Add admin_required and login_required

43071ac8 · Bjarke Madsen · a8e3c050 · 43071ac8
Commit 43071ac8 authored 2 years ago by Bjarke Madsen
--- a/compendium_v2/routes/survey.py
+++ b/compendium_v2/routes/survey.py
@@ -3,6 +3,7 @@ from enum import Enum
 from typing import Any, TypedDict, List, Dict
 from flask import Blueprint, jsonify, request
+from flask_login import login_required
 from sqlalchemy import select
 from sqlalchemy.orm import joinedload, load_only
@@ -10,6 +11,7 @@ from compendium_v2.db import db
 from compendium_v2.db.model import NREN
 from compendium_v2.db.survey_model import Survey, SurveyResponse, SurveyStatus, ResponseStatus
 from compendium_v2.routes import common
+from compendium_v2.auth.session_management import admin_required
 routes = Blueprint('survey', __name__)
@@ -66,9 +68,9 @@ class VerificationStatus(str, Enum):
    Edited = "edited"             # a question for which last years answer was edited
-# TODO admin only
 @routes.route('/list', methods=['GET'])
 @common.require_accepts_json
+@admin_required
 def list_surveys() -> Any:
    """
    retrieve a list of surveys and responses, including their status
@@ -119,9 +121,9 @@ def list_surveys() -> Any:
    return jsonify(entries)
-# TODO admin only
 @routes.route('/new', methods=['POST'])
 @common.require_accepts_json
+@admin_required
 def start_new_survey() -> Any:
    """
    endpoint to initiate a new survey
@@ -148,9 +150,9 @@ def start_new_survey() -> Any:
    return {'success': True}
-# TODO admin only
 @routes.route('/open/<int:year>', methods=['POST'])
 @common.require_accepts_json
+@admin_required
 def open_survey(year) -> Any:
    """
    endpoint to open a survey to the nrens
@@ -174,9 +176,9 @@ def open_survey(year) -> Any:
    return {'success': True}
-# TODO admin only
 @routes.route('/close/<int:year>', methods=['POST'])
 @common.require_accepts_json
+@admin_required
 def close_survey(year) -> Any:
    """
    endpoint to close a survey to the nrens
@@ -196,9 +198,9 @@ def close_survey(year) -> Any:
    return {'success': True}
-# TODO admin only
 @routes.route('/publish/<int:year>', methods=['POST'])
 @common.require_accepts_json
+@admin_required
 def publish_survey(year) -> Any:
    """
    endpoint to publish a survey to the compendium website
@@ -223,9 +225,9 @@ def publish_survey(year) -> Any:
    return {'success': True}
-# TODO admin only
 @routes.route('/try/<int:year>', methods=['GET'])
 @common.require_accepts_json
+@admin_required
 def try_survey(year) -> Any:
    """
    Get a survey without any associated nren for trying out the survey.
@@ -249,9 +251,9 @@ def try_survey(year) -> Any:
    })
-# TODO admin only
 @routes.route('/inspect/<int:year>', methods=['GET'])
 @common.require_accepts_json
+@admin_required
 def inspect_survey(year) -> Any:
    """
    Get a survey without any associated nren for inspecting all questions.
@@ -289,6 +291,7 @@ def inspect_survey(year) -> Any:
 @routes.route('/load/<int:year>/<string:nren_name>', methods=['GET'])
 @common.require_accepts_json
+@login_required
 def load_survey(year, nren_name) -> Any:
    """
    Get a survey for an nren.
@@ -343,6 +346,7 @@ def load_survey(year, nren_name) -> Any:
 @routes.route('/save/<int:year>/<string:nren_name>', methods=['POST'])
 @common.require_accepts_json
+@login_required
 def save_survey(year, nren_name) -> Any:
    """
    endpoint to save a survey response