diff options
author | Cédric Bonhomme <cedric@cedricbonhomme.org> | 2016-04-19 12:46:08 +0200 |
---|---|---|
committer | Cédric Bonhomme <cedric@cedricbonhomme.org> | 2016-04-19 12:46:08 +0200 |
commit | f5e2a8a4227de1e49598843294b7a5e3d82e273f (patch) | |
tree | 46a6e19fe8f50fc8d9ab88f7113c3553c4cc0d89 /src/web/views/api/v3 | |
parent | Fixed bad links to the logo. (diff) | |
download | newspipe-f5e2a8a4227de1e49598843294b7a5e3d82e273f.tar.gz newspipe-f5e2a8a4227de1e49598843294b7a5e3d82e273f.tar.bz2 newspipe-f5e2a8a4227de1e49598843294b7a5e3d82e273f.zip |
Test preprocessors with Flask-Restless.
Diffstat (limited to 'src/web/views/api/v3')
-rw-r--r-- | src/web/views/api/v3/__init__.py | 3 | ||||
-rw-r--r-- | src/web/views/api/v3/article.py | 9 | ||||
-rw-r--r-- | src/web/views/api/v3/common.py | 16 |
3 files changed, 28 insertions, 0 deletions
diff --git a/src/web/views/api/v3/__init__.py b/src/web/views/api/v3/__init__.py index e69de29b..76aa1f19 100644 --- a/src/web/views/api/v3/__init__.py +++ b/src/web/views/api/v3/__init__.py @@ -0,0 +1,3 @@ +from web.views.api.v3 import article + +__all__ = ['article'] diff --git a/src/web/views/api/v3/article.py b/src/web/views/api/v3/article.py new file mode 100644 index 00000000..2f276170 --- /dev/null +++ b/src/web/views/api/v3/article.py @@ -0,0 +1,9 @@ +from web import models +from bootstrap import application, manager +from web.views.api.v3.common import check_auth + + +blueprint_article = manager.create_api_blueprint(models.Article, + methods=['GET', 'POST', 'PUT', 'DELETE'], + preprocessors=dict(GET_SINGLE=[check_auth])) +application.register_blueprint(blueprint_article) diff --git a/src/web/views/api/v3/common.py b/src/web/views/api/v3/common.py new file mode 100644 index 00000000..f5bd2dea --- /dev/null +++ b/src/web/views/api/v3/common.py @@ -0,0 +1,16 @@ +from flask.ext.login import current_user +from web.controllers import ArticleController + + +def is_authorized_to_modify(user, obj): + return user.id == obj.user_id + + +def check_auth(instance_id=None, **kw): + # Check if the user is authorized to modify the specified + # instance of the model. + contr = ArticleController(current_user.id) + article = contr.get(id=instance_id) + if not is_authorized_to_modify(current_user, article): + raise ProcessingException(description='Not Authorized', + code=401) |