Skip to content
Snippets Groups Projects

New auth behaviour

Merged New auth behaviour
master into production
Merged Tim Repke requested to merge master into production
Viewing commit a76f3477
Prev
Show latest version
2 files
+ 14
2
Compare changes
  • Side-by-side
  • Inline
Files
2
server/api/routes/annotations.py
+ 4
1
@@ -199,7 +199,7 @@ async def get_assignment(assignment_id: str,
permissions=Depends(UserPermissionChecker('annotations_read'))):
assignment = await read_assignment(assignment_id=assignment_id, db_engine=db_engine)
if assignment.user_id != permissions.user.user_id:
if (assignment is None) or (assignment.user_id != permissions.user.user_id):
raise HTTPException(status_code=http_status.HTTP_401_UNAUTHORIZED,
detail='You do not have permission to handle this assignment, as it is not yours!')
@@ -299,6 +299,9 @@ async def save_annotation(annotated_item: AnnotatedItem,
assignment_db = await read_assignment(assignment_id=annotated_item.assignment.assignment_id, db_engine=db_engine)
if assignment_db is None:
raise MissingInformationError('No assignment found!')
if permissions.user.user_id == assignment_db.user_id \
and str(assignment_db.assignment_scope_id) == annotated_item.assignment.assignment_scope_id \
and str(assignment_db.item_id) == annotated_item.assignment.item_id \