aboutsummaryrefslogtreecommitdiff
path: root/pyaggr3g470r/views/api
diff options
context:
space:
mode:
authorFrançois Schmidts <francois.schmidts@gmail.com>2015-04-22 18:50:54 +0200
committerFrançois Schmidts <francois.schmidts@gmail.com>2015-04-23 09:52:22 +0200
commit55520e2aa70a94b697210bfae9f4097ce04a02a1 (patch)
tree52db75138eee48708aef3633d862938d01de0218 /pyaggr3g470r/views/api
parentFixed strange behaviour of the search when only searching on the content. (diff)
downloadnewspipe-55520e2aa70a94b697210bfae9f4097ce04a02a1.tar.gz
newspipe-55520e2aa70a94b697210bfae9f4097ce04a02a1.tar.bz2
newspipe-55520e2aa70a94b697210bfae9f4097ce04a02a1.zip
enforcing better user of user_id in controllers
thus enhancing rights limitations between users wider_controller are a way to say "I was the maximum rights my role allows me"
Diffstat (limited to 'pyaggr3g470r/views/api')
-rw-r--r--pyaggr3g470r/views/api/article.py2
-rw-r--r--pyaggr3g470r/views/api/common.py6
-rw-r--r--pyaggr3g470r/views/api/feed.py9
3 files changed, 12 insertions, 5 deletions
diff --git a/pyaggr3g470r/views/api/article.py b/pyaggr3g470r/views/api/article.py
index 516eef8f..03ecdb18 100644
--- a/pyaggr3g470r/views/api/article.py
+++ b/pyaggr3g470r/views/api/article.py
@@ -51,7 +51,7 @@ class ArticlesChallenge(PyAggAbstractResource):
if key in id_dict:
id_dict[key] = dateutil.parser.parse(id_dict[key])
- return self.controller.challenge(parsed_args['ids'])
+ return self.wider_controller.challenge(parsed_args['ids'])
g.api.add_resource(ArticleNewAPI, '/article', endpoint='article_new.json')
diff --git a/pyaggr3g470r/views/api/common.py b/pyaggr3g470r/views/api/common.py
index ca344c04..b8c4dd9d 100644
--- a/pyaggr3g470r/views/api/common.py
+++ b/pyaggr3g470r/views/api/common.py
@@ -90,6 +90,12 @@ class PyAggAbstractResource(Resource):
def controller(self):
return self.controller_cls(getattr(g.user, 'id', None))
+ @property
+ def wider_controller(self):
+ if g.user.is_admin():
+ return self.controller_cls()
+ return self.controller_cls(getattr(g.user, 'id', None))
+
def reqparse_args(self, req=None, strict=False, default=True, args=None):
"""
strict: bool
diff --git a/pyaggr3g470r/views/api/feed.py b/pyaggr3g470r/views/api/feed.py
index ad185de9..68f3a12c 100644
--- a/pyaggr3g470r/views/api/feed.py
+++ b/pyaggr3g470r/views/api/feed.py
@@ -52,12 +52,13 @@ class FetchableFeedAPI(PyAggAbstractResource):
if g.user.refresh_rate:
args['refresh_rate'] = g.user.refresh_rate
- dont_filter_by_user = args.pop('retreive_all') and g.user.is_admin()
-
- contr = self.controller_cls() if dont_filter_by_user \
- else self.controller
+ if args.pop('retreive_all'):
+ contr = self.wider_controller
+ else:
+ contr = self.controller
return [feed for feed in contr.list_fetchable(**args)]
+
g.api.add_resource(FeedNewAPI, '/feed', endpoint='feed_new.json')
g.api.add_resource(FeedAPI, '/feed/<int:obj_id>', endpoint='feed.json')
g.api.add_resource(FeedsAPI, '/feeds', endpoint='feeds.json')
bgstack15