aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCédric Bonhomme <cedric@cedricbonhomme.org>2016-04-07 13:46:35 +0200
committerCédric Bonhomme <cedric@cedricbonhomme.org>2016-04-07 13:46:35 +0200
commitc556f75bb700d460f6ddf46daf110ffbba49e42e (patch)
tree56569f8ee6c5422cc0131857bd991df8adebc9f1
parentUpdated CHANGELOG. (diff)
downloadnewspipe-c556f75bb700d460f6ddf46daf110ffbba49e42e.tar.gz
newspipe-c556f75bb700d460f6ddf46daf110ffbba49e42e.tar.bz2
newspipe-c556f75bb700d460f6ddf46daf110ffbba49e42e.zip
Fixed a bug for non-administor users.
-rw-r--r--src/web/models/article.py10
-rw-r--r--src/web/models/feed.py10
-rw-r--r--src/web/models/right_mixin.py8
-rw-r--r--src/web/models/user.py8
4 files changed, 32 insertions, 4 deletions
diff --git a/src/web/models/article.py b/src/web/models/article.py
index d3c0bed2..0ab35b20 100644
--- a/src/web/models/article.py
+++ b/src/web/models/article.py
@@ -49,6 +49,16 @@ class Article(db.Model, RightMixin):
feed_id = db.Column(db.Integer(), db.ForeignKey('feed.id'))
category_id = db.Column(db.Integer(), db.ForeignKey('category.id'))
+ # api whitelists
+ @staticmethod
+ def _fields_base_write():
+ return {'readed', 'like', 'feed_id', 'category_id'}
+
+ @staticmethod
+ def _fields_base_read():
+ return {'id', 'entry_id', 'link', 'title', 'content', 'date',
+ 'retrieved_date', 'user_id'}
+
def previous_article(self):
"""
Returns the previous article (older).
diff --git a/src/web/models/feed.py b/src/web/models/feed.py
index ba9255e9..cc734c41 100644
--- a/src/web/models/feed.py
+++ b/src/web/models/feed.py
@@ -62,5 +62,15 @@ class Feed(db.Model, RightMixin):
cascade='all,delete-orphan',
order_by=desc("date"))
+ # api whitelists
+ @staticmethod
+ def _fields_base_write():
+ return {'title', 'description', 'link', 'site_link', 'enabled',
+ 'filters', 'last_error', 'error_count', 'category_id'}
+
+ @staticmethod
+ def _fields_base_read():
+ return {'id', 'user_id', 'icon_url', 'last_retrieved'}
+
def __repr__(self):
return '<Feed %r>' % (self.title)
diff --git a/src/web/models/right_mixin.py b/src/web/models/right_mixin.py
index c4d92008..6b2f1b67 100644
--- a/src/web/models/right_mixin.py
+++ b/src/web/models/right_mixin.py
@@ -2,19 +2,19 @@ class RightMixin:
@staticmethod
def _fields_base_write():
- return {}
+ return set()
@staticmethod
def _fields_base_read():
- return {'id'}
+ return set(['id'])
@staticmethod
def _fields_api_write():
- return {}
+ return set([])
@staticmethod
def _fields_api_read():
- return {'id'}
+ return set(['id'])
@classmethod
def fields_base_write(cls):
diff --git a/src/web/models/user.py b/src/web/models/user.py
index 4174cb0f..8ad9440b 100644
--- a/src/web/models/user.py
+++ b/src/web/models/user.py
@@ -57,6 +57,14 @@ class User(db.Model, UserMixin, RightMixin):
is_api = db.Column(db.Boolean(), default=False)
@staticmethod
+ def _fields_base_write():
+ return {'login', 'password', 'email'}
+
+ @staticmethod
+ def _fields_base_read():
+ return {'date_created', 'last_connection'}
+
+ @staticmethod
def make_valid_nickname(nickname):
return re.sub('[^a-zA-Z0-9_\.]', '', nickname)
bgstack15