You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2023/02/21 21:40:41 UTC
[airavata-django-portal] 01/04: AIRAVATA-3682 Secure shared dir in PUT /api/data-products
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch AIRAVATA-3682
in repository https://gitbox.apache.org/repos/asf/airavata-django-portal.git
commit 751cef0b0a515899be8e16b65f880bac825e821e
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Tue Feb 21 10:05:20 2023 -0500
AIRAVATA-3682 Secure shared dir in PUT /api/data-products
---
django_airavata/apps/api/view_utils.py | 2 +-
django_airavata/apps/api/views.py | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/django_airavata/apps/api/view_utils.py b/django_airavata/apps/api/view_utils.py
index c7f4e35b..bda38db6 100644
--- a/django_airavata/apps/api/view_utils.py
+++ b/django_airavata/apps/api/view_utils.py
@@ -271,7 +271,7 @@ class BaseSharedDirPermission(permissions.BasePermission):
class DataProductSharedDirPermission(BaseSharedDirPermission):
def get_path(self, request, view) -> str:
- data_product_uri = request.GET.get('data-product-uri', '')
+ data_product_uri = request.query_params.get('data-product-uri', request.query_params.get('product-uri', ''))
file_metadata = user_storage.get_data_product_metadata(request, data_product_uri=data_product_uri)
return file_metadata["path"]
diff --git a/django_airavata/apps/api/views.py b/django_airavata/apps/api/views.py
index 5701a901..b8f22d87 100644
--- a/django_airavata/apps/api/views.py
+++ b/django_airavata/apps/api/views.py
@@ -815,6 +815,7 @@ class LocalDataMovementView(APIView):
class DataProductView(APIView):
serializer_class = serializers.DataProductSerializer
+ permission_classes = [IsAuthenticated, DataProductSharedDirPermission]
def get(self, request, format=None):
data_product_uri = request.query_params['product-uri']