Merge pull request #45 from dbmi-pitt/maxsibilla/get_user_token-fix

Adding additional check for if auth_helper_instance.has_data_admin_pr…
dbmi-pitt · Sep 27, 2023 · beaa2de · beaa2de
2 parents dd582ab + 87a2cca
commit beaa2de
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/src/app.py b/src/app.py
@@ -1119,7 +1119,12 @@ def get_user_token(self, request_headers, admin_access_required=False):
             # But we also need to ensure the user belongs to Data Admin group
             # in order to execute the live reindex-all
             # Return a 403 response if the user doesn't belong to Data Admin group
-            if not self.auth_helper_instance.has_data_admin_privs(user_token):
+            has_data_admin_privs = self.auth_helper_instance.has_data_admin_privs(user_token)
+            # The user_token is flask.Response on error
+            if isinstance(has_data_admin_privs, Response):
+                # The Response.data returns binary string, need to decode
+                unauthorized_error(has_data_admin_privs.data.decode())
+            if not has_data_admin_privs:
                 forbidden_error("Access not granted")
         return user_token