From 0e593a77f1b66da6141e6a58573ae4dfeed0bdfd Mon Sep 17 00:00:00 2001 From: richard-dds Date: Mon, 26 Aug 2019 10:26:26 -0400 Subject: [PATCH] Add permission check to upload_token route --- atst/routes/__init__.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/atst/routes/__init__.py b/atst/routes/__init__.py index eba02c3e..fe916c5b 100644 --- a/atst/routes/__init__.py +++ b/atst/routes/__init__.py @@ -21,6 +21,8 @@ from atst.domain.users import Users from atst.domain.authnid import AuthenticationContext from atst.domain.auth import logout as _logout from atst.utils.flash import formatted_flash as flash +from atst.models.permissions import Permissions +from atst.domain.authz.decorator import user_can_access_decorator as user_can bp = Blueprint("atst", __name__) @@ -43,6 +45,7 @@ def root(): @bp.route("/upload-token") +@user_can(Permissions.CREATE_TASK_ORDER, message="edit task order form") def upload_token(): (token, object_name) = app.csp.files.get_token() render_args = {"token": token, "objectName": object_name}