diff options
author | Cédric Bonhomme <cedric@cedricbonhomme.org> | 2016-04-20 08:53:23 +0200 |
---|---|---|
committer | Cédric Bonhomme <cedric@cedricbonhomme.org> | 2016-04-20 08:53:23 +0200 |
commit | 2e9aa87a7b82a5c453ac0114c7361c2eece1a7ea (patch) | |
tree | a4dc7d590a3728edc64a95b2ad310df9bfa19637 /src/web/views/api/v3/article.py | |
parent | Authenticate the user via the request. (diff) | |
parent | Added a blueprint for the Flask-Restless feed api. (diff) | |
download | newspipe-2e9aa87a7b82a5c453ac0114c7361c2eece1a7ea.tar.gz newspipe-2e9aa87a7b82a5c453ac0114c7361c2eece1a7ea.tar.bz2 newspipe-2e9aa87a7b82a5c453ac0114c7361c2eece1a7ea.zip |
Fix conflicts.
Diffstat (limited to 'src/web/views/api/v3/article.py')
-rw-r--r-- | src/web/views/api/v3/article.py | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/src/web/views/api/v3/article.py b/src/web/views/api/v3/article.py index ebd15d24..1f6e757a 100644 --- a/src/web/views/api/v3/article.py +++ b/src/web/views/api/v3/article.py @@ -1,14 +1,29 @@ +from flask.ext.login import current_user from web import models from bootstrap import application, manager +from web.controllers import ArticleController +from web.views.api.v3.common import AbstractProcessor from web.views.api.v3.common import url_prefix, auth_func -from web.views.api.v3.common import get_single_preprocessor, get_many_preprocessor +class ArticleProcessor(AbstractProcessor): + def get_single_preprocessor(self, instance_id=None, **kw): + # Check if the user is authorized to modify the specified + # instance of the model. + contr = ArticleController(current_user.id) + article = contr.get(id=instance_id) + if not self.is_authorized_to_modify(current_user, article): + raise ProcessingException(description='Not Authorized', code=401) + + +article_processor = ArticleProcessor() blueprint_article = manager.create_api_blueprint(models.Article, url_prefix=url_prefix, methods=['GET', 'POST', 'PUT', 'DELETE'], - preprocessors=dict(GET_SINGLE=[auth_func, get_single_preprocessor], - GET_MANY=[auth_func, get_many_preprocessor], + preprocessors=dict(GET_SINGLE=[auth_func, + article_processor.get_single_preprocessor], + GET_MANY=[auth_func, + article_processor.get_many_preprocessor], PUT_SINGLE=[auth_func], POST=[auth_func], DELETE=[auth_func])) |