diff options
author | François Schmidts <francois.schmidts@gmail.com> | 2015-04-08 12:33:40 +0200 |
---|---|---|
committer | François Schmidts <francois.schmidts@gmail.com> | 2015-04-12 14:31:06 +0200 |
commit | b343dc73e5ea4aaf1314b6b277c3806f15ac0635 (patch) | |
tree | ad31cf775685f51977b9a6dcad9e255e9087302f /pyaggr3g470r/controllers | |
parent | Updated bootstrap. (diff) | |
download | newspipe-b343dc73e5ea4aaf1314b6b277c3806f15ac0635.tar.gz newspipe-b343dc73e5ea4aaf1314b6b277c3806f15ac0635.tar.bz2 newspipe-b343dc73e5ea4aaf1314b6b277c3806f15ac0635.zip |
moving feed views related code in views.feed and massive use of url_for
Diffstat (limited to 'pyaggr3g470r/controllers')
-rw-r--r-- | pyaggr3g470r/controllers/abstract.py | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/pyaggr3g470r/controllers/abstract.py b/pyaggr3g470r/controllers/abstract.py index f1173817..8f0a8e3f 100644 --- a/pyaggr3g470r/controllers/abstract.py +++ b/pyaggr3g470r/controllers/abstract.py @@ -56,8 +56,8 @@ class AbstractController(object): if not obj: raise NotFound({'message': 'No %r (%r)' % (self._db_cls.__class__.__name__, filters)}) - if self.user_id is not None \ - and getattr(obj, self._user_id_key) != self.user_id: + + if not self._has_right_on(obj): raise Forbidden({'message': 'No authorized to access %r (%r)' % (self._db_cls.__class__.__name__, filters)}) return obj @@ -84,3 +84,8 @@ class AbstractController(object): db.session.delete(obj) db.session.commit() return obj + + def _has_right_on(self, obj): + # user_id == None is like being admin + return self.user_id is None \ + or getattr(obj, self._user_id_key, None) == self.user_id |