diff options
Diffstat (limited to 'src/web')
-rw-r--r-- | src/web/views/api/v3/article.py | 30 | ||||
-rw-r--r-- | src/web/views/api/v3/common.py | 14 | ||||
-rw-r--r-- | src/web/views/api/v3/feed.py | 10 |
3 files changed, 30 insertions, 24 deletions
diff --git a/src/web/views/api/v3/article.py b/src/web/views/api/v3/article.py index 49a9842e..657a4af1 100644 --- a/src/web/views/api/v3/article.py +++ b/src/web/views/api/v3/article.py @@ -8,34 +8,30 @@ from web.views.api.v3.common import AbstractProcessor from web.views.api.v3.common import url_prefix, auth_func class ArticleProcessor(AbstractProcessor): + """Concrete processors for the Article Web service. + """ + def get_single_preprocessor(self, instance_id=None, **kw): - # Check if the user is authorized to modify the specified - # instance of the model. - contr = ArticleController(current_user.id) - article = contr.get(id=instance_id) - if not self.is_authorized(current_user, article): - raise ProcessingException(description='Not Authorized', code=401) - - def post_put_preprocessor(self, data=None, **kw): + article = ArticleController(current_user.id).get(id=instance_id) + self.is_authorized(current_user, article) + + def post_preprocessor(self, data=None, **kw): data["user_id"] = current_user.id - fcontr = FeedController() try: - feed = fcontr.get(id=data["feed_id"]) + feed = FeedController(current_user.id).get(id=data["feed_id"]) except NotFound: raise ProcessingException(description='No such feed.', code=404) + self.is_authorized(current_user, feed) data["category_id"] = feed.category_id def delete_preprocessor(self, instance_id=None, **kw): - contr = ArticleController() try: - article = contr.get(id=instance_id) + article = ArticleController(current_user.id).get(id=instance_id) except NotFound: raise ProcessingException(description='No such article.', code=404) - if article.user_id != current_user.id: - raise ProcessingException(description='Not Authorized', code=401) - + self.is_authorized(current_user, article) article_processor = ArticleProcessor() @@ -47,9 +43,9 @@ blueprint_article = manager.create_api_blueprint(models.Article, GET_MANY=[auth_func, article_processor.get_many_preprocessor], POST=[auth_func, - article_processor.post_put_preprocessor], + article_processor.post_preprocessor], PUT_SINGLE=[auth_func, - article_processor.post_put_preprocessor], + article_processor.put_single_preprocessor], DELETE=[auth_func, article_processor.delete_preprocessor])) application.register_blueprint(blueprint_article) diff --git a/src/web/views/api/v3/common.py b/src/web/views/api/v3/common.py index bd20ad38..51e4e6be 100644 --- a/src/web/views/api/v3/common.py +++ b/src/web/views/api/v3/common.py @@ -25,9 +25,12 @@ def auth_func(*args, **kw): raise ProcessingException(description='Not authenticated!', code=401) class AbstractProcessor(): + """Abstract processors for the Web services. + """ def is_authorized(self, user, obj): - return user.id == obj.user_id + if user.id != obj.user_id: + raise ProcessingException(description='Not Authorized', code=401) def get_single_preprocessor(self, instance_id=None, **kw): # Check if the user is authorized to modify the specified @@ -48,7 +51,14 @@ class AbstractProcessor(): search_params["filters"].append(filt) - def post_put_preprocessor(self, data=None, **kw): + def post_preprocessor(self, data=None, **kw): + pass + + def put_single_preprocessor(instance_id=None, data=None, **kw): + """Accepts two arguments, `instance_id`, the primary key of the + instance of the model to patch, and `data`, the dictionary of fields + to change on the instance. + """ pass def delete_preprocessor(self, instance_id=None, **kw): diff --git a/src/web/views/api/v3/feed.py b/src/web/views/api/v3/feed.py index a97aa415..bf1d376f 100644 --- a/src/web/views/api/v3/feed.py +++ b/src/web/views/api/v3/feed.py @@ -6,14 +6,14 @@ from web.views.api.v3.common import AbstractProcessor from web.views.api.v3.common import url_prefix, auth_func class FeedProcessor(AbstractProcessor): + """Concrete processors for the Feed Web service. + """ + def get_single_preprocessor(self, instance_id=None, **kw): # Check if the user is authorized to modify the specified # instance of the model. - contr = FeedController(current_user.id) - feed = contr.get(id=instance_id) - if not self.is_authorized(current_user, feed): - raise ProcessingException(description='Not Authorized', code=401) - + feed = FeedController(current_user.id).get(id=instance_id) + self.is_authorized(current_user, feed) feed_processor = FeedProcessor() |