diff options
author | Cédric Bonhomme <cedric@cedricbonhomme.org> | 2016-04-19 12:46:08 +0200 |
---|---|---|
committer | Cédric Bonhomme <cedric@cedricbonhomme.org> | 2016-04-19 12:46:08 +0200 |
commit | f5e2a8a4227de1e49598843294b7a5e3d82e273f (patch) | |
tree | 46a6e19fe8f50fc8d9ab88f7113c3553c4cc0d89 /src/web/views/api/v3/common.py | |
parent | Fixed bad links to the logo. (diff) | |
download | newspipe-f5e2a8a4227de1e49598843294b7a5e3d82e273f.tar.gz newspipe-f5e2a8a4227de1e49598843294b7a5e3d82e273f.tar.bz2 newspipe-f5e2a8a4227de1e49598843294b7a5e3d82e273f.zip |
Test preprocessors with Flask-Restless.
Diffstat (limited to 'src/web/views/api/v3/common.py')
-rw-r--r-- | src/web/views/api/v3/common.py | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/src/web/views/api/v3/common.py b/src/web/views/api/v3/common.py new file mode 100644 index 00000000..f5bd2dea --- /dev/null +++ b/src/web/views/api/v3/common.py @@ -0,0 +1,16 @@ +from flask.ext.login import current_user +from web.controllers import ArticleController + + +def is_authorized_to_modify(user, obj): + return user.id == obj.user_id + + +def check_auth(instance_id=None, **kw): + # Check if the user is authorized to modify the specified + # instance of the model. + contr = ArticleController(current_user.id) + article = contr.get(id=instance_id) + if not is_authorized_to_modify(current_user, article): + raise ProcessingException(description='Not Authorized', + code=401) |