def decorated(*args, **kwargs):
try:
ulapd_api = UlapdAPI()
api_key = request.headers.get('Authorization')
name = kwargs['dataset']
dataset = ulapd_api.get_dataset_by_name(name)
# Prevent 'open' datasets being accessed via API
if dataset['type'] == 'open':
raise ApplicationError(*errors.get('ulapd_ui',
'DATASET_NOT_FOUND',
filler=name),
http_code=404)
# Prevent 'confidential' datasets being available via API if user doesn't have access
if dataset['type'] == 'confidential':
try:
user_access = ulapd_api.get_user_details(
'api_key', api_key)['datasets']
except ApplicationError:
raise ApplicationError(*errors.get('ulapd_ui',
'API_KEY_ERROR',
filler=api_key),
http_code=404)
if not user_access.get(name, False):
raise ApplicationError(*errors.get('ulapd_ui',
'DATASET_NOT_FOUND',
filler=name),
http_code=404)
return f(*args, **kwargs)
except ApplicationError as e:
return jsonify({'success': False, 'error': e.message}), e.http_code
def test_get_user_details(self, mock_get):
mock_get.return_value.json.return_value = {'user_details': 'details'}
mock_get.return_value.status_code = 200
ulapd_api = UlapdAPI()
response = ulapd_api.get_user_details('email', '*****@*****.**')
self.assertEqual(response, {'user_details': 'details'})
def decorated(*args, **kwargs):
try:
if g.user:
ulapd_api = UlapdAPI()
session = dps_session.get_state()
user_details = ulapd_api.get_user_details('email', g.user)
session['user'].update(user_details)
dps_session.commit()
return f(*args, **kwargs)
except Exception as e:
raise ApplicationError(
'Something went wrong when refreshing user session: {}'.format(
e))