aboutsummaryrefslogtreecommitdiff
path: root/src/web/views/api/v3/article.py
diff options
context:
space:
mode:
Diffstat (limited to 'src/web/views/api/v3/article.py')
-rw-r--r--src/web/views/api/v3/article.py21
1 files changed, 18 insertions, 3 deletions
diff --git a/src/web/views/api/v3/article.py b/src/web/views/api/v3/article.py
index ebd15d24..1f6e757a 100644
--- a/src/web/views/api/v3/article.py
+++ b/src/web/views/api/v3/article.py
@@ -1,14 +1,29 @@
+from flask.ext.login import current_user
from web import models
from bootstrap import application, manager
+from web.controllers import ArticleController
+from web.views.api.v3.common import AbstractProcessor
from web.views.api.v3.common import url_prefix, auth_func
-from web.views.api.v3.common import get_single_preprocessor, get_many_preprocessor
+class ArticleProcessor(AbstractProcessor):
+ def get_single_preprocessor(self, instance_id=None, **kw):
+ # Check if the user is authorized to modify the specified
+ # instance of the model.
+ contr = ArticleController(current_user.id)
+ article = contr.get(id=instance_id)
+ if not self.is_authorized_to_modify(current_user, article):
+ raise ProcessingException(description='Not Authorized', code=401)
+
+
+article_processor = ArticleProcessor()
blueprint_article = manager.create_api_blueprint(models.Article,
url_prefix=url_prefix,
methods=['GET', 'POST', 'PUT', 'DELETE'],
- preprocessors=dict(GET_SINGLE=[auth_func, get_single_preprocessor],
- GET_MANY=[auth_func, get_many_preprocessor],
+ preprocessors=dict(GET_SINGLE=[auth_func,
+ article_processor.get_single_preprocessor],
+ GET_MANY=[auth_func,
+ article_processor.get_many_preprocessor],
PUT_SINGLE=[auth_func],
POST=[auth_func],
DELETE=[auth_func]))
bgstack15