aboutsummaryrefslogtreecommitdiff
path: root/pyaggr3g470r
diff options
context:
space:
mode:
authorCédric Bonhomme <kimble.mandel@gmail.com>2014-04-08 07:33:29 +0200
committerCédric Bonhomme <kimble.mandel@gmail.com>2014-04-08 07:33:29 +0200
commit63a5c222e1fe9fe15e3182fc6b542431c0ca2517 (patch)
treeee4b86ffb5ac3f071c213c95662f54f20f4cec25 /pyaggr3g470r
parentCreate and edit a feed: OK. (diff)
downloadnewspipe-63a5c222e1fe9fe15e3182fc6b542431c0ca2517.tar.gz
newspipe-63a5c222e1fe9fe15e3182fc6b542431c0ca2517.tar.bz2
newspipe-63a5c222e1fe9fe15e3182fc6b542431c0ca2517.zip
Added decorator to check if a user has access to a feed.
Diffstat (limited to 'pyaggr3g470r')
-rw-r--r--pyaggr3g470r/views.py25
1 files changed, 21 insertions, 4 deletions
diff --git a/pyaggr3g470r/views.py b/pyaggr3g470r/views.py
index 1bf08683..3a6f35d9 100644
--- a/pyaggr3g470r/views.py
+++ b/pyaggr3g470r/views.py
@@ -94,6 +94,25 @@ def redirect_url(default='index'):
+from functools import wraps
+def feed_access_required(func):
+ """
+ This decorator enables to check if a user has access to a feed.
+ """
+ #print("Now decorating %s" % func)
+ @wraps(func)
+ def decorated(*args, **kwargs):
+ #print("Now calling %s with %s,%s" % (func, args, kwargs))
+ feed = Feed.query.filter(Feed.id == kwargs['feed_id']).first()
+ if feed == None or feed.subscriber.id != g.user.id:
+ flash("This feed do not exist.", "danger")
+ return redirect(url_for('home'))
+ return func(*args, **kwargs)
+ return decorated
+
+
+
+
#
# Views.
@@ -466,15 +485,12 @@ def history():
@app.route('/create_feed/', methods=['GET', 'POST'])
@app.route('/edit_feed/<int:feed_id>', methods=['GET', 'POST'])
@login_required
+@feed_access_required
def edit_feed(feed_id=None):
"""
Add or edit a feed.
"""
feed = Feed.query.filter(Feed.id == feed_id).first()
- if feed != None and feed.subscriber.id != g.user.id:
- flash("Not authorized", "error")
- return redirect(redirect_url())
-
form = AddFeedForm()
if request.method == 'POST':
@@ -512,6 +528,7 @@ def edit_feed(feed_id=None):
@app.route('/delete_feed/<feed_id>', methods=['GET'])
@login_required
+@feed_access_required
def delete_feed(feed_id=None):
"""
Delete a feed with all associated articles.
bgstack15