aboutsummaryrefslogtreecommitdiff
path: root/pyaggr3g470r/controllers
diff options
context:
space:
mode:
authorFrançois Schmidts <francois.schmidts@gmail.com>2015-04-08 12:33:40 +0200
committerFrançois Schmidts <francois.schmidts@gmail.com>2015-04-12 14:31:06 +0200
commitb343dc73e5ea4aaf1314b6b277c3806f15ac0635 (patch)
treead31cf775685f51977b9a6dcad9e255e9087302f /pyaggr3g470r/controllers
parentUpdated bootstrap. (diff)
downloadnewspipe-b343dc73e5ea4aaf1314b6b277c3806f15ac0635.tar.gz
newspipe-b343dc73e5ea4aaf1314b6b277c3806f15ac0635.tar.bz2
newspipe-b343dc73e5ea4aaf1314b6b277c3806f15ac0635.zip
moving feed views related code in views.feed and massive use of url_for
Diffstat (limited to 'pyaggr3g470r/controllers')
-rw-r--r--pyaggr3g470r/controllers/abstract.py9
1 files changed, 7 insertions, 2 deletions
diff --git a/pyaggr3g470r/controllers/abstract.py b/pyaggr3g470r/controllers/abstract.py
index f1173817..8f0a8e3f 100644
--- a/pyaggr3g470r/controllers/abstract.py
+++ b/pyaggr3g470r/controllers/abstract.py
@@ -56,8 +56,8 @@ class AbstractController(object):
if not obj:
raise NotFound({'message': 'No %r (%r)'
% (self._db_cls.__class__.__name__, filters)})
- if self.user_id is not None \
- and getattr(obj, self._user_id_key) != self.user_id:
+
+ if not self._has_right_on(obj):
raise Forbidden({'message': 'No authorized to access %r (%r)'
% (self._db_cls.__class__.__name__, filters)})
return obj
@@ -84,3 +84,8 @@ class AbstractController(object):
db.session.delete(obj)
db.session.commit()
return obj
+
+ def _has_right_on(self, obj):
+ # user_id == None is like being admin
+ return self.user_id is None \
+ or getattr(obj, self._user_id_key, None) == self.user_id
bgstack15