Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GTC-2576 Restrict queries on licensed WDPA dataset - merge to master #453

Merged
merged 3 commits into from
Dec 27, 2023
Merged

GTC-2576 Restrict queries on licensed WDPA dataset - merge to master #453

merged 3 commits into from
Dec 27, 2023

Conversation

danscales
Copy link
Collaborator

GTC-2576 Restrict queries on licensed WDPA dataset (2nd try)

Make the protection correct, now that I understand FastAPI and its
dependencies better. The checking for whether the dataset is protected
must occur within a dependency function, since only a dependency
function for a path handler has access to the bearer token.

Added in protection for GET query/json, GET query/csv, and
their less-used POST equivalents.

Tested on staging, and it protected wdpa_licensed_protected_areas, but
I could query if I had the bearer token.

@danscales
GTC-2576 Restrict queries on licensed WDPA dataset (2nd try)
bcaca1c 
Make the protection correct, now that I understand FastAPI and its
dependencies better. The checking for whether the dataset is protected
must occur within a dependency function, since only a dependency
function for a path handler has access to the bearer token.

Added in protection for GET query/json, GET query/csv, and
their less-used POST equivalents.
@danscales
Moved PROTECTED_QUERY_DATASETS to globals.py
a23de44 
Responding to PR comments.
@danscales
Add return to is_app-admin() in is_gfwpro_admin_for_query.
05880f7
@danscales danscales merged commit 1a5002a into master Dec 27, 2023
2 checks passed
@danscales danscales deleted the gtc-2576b branch December 27, 2023 14:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@solomon-negusse solomon-negusse solomon-negusse approved these changes

@dmannarino dmannarino Awaiting requested review from dmannarino

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@danscales @solomon-negusse