aboutsummaryrefslogtreecommitdiff
path: root/src/web/views/api
diff options
context:
space:
mode:
Diffstat (limited to 'src/web/views/api')
-rw-r--r--src/web/views/api/v3/article.py13
-rw-r--r--src/web/views/api/v3/common.py17
2 files changed, 25 insertions, 5 deletions
diff --git a/src/web/views/api/v3/article.py b/src/web/views/api/v3/article.py
index cc769597..ebd15d24 100644
--- a/src/web/views/api/v3/article.py
+++ b/src/web/views/api/v3/article.py
@@ -1,10 +1,15 @@
from web import models
from bootstrap import application, manager
-from web.views.api.v3.common import url_prefix, auth_func, check_auth
+from web.views.api.v3.common import url_prefix, auth_func
+from web.views.api.v3.common import get_single_preprocessor, get_many_preprocessor
blueprint_article = manager.create_api_blueprint(models.Article,
- url_prefix=url_prefix,
- methods=['GET', 'POST', 'PUT', 'DELETE'],
- preprocessors=dict(GET_SINGLE=[auth_func, check_auth]))
+ url_prefix=url_prefix,
+ methods=['GET', 'POST', 'PUT', 'DELETE'],
+ preprocessors=dict(GET_SINGLE=[auth_func, get_single_preprocessor],
+ GET_MANY=[auth_func, get_many_preprocessor],
+ PUT_SINGLE=[auth_func],
+ POST=[auth_func],
+ DELETE=[auth_func]))
application.register_blueprint(blueprint_article)
diff --git a/src/web/views/api/v3/common.py b/src/web/views/api/v3/common.py
index b4e6b62e..84e1f104 100644
--- a/src/web/views/api/v3/common.py
+++ b/src/web/views/api/v3/common.py
@@ -13,7 +13,7 @@ def auth_func(*args, **kw):
if not current_user.is_authenticated:
raise ProcessingException(description='Not authenticated!', code=401)
-def check_auth(instance_id=None, **kw):
+def get_single_preprocessor(instance_id=None, **kw):
# Check if the user is authorized to modify the specified
# instance of the model.
contr = ArticleController(current_user.id)
@@ -21,3 +21,18 @@ def check_auth(instance_id=None, **kw):
if not is_authorized_to_modify(current_user, article):
raise ProcessingException(description='Not Authorized',
code=401)
+
+def get_many_preprocessor(search_params=None, **kw):
+ """Accepts a single argument, `search_params`, which is a dictionary
+ containing the search parameters for the request.
+
+ """
+ filt = dict(name="user_id",
+ op="eq",
+ val=current_user.id)
+
+ # Check if there are any filters there already.
+ if "filters" not in search_params:
+ search_params["filters"] = []
+
+ search_params["filters"].append(filt)
bgstack15