aboutsummaryrefslogtreecommitdiff
path: root/src/web/views
diff options
context:
space:
mode:
authorCédric Bonhomme <cedric@cedricbonhomme.org>2016-04-19 12:50:17 +0200
committerCédric Bonhomme <cedric@cedricbonhomme.org>2016-04-19 12:50:17 +0200
commit1b8b4e7786d5fd29ee528407590c88dffdd15714 (patch)
treef0220866cc8fcbc283082bef3bc63dea0000e775 /src/web/views
parentTest preprocessors with Flask-Restless. (diff)
downloadnewspipe-1b8b4e7786d5fd29ee528407590c88dffdd15714.tar.gz
newspipe-1b8b4e7786d5fd29ee528407590c88dffdd15714.tar.bz2
newspipe-1b8b4e7786d5fd29ee528407590c88dffdd15714.zip
Check is the user is authenticated before checking if the user is authorized to access to the object.
Diffstat (limited to 'src/web/views')
-rw-r--r--src/web/views/api/v3/article.py4
-rw-r--r--src/web/views/api/v3/common.py4
2 files changed, 6 insertions, 2 deletions
diff --git a/src/web/views/api/v3/article.py b/src/web/views/api/v3/article.py
index 2f276170..da75dc47 100644
--- a/src/web/views/api/v3/article.py
+++ b/src/web/views/api/v3/article.py
@@ -1,9 +1,9 @@
from web import models
from bootstrap import application, manager
-from web.views.api.v3.common import check_auth
+from web.views.api.v3.common import auth_func, check_auth
blueprint_article = manager.create_api_blueprint(models.Article,
methods=['GET', 'POST', 'PUT', 'DELETE'],
- preprocessors=dict(GET_SINGLE=[check_auth]))
+ preprocessors=dict(GET_SINGLE=[auth_func, check_auth]))
application.register_blueprint(blueprint_article)
diff --git a/src/web/views/api/v3/common.py b/src/web/views/api/v3/common.py
index f5bd2dea..8831b8ba 100644
--- a/src/web/views/api/v3/common.py
+++ b/src/web/views/api/v3/common.py
@@ -1,10 +1,14 @@
from flask.ext.login import current_user
+from flask.ext.restless import ProcessingException
from web.controllers import ArticleController
def is_authorized_to_modify(user, obj):
return user.id == obj.user_id
+def auth_func(*args, **kw):
+ if not current_user.is_authenticated:
+ raise ProcessingException(description='Not authenticated!', code=401)
def check_auth(instance_id=None, **kw):
# Check if the user is authorized to modify the specified
bgstack15