This is an automated email from the ASF dual-hosted git repository. machristie pushed a commit to branch AIRAVATA-3682 in repository https://gitbox.apache.org/repos/asf/airavata-django-portal.git
commit 751cef0b0a515899be8e16b65f880bac825e821e Author: Marcus Christie <[email protected]> AuthorDate: Tue Feb 21 10:05:20 2023 -0500 AIRAVATA-3682 Secure shared dir in PUT /api/data-products --- django_airavata/apps/api/view_utils.py | 2 +- django_airavata/apps/api/views.py | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/django_airavata/apps/api/view_utils.py b/django_airavata/apps/api/view_utils.py index c7f4e35b..bda38db6 100644 --- a/django_airavata/apps/api/view_utils.py +++ b/django_airavata/apps/api/view_utils.py @@ -271,7 +271,7 @@ class BaseSharedDirPermission(permissions.BasePermission): class DataProductSharedDirPermission(BaseSharedDirPermission): def get_path(self, request, view) -> str: - data_product_uri = request.GET.get('data-product-uri', '') + data_product_uri = request.query_params.get('data-product-uri', request.query_params.get('product-uri', '')) file_metadata = user_storage.get_data_product_metadata(request, data_product_uri=data_product_uri) return file_metadata["path"] diff --git a/django_airavata/apps/api/views.py b/django_airavata/apps/api/views.py index 5701a901..b8f22d87 100644 --- a/django_airavata/apps/api/views.py +++ b/django_airavata/apps/api/views.py @@ -815,6 +815,7 @@ class LocalDataMovementView(APIView): class DataProductView(APIView): serializer_class = serializers.DataProductSerializer + permission_classes = [IsAuthenticated, DataProductSharedDirPermission] def get(self, request, format=None): data_product_uri = request.query_params['product-uri']
