diff options
author | François Schmidts <francois.schmidts@gmail.com> | 2015-04-22 18:50:54 +0200 |
---|---|---|
committer | François Schmidts <francois.schmidts@gmail.com> | 2015-04-23 09:52:22 +0200 |
commit | 55520e2aa70a94b697210bfae9f4097ce04a02a1 (patch) | |
tree | 52db75138eee48708aef3633d862938d01de0218 /pyaggr3g470r/views/api | |
parent | Fixed strange behaviour of the search when only searching on the content. (diff) | |
download | newspipe-55520e2aa70a94b697210bfae9f4097ce04a02a1.tar.gz newspipe-55520e2aa70a94b697210bfae9f4097ce04a02a1.tar.bz2 newspipe-55520e2aa70a94b697210bfae9f4097ce04a02a1.zip |
enforcing better user of user_id in controllers
thus enhancing rights limitations between users
wider_controller are a way to say "I was the maximum rights my role
allows me"
Diffstat (limited to 'pyaggr3g470r/views/api')
-rw-r--r-- | pyaggr3g470r/views/api/article.py | 2 | ||||
-rw-r--r-- | pyaggr3g470r/views/api/common.py | 6 | ||||
-rw-r--r-- | pyaggr3g470r/views/api/feed.py | 9 |
3 files changed, 12 insertions, 5 deletions
diff --git a/pyaggr3g470r/views/api/article.py b/pyaggr3g470r/views/api/article.py index 516eef8f..03ecdb18 100644 --- a/pyaggr3g470r/views/api/article.py +++ b/pyaggr3g470r/views/api/article.py @@ -51,7 +51,7 @@ class ArticlesChallenge(PyAggAbstractResource): if key in id_dict: id_dict[key] = dateutil.parser.parse(id_dict[key]) - return self.controller.challenge(parsed_args['ids']) + return self.wider_controller.challenge(parsed_args['ids']) g.api.add_resource(ArticleNewAPI, '/article', endpoint='article_new.json') diff --git a/pyaggr3g470r/views/api/common.py b/pyaggr3g470r/views/api/common.py index ca344c04..b8c4dd9d 100644 --- a/pyaggr3g470r/views/api/common.py +++ b/pyaggr3g470r/views/api/common.py @@ -90,6 +90,12 @@ class PyAggAbstractResource(Resource): def controller(self): return self.controller_cls(getattr(g.user, 'id', None)) + @property + def wider_controller(self): + if g.user.is_admin(): + return self.controller_cls() + return self.controller_cls(getattr(g.user, 'id', None)) + def reqparse_args(self, req=None, strict=False, default=True, args=None): """ strict: bool diff --git a/pyaggr3g470r/views/api/feed.py b/pyaggr3g470r/views/api/feed.py index ad185de9..68f3a12c 100644 --- a/pyaggr3g470r/views/api/feed.py +++ b/pyaggr3g470r/views/api/feed.py @@ -52,12 +52,13 @@ class FetchableFeedAPI(PyAggAbstractResource): if g.user.refresh_rate: args['refresh_rate'] = g.user.refresh_rate - dont_filter_by_user = args.pop('retreive_all') and g.user.is_admin() - - contr = self.controller_cls() if dont_filter_by_user \ - else self.controller + if args.pop('retreive_all'): + contr = self.wider_controller + else: + contr = self.controller return [feed for feed in contr.list_fetchable(**args)] + g.api.add_resource(FeedNewAPI, '/feed', endpoint='feed_new.json') g.api.add_resource(FeedAPI, '/feed/<int:obj_id>', endpoint='feed.json') g.api.add_resource(FeedsAPI, '/feeds', endpoint='feeds.json') |