Check is the user is authenticated before checking if the user is authorized to access to the object.

2 files changed, 6 insertions, 2 deletions

diff --git a/src/web/views/api/v3/article.py b/src/web/views/api/v3/article.py
index 2f276170..da75dc47 100644
--- a/src/web/views/api/v3/article.py
+++ b/src/web/views/api/v3/article.py
@@ -1,9 +1,9 @@
 from web import models
 from bootstrap import application, manager
-from web.views.api.v3.common import check_auth
+from web.views.api.v3.common import auth_func, check_auth
 
 
 blueprint_article = manager.create_api_blueprint(models.Article,
                         methods=['GET', 'POST', 'PUT', 'DELETE'],
-                        preprocessors=dict(GET_SINGLE=[check_auth]))
+                        preprocessors=dict(GET_SINGLE=[auth_func, check_auth]))
 application.register_blueprint(blueprint_article)
diff --git a/src/web/views/api/v3/common.py b/src/web/views/api/v3/common.py
index f5bd2dea..8831b8ba 100644
--- a/src/web/views/api/v3/common.py
+++ b/src/web/views/api/v3/common.py
@@ -1,10 +1,14 @@
 from flask.ext.login import current_user
+from flask.ext.restless import ProcessingException
 from web.controllers import ArticleController
 
 
 def is_authorized_to_modify(user, obj):
     return user.id == obj.user_id
 
+def auth_func(*args, **kw):
+    if not current_user.is_authenticated:
+        raise ProcessingException(description='Not authenticated!', code=401)
 
 def check_auth(instance_id=None, **kw):
     # Check if the user is authorized to modify the specified