Skip to content

Commit

Permalink
Protect access to PlotViewer routes
Browse files Browse the repository at this point in the history
  • Loading branch information
Javier Barbero committed Nov 28, 2022
1 parent c55b48f commit 839d41b
Showing 1 changed file with 8 additions and 8 deletions.
16 changes: 8 additions & 8 deletions signac_dashboard/modules/plot_viewer.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
# This software is licensed under the BSD 3-Clause License.
from typing import Callable, Dict, Iterable, List, Tuple, Union

import flask_login
from flask import abort, render_template
from jinja2.exceptions import TemplateNotFound
from signac import Project
Expand All @@ -12,13 +13,6 @@
from signac_dashboard.module import Module


def plot_viewer_asset(filename):
try:
return render_template(f"plot_viewer/{filename}")
except TemplateNotFound:
abort(404, "The file requested does not exist.")


class PlotViewer(Module):
"""Displays a plot associated with the job.
Expand Down Expand Up @@ -96,7 +90,13 @@ def get_cards(self, job_or_project):

def register(self, dashboard: Dashboard):
# Register routes
dashboard.app.route("/module/plot_viewer/<path:filename>")(plot_viewer_asset)
@dashboard.app.route("/module/plot_viewer/<path:filename>")
@flask_login.login_required
def plot_viewer_asset(filename):
try:
return render_template(f"plot_viewer/{filename}")
except TemplateNotFound:
abort(404, "The file requested does not exist.")

# Register assets
assets = ["js/plot_viewer.js"]
Expand Down

0 comments on commit 839d41b

Please sign in to comment.