diff options
Diffstat (limited to 'src/web/views')
-rw-r--r-- | src/web/views/api/v3/article.py | 13 | ||||
-rw-r--r-- | src/web/views/api/v3/common.py | 17 |
2 files changed, 25 insertions, 5 deletions
diff --git a/src/web/views/api/v3/article.py b/src/web/views/api/v3/article.py index cc769597..ebd15d24 100644 --- a/src/web/views/api/v3/article.py +++ b/src/web/views/api/v3/article.py @@ -1,10 +1,15 @@ from web import models from bootstrap import application, manager -from web.views.api.v3.common import url_prefix, auth_func, check_auth +from web.views.api.v3.common import url_prefix, auth_func +from web.views.api.v3.common import get_single_preprocessor, get_many_preprocessor blueprint_article = manager.create_api_blueprint(models.Article, - url_prefix=url_prefix, - methods=['GET', 'POST', 'PUT', 'DELETE'], - preprocessors=dict(GET_SINGLE=[auth_func, check_auth])) + url_prefix=url_prefix, + methods=['GET', 'POST', 'PUT', 'DELETE'], + preprocessors=dict(GET_SINGLE=[auth_func, get_single_preprocessor], + GET_MANY=[auth_func, get_many_preprocessor], + PUT_SINGLE=[auth_func], + POST=[auth_func], + DELETE=[auth_func])) application.register_blueprint(blueprint_article) diff --git a/src/web/views/api/v3/common.py b/src/web/views/api/v3/common.py index b4e6b62e..84e1f104 100644 --- a/src/web/views/api/v3/common.py +++ b/src/web/views/api/v3/common.py @@ -13,7 +13,7 @@ def auth_func(*args, **kw): if not current_user.is_authenticated: raise ProcessingException(description='Not authenticated!', code=401) -def check_auth(instance_id=None, **kw): +def get_single_preprocessor(instance_id=None, **kw): # Check if the user is authorized to modify the specified # instance of the model. contr = ArticleController(current_user.id) @@ -21,3 +21,18 @@ def check_auth(instance_id=None, **kw): if not is_authorized_to_modify(current_user, article): raise ProcessingException(description='Not Authorized', code=401) + +def get_many_preprocessor(search_params=None, **kw): + """Accepts a single argument, `search_params`, which is a dictionary + containing the search parameters for the request. + + """ + filt = dict(name="user_id", + op="eq", + val=current_user.id) + + # Check if there are any filters there already. + if "filters" not in search_params: + search_params["filters"] = [] + + search_params["filters"].append(filt) |