diff options
-rw-r--r-- | requirements.txt | 1 | ||||
-rw-r--r-- | src/web/views/api/v3/__init__.py | 4 | ||||
-rw-r--r-- | src/web/views/api/v3/article.py | 21 | ||||
-rw-r--r-- | src/web/views/api/v3/common.py | 51 | ||||
-rw-r--r-- | src/web/views/api/v3/feed.py | 30 |
5 files changed, 74 insertions, 33 deletions
diff --git a/requirements.txt b/requirements.txt index b63daf74..f4cc2bc2 100644 --- a/requirements.txt +++ b/requirements.txt @@ -14,6 +14,7 @@ Flask-Login Flask-Principal Flask-WTF Flask-RESTful +Flask-Restless Flask-Babel Flask-SSLify Flask-Migrate diff --git a/src/web/views/api/v3/__init__.py b/src/web/views/api/v3/__init__.py index 76aa1f19..04dd28ad 100644 --- a/src/web/views/api/v3/__init__.py +++ b/src/web/views/api/v3/__init__.py @@ -1,3 +1,3 @@ -from web.views.api.v3 import article +from web.views.api.v3 import article, feed -__all__ = ['article'] +__all__ = ['article', 'feed'] diff --git a/src/web/views/api/v3/article.py b/src/web/views/api/v3/article.py index ebd15d24..1f6e757a 100644 --- a/src/web/views/api/v3/article.py +++ b/src/web/views/api/v3/article.py @@ -1,14 +1,29 @@ +from flask.ext.login import current_user from web import models from bootstrap import application, manager +from web.controllers import ArticleController +from web.views.api.v3.common import AbstractProcessor from web.views.api.v3.common import url_prefix, auth_func -from web.views.api.v3.common import get_single_preprocessor, get_many_preprocessor +class ArticleProcessor(AbstractProcessor): + def get_single_preprocessor(self, instance_id=None, **kw): + # Check if the user is authorized to modify the specified + # instance of the model. + contr = ArticleController(current_user.id) + article = contr.get(id=instance_id) + if not self.is_authorized_to_modify(current_user, article): + raise ProcessingException(description='Not Authorized', code=401) + + +article_processor = ArticleProcessor() blueprint_article = manager.create_api_blueprint(models.Article, url_prefix=url_prefix, methods=['GET', 'POST', 'PUT', 'DELETE'], - preprocessors=dict(GET_SINGLE=[auth_func, get_single_preprocessor], - GET_MANY=[auth_func, get_many_preprocessor], + preprocessors=dict(GET_SINGLE=[auth_func, + article_processor.get_single_preprocessor], + GET_MANY=[auth_func, + article_processor.get_many_preprocessor], PUT_SINGLE=[auth_func], POST=[auth_func], DELETE=[auth_func])) diff --git a/src/web/views/api/v3/common.py b/src/web/views/api/v3/common.py index 1d546b64..4234a91a 100644 --- a/src/web/views/api/v3/common.py +++ b/src/web/views/api/v3/common.py @@ -5,13 +5,8 @@ from werkzeug.exceptions import NotFound from web.controllers import ArticleController, UserController from web.views.common import login_user_bundle - url_prefix = '/api/v3' - -def is_authorized_to_modify(user, obj): - return user.id == obj.user_id - def auth_func(*args, **kw): if request.authorization: ucontr = UserController() @@ -29,26 +24,26 @@ def auth_func(*args, **kw): if not current_user.is_authenticated: raise ProcessingException(description='Not authenticated!', code=401) -def get_single_preprocessor(instance_id=None, **kw): - # Check if the user is authorized to modify the specified - # instance of the model. - contr = ArticleController(current_user.id) - article = contr.get(id=instance_id) - if not is_authorized_to_modify(current_user, article): - raise ProcessingException(description='Not Authorized', - code=401) - -def get_many_preprocessor(search_params=None, **kw): - """Accepts a single argument, `search_params`, which is a dictionary - containing the search parameters for the request. - - """ - filt = dict(name="user_id", - op="eq", - val=current_user.id) - - # Check if there are any filters there already. - if "filters" not in search_params: - search_params["filters"] = [] - - search_params["filters"].append(filt) +class AbstractProcessor(): + + def is_authorized_to_modify(self, user, obj): + return user.id == obj.user_id + + def get_single_preprocessor(self, instance_id=None, **kw): + # Check if the user is authorized to modify the specified + # instance of the model. + pass + + def get_many_preprocessor(self, search_params=None, **kw): + """Accepts a single argument, `search_params`, which is a dictionary + containing the search parameters for the request. + """ + filt = dict(name="user_id", + op="eq", + val=current_user.id) + + # Check if there are any filters there already. + if "filters" not in search_params: + search_params["filters"] = [] + + search_params["filters"].append(filt) diff --git a/src/web/views/api/v3/feed.py b/src/web/views/api/v3/feed.py new file mode 100644 index 00000000..ef1b415f --- /dev/null +++ b/src/web/views/api/v3/feed.py @@ -0,0 +1,30 @@ +from flask.ext.login import current_user +from web import models +from bootstrap import application, manager +from web.controllers import FeedController +from web.views.api.v3.common import AbstractProcessor +from web.views.api.v3.common import url_prefix, auth_func + +class FeedProcessor(AbstractProcessor): + def get_single_preprocessor(self, instance_id=None, **kw): + # Check if the user is authorized to modify the specified + # instance of the model. + contr = FeedController(current_user.id) + feed = contr.get(id=instance_id) + if not self.is_authorized_to_modify(current_user, feed): + raise ProcessingException(description='Not Authorized', code=401) + + +feed_processor = FeedProcessor() + +blueprint_feed = manager.create_api_blueprint(models.Feed, + url_prefix=url_prefix, + methods=['GET', 'POST', 'PUT', 'DELETE'], + preprocessors=dict(GET_SINGLE=[auth_func, + feed_processor.get_single_preprocessor], + GET_MANY=[auth_func, + feed_processor.get_many_preprocessor], + PUT_SINGLE=[auth_func], + POST=[auth_func], + DELETE=[auth_func])) +application.register_blueprint(blueprint_feed) |