diff --git a/app/authentication/token.py b/app/authentication/token.py index facfe2fe0..10e817000 100644 --- a/app/authentication/token.py +++ b/app/authentication/token.py @@ -7,17 +7,13 @@ from ..routes import dataset_dependency from ..utils.rw_api import who_am_i +from ..settings.globals import PROTECTED_QUERY_DATASETS # token dependency where we immediately cause an exception if there is no auth token oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/token") # token dependency where we don't cause exception if there is no auth token oauth2_scheme_no_auto = OAuth2PasswordBearer(tokenUrl="/token", auto_error=False) -# Datasets that require admin privileges to do a query. (Extra protection on -# commercial datasets which shouldn't be downloaded in any way.) -PROTECTED_QUERY_DATASETS = ["wdpa_licensed_protected_areas"] - - async def is_service_account(token: str = Depends(oauth2_scheme)) -> bool: """Calls GFW API to authorize user. diff --git a/app/routes/datasets/queries.py b/app/routes/datasets/queries.py index 249c37d26..5a43fb307 100755 --- a/app/routes/datasets/queries.py +++ b/app/routes/datasets/queries.py @@ -131,6 +131,7 @@ async def query_dataset_json( GeostoreOrigin.gfw, description="Service to search first for geostore." ), is_authorized: bool = Depends(is_gfwpro_admin_for_query), + # api_key: APIKey = Depends(get_api_key), ): """Execute a READ-ONLY SQL query on the given dataset version (if implemented) and return response in JSON format. @@ -192,6 +193,7 @@ async def query_dataset_csv( Delimiters.comma, description="Delimiter to use for CSV file." ), is_authorized: bool = Depends(is_gfwpro_admin_for_query), + # api_key: APIKey = Depends(get_api_key), ): """Execute a READ-ONLY SQL query on the given dataset version (if implemented) and return response in CSV format. @@ -254,6 +256,7 @@ async def query_dataset_json_post( dataset_version: Tuple[str, str] = Depends(dataset_version_dependency), request: QueryRequestIn, is_authorized: bool = Depends(is_gfwpro_admin_for_query), + # api_key: APIKey = Depends(get_api_key), ): """Execute a READ-ONLY SQL query on the given dataset version (if implemented).""" @@ -284,6 +287,7 @@ async def query_dataset_csv_post( dataset_version: Tuple[str, str] = Depends(dataset_version_dependency), request: CsvQueryRequestIn, is_authorized: bool = Depends(is_gfwpro_admin_for_query), + # api_key: APIKey = Depends(get_api_key), ): """Execute a READ-ONLY SQL query on the given dataset version (if implemented).""" diff --git a/app/settings/globals.py b/app/settings/globals.py index 5630c647e..018daa267 100644 --- a/app/settings/globals.py +++ b/app/settings/globals.py @@ -185,3 +185,7 @@ GOOGLE_APPLICATION_CREDENTIALS = config( "GOOGLE_APPLICATION_CREDENTIALS", cast=str, default="/root/.gcs/private_key.json" ) + +# Datasets that require admin privileges to do a query. (Extra protection on +# commercial datasets which shouldn't be downloaded in any way.) +PROTECTED_QUERY_DATASETS = ["wdpa_licensed_protected_areas"]