aboutsummaryrefslogtreecommitdiff
path: root/src/web
diff options
context:
space:
mode:
Diffstat (limited to 'src/web')
-rw-r--r--src/web/views/api/v3/article.py30
-rw-r--r--src/web/views/api/v3/common.py14
-rw-r--r--src/web/views/api/v3/feed.py10
3 files changed, 30 insertions, 24 deletions
diff --git a/src/web/views/api/v3/article.py b/src/web/views/api/v3/article.py
index 49a9842e..657a4af1 100644
--- a/src/web/views/api/v3/article.py
+++ b/src/web/views/api/v3/article.py
@@ -8,34 +8,30 @@ from web.views.api.v3.common import AbstractProcessor
from web.views.api.v3.common import url_prefix, auth_func
class ArticleProcessor(AbstractProcessor):
+ """Concrete processors for the Article Web service.
+ """
+
def get_single_preprocessor(self, instance_id=None, **kw):
- # Check if the user is authorized to modify the specified
- # instance of the model.
- contr = ArticleController(current_user.id)
- article = contr.get(id=instance_id)
- if not self.is_authorized(current_user, article):
- raise ProcessingException(description='Not Authorized', code=401)
-
- def post_put_preprocessor(self, data=None, **kw):
+ article = ArticleController(current_user.id).get(id=instance_id)
+ self.is_authorized(current_user, article)
+
+ def post_preprocessor(self, data=None, **kw):
data["user_id"] = current_user.id
- fcontr = FeedController()
try:
- feed = fcontr.get(id=data["feed_id"])
+ feed = FeedController(current_user.id).get(id=data["feed_id"])
except NotFound:
raise ProcessingException(description='No such feed.', code=404)
+ self.is_authorized(current_user, feed)
data["category_id"] = feed.category_id
def delete_preprocessor(self, instance_id=None, **kw):
- contr = ArticleController()
try:
- article = contr.get(id=instance_id)
+ article = ArticleController(current_user.id).get(id=instance_id)
except NotFound:
raise ProcessingException(description='No such article.', code=404)
- if article.user_id != current_user.id:
- raise ProcessingException(description='Not Authorized', code=401)
-
+ self.is_authorized(current_user, article)
article_processor = ArticleProcessor()
@@ -47,9 +43,9 @@ blueprint_article = manager.create_api_blueprint(models.Article,
GET_MANY=[auth_func,
article_processor.get_many_preprocessor],
POST=[auth_func,
- article_processor.post_put_preprocessor],
+ article_processor.post_preprocessor],
PUT_SINGLE=[auth_func,
- article_processor.post_put_preprocessor],
+ article_processor.put_single_preprocessor],
DELETE=[auth_func,
article_processor.delete_preprocessor]))
application.register_blueprint(blueprint_article)
diff --git a/src/web/views/api/v3/common.py b/src/web/views/api/v3/common.py
index bd20ad38..51e4e6be 100644
--- a/src/web/views/api/v3/common.py
+++ b/src/web/views/api/v3/common.py
@@ -25,9 +25,12 @@ def auth_func(*args, **kw):
raise ProcessingException(description='Not authenticated!', code=401)
class AbstractProcessor():
+ """Abstract processors for the Web services.
+ """
def is_authorized(self, user, obj):
- return user.id == obj.user_id
+ if user.id != obj.user_id:
+ raise ProcessingException(description='Not Authorized', code=401)
def get_single_preprocessor(self, instance_id=None, **kw):
# Check if the user is authorized to modify the specified
@@ -48,7 +51,14 @@ class AbstractProcessor():
search_params["filters"].append(filt)
- def post_put_preprocessor(self, data=None, **kw):
+ def post_preprocessor(self, data=None, **kw):
+ pass
+
+ def put_single_preprocessor(instance_id=None, data=None, **kw):
+ """Accepts two arguments, `instance_id`, the primary key of the
+ instance of the model to patch, and `data`, the dictionary of fields
+ to change on the instance.
+ """
pass
def delete_preprocessor(self, instance_id=None, **kw):
diff --git a/src/web/views/api/v3/feed.py b/src/web/views/api/v3/feed.py
index a97aa415..bf1d376f 100644
--- a/src/web/views/api/v3/feed.py
+++ b/src/web/views/api/v3/feed.py
@@ -6,14 +6,14 @@ from web.views.api.v3.common import AbstractProcessor
from web.views.api.v3.common import url_prefix, auth_func
class FeedProcessor(AbstractProcessor):
+ """Concrete processors for the Feed Web service.
+ """
+
def get_single_preprocessor(self, instance_id=None, **kw):
# Check if the user is authorized to modify the specified
# instance of the model.
- contr = FeedController(current_user.id)
- feed = contr.get(id=instance_id)
- if not self.is_authorized(current_user, feed):
- raise ProcessingException(description='Not Authorized', code=401)
-
+ feed = FeedController(current_user.id).get(id=instance_id)
+ self.is_authorized(current_user, feed)
feed_processor = FeedProcessor()
bgstack15