aboutsummaryrefslogtreecommitdiff
path: root/src/web/views/api
diff options
context:
space:
mode:
authorCédric Bonhomme <cedric@cedricbonhomme.org>2016-04-19 12:46:08 +0200
committerCédric Bonhomme <cedric@cedricbonhomme.org>2016-04-19 12:46:08 +0200
commitf5e2a8a4227de1e49598843294b7a5e3d82e273f (patch)
tree46a6e19fe8f50fc8d9ab88f7113c3553c4cc0d89 /src/web/views/api
parentFixed bad links to the logo. (diff)
downloadnewspipe-f5e2a8a4227de1e49598843294b7a5e3d82e273f.tar.gz
newspipe-f5e2a8a4227de1e49598843294b7a5e3d82e273f.tar.bz2
newspipe-f5e2a8a4227de1e49598843294b7a5e3d82e273f.zip
Test preprocessors with Flask-Restless.
Diffstat (limited to 'src/web/views/api')
-rw-r--r--src/web/views/api/v3/__init__.py3
-rw-r--r--src/web/views/api/v3/article.py9
-rw-r--r--src/web/views/api/v3/common.py16
3 files changed, 28 insertions, 0 deletions
diff --git a/src/web/views/api/v3/__init__.py b/src/web/views/api/v3/__init__.py
index e69de29b..76aa1f19 100644
--- a/src/web/views/api/v3/__init__.py
+++ b/src/web/views/api/v3/__init__.py
@@ -0,0 +1,3 @@
+from web.views.api.v3 import article
+
+__all__ = ['article']
diff --git a/src/web/views/api/v3/article.py b/src/web/views/api/v3/article.py
new file mode 100644
index 00000000..2f276170
--- /dev/null
+++ b/src/web/views/api/v3/article.py
@@ -0,0 +1,9 @@
+from web import models
+from bootstrap import application, manager
+from web.views.api.v3.common import check_auth
+
+
+blueprint_article = manager.create_api_blueprint(models.Article,
+ methods=['GET', 'POST', 'PUT', 'DELETE'],
+ preprocessors=dict(GET_SINGLE=[check_auth]))
+application.register_blueprint(blueprint_article)
diff --git a/src/web/views/api/v3/common.py b/src/web/views/api/v3/common.py
new file mode 100644
index 00000000..f5bd2dea
--- /dev/null
+++ b/src/web/views/api/v3/common.py
@@ -0,0 +1,16 @@
+from flask.ext.login import current_user
+from web.controllers import ArticleController
+
+
+def is_authorized_to_modify(user, obj):
+ return user.id == obj.user_id
+
+
+def check_auth(instance_id=None, **kw):
+ # Check if the user is authorized to modify the specified
+ # instance of the model.
+ contr = ArticleController(current_user.id)
+ article = contr.get(id=instance_id)
+ if not is_authorized_to_modify(current_user, article):
+ raise ProcessingException(description='Not Authorized',
+ code=401)
bgstack15