diff options
Diffstat (limited to 'src/web/views/api/v3/common.py')
| -rw-r--r-- | src/web/views/api/v3/common.py | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/src/web/views/api/v3/common.py b/src/web/views/api/v3/common.py new file mode 100644 index 00000000..f5bd2dea --- /dev/null +++ b/src/web/views/api/v3/common.py @@ -0,0 +1,16 @@ +from flask.ext.login import current_user +from web.controllers import ArticleController + + +def is_authorized_to_modify(user, obj): + return user.id == obj.user_id + + +def check_auth(instance_id=None, **kw): + # Check if the user is authorized to modify the specified + # instance of the model. + contr = ArticleController(current_user.id) + article = contr.get(id=instance_id) + if not is_authorized_to_modify(current_user, article): + raise ProcessingException(description='Not Authorized', + code=401) |