, 22 Nov 2020 16:01:59 +0100
Subject: [PATCH] Change the verification, it a user is allowed to view a
corpus_file
---
web/app/corpora/views.py | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/web/app/corpora/views.py b/web/app/corpora/views.py
index 13874243..95f8681d 100644
--- a/web/app/corpora/views.py
+++ b/web/app/corpora/views.py
@@ -242,12 +242,12 @@ def download_corpus_file(corpus_id, corpus_file_id):
methods=['GET', 'POST'])
@login_required
def corpus_file(corpus_id, corpus_file_id):
- corpus_file = CorpusFile.query.get_or_404(corpus_file_id)
- if corpus_file.corpus_id != corpus_id:
- abort(404)
- if not (corpus_file.corpus.creator == current_user
- or current_user.is_administrator()):
+ corpus = Corpus.query.get_or_404(corpus_id)
+ if not (corpus.creator == current_user or current_user.is_administrator()):
abort(403)
+ corpus_file = CorpusFile.query.get_or_404(corpus_file_id)
+ if corpus_file.corpus != corpus:
+ abort(404)
form = EditCorpusFileForm(prefix='edit-corpus-file-form')
if form.validate_on_submit():
corpus_file.address = form.address.data
@@ -292,9 +292,9 @@ def prepare_corpus(corpus_id):
abort(403)
if corpus.files.all():
tasks.build_corpus(corpus_id)
- flash('Corpus "{}" has been marked to get build!', 'corpus')
+ flash('Corpus "{}" has been marked to get build!'.format(corpus.title), 'corpus') # noqa
else:
- flash('Can not build corpus "{}": No corpus file(s)!', 'error')
+ flash('Can not build corpus "{}": No corpus file(s)!'.format(corpus.title), 'error') # noqa
return redirect(url_for('.corpus', corpus_id=corpus_id))