Skip to content

gargantext
gargantext
Commit 0fa9e74a authored by Romain Loth's avatar Romain Loth
Browse files
Options

[OK] import/export terms table: check user credentials before change

parent 86820641
Hide whitespace changes
Inline Side-by-side
Showing with 10 additions and 2 deletions
gargantext/views/api/ngramlists.py
View file @ 0fa9e74a
...@@ -66,14 +66,22 @@ class CSVLists(APIView): ...@@ -66,14 +66,22 @@ class CSVLists(APIView):
/!\ We assume we checked the file size client-side before upload /!\ We assume we checked the file size client-side before upload
£TODO check authentication and user.id
""" """
if not request.user.is_authenticated():
res = HttpResponse("Unauthorized")
res.status_code = 401
return res
# this time the corpus param is the one with the target lists to be patched # this time the corpus param is the one with the target lists to be patched
params = get_parameters(request) params = get_parameters(request)
corpus_id = int(params.pop("onto_corpus")) corpus_id = int(params.pop("onto_corpus"))
corpus_node = cache.Node[corpus_id] corpus_node = cache.Node[corpus_id]
if request.user.id != corpus_node.user_id:
res = HttpResponse("Unauthorized")
res.status_code = 401
return res
# request also contains the file # request also contains the file
# csv_file has type django.core.files.uploadedfile.InMemoryUploadedFile # csv_file has type django.core.files.uploadedfile.InMemoryUploadedFile
# ---------------------- # ----------------------
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment