fix: incorrect dataset authorisation check

2026-03-01 16:10:38 +00:00
parent d3c4d883be
commit d20790ed4b
2 changed files with 17 additions and 7 deletions
--- a/server/app.py
+++ b/server/app.py
@@ -132,11 +132,20 @@ def upload_data():
        return jsonify({"error": f"An unexpected error occurred: {str(e)}"}), 500
    
@app.route('/dataset/<int:dataset_id>', methods=['GET'])
+@jwt_required()
 def get_dataset(dataset_id):
-    if stat_obj is None:
-        return jsonify({"error": "No data uploaded"}), 400
+    current_user = get_jwt_identity()
+    dataset = db.get_dataset_info(dataset_id)
+
+    if dataset.get("user_id") != int(current_user):
+        return jsonify({"error": "Unauthorized access to dataset"}), 403
    
-    return stat_obj.df.to_json(orient="records"), 200, {"Content-Type": "application/json"}
+    dataset_content = db.get_dataset_content(dataset_id)
+    
+    if dataset_content.empty:
+        return jsonify({"error": "Dataset content not found"}), 404
+
+    return jsonify(dataset_content.to_dict(orient="records")), 200

@app.route('/stats/content', methods=['GET'])
 def word_frequencies():