aboutsummaryrefslogtreecommitdiff
path: root/src/web
diff options
context:
space:
mode:
Diffstat (limited to 'src/web')
-rw-r--r--src/web/views/__init__.py4
-rw-r--r--src/web/views/api/v3/__init__.py3
-rw-r--r--src/web/views/api/v3/article.py9
-rw-r--r--src/web/views/api/v3/common.py16
4 files changed, 30 insertions, 2 deletions
diff --git a/src/web/views/__init__.py b/src/web/views/__init__.py
index 4af8975b..1ca5c473 100644
--- a/src/web/views/__init__.py
+++ b/src/web/views/__init__.py
@@ -1,4 +1,4 @@
-from web.views.api import v2
+from web.views.api import v2, v3
from web.views import views, home, session_mgmt
from web.views.article import article_bp, articles_bp
from web.views.feed import feed_bp, feeds_bp
@@ -7,7 +7,7 @@ from web.views.icon import icon_bp
from web.views.admin import admin_bp
from web.views.user import user_bp, users_bp
-__all__ = ['views', 'home', 'session_mgmt', 'v2',
+__all__ = ['views', 'home', 'session_mgmt', 'v2', 'v3',
'article_bp', 'articles_bp', 'feed_bp', 'feeds_bp',
'category_bp', 'categories_bp', 'icon_bp',
'admin_bp', 'user_bp', 'users_bp']
diff --git a/src/web/views/api/v3/__init__.py b/src/web/views/api/v3/__init__.py
index e69de29b..76aa1f19 100644
--- a/src/web/views/api/v3/__init__.py
+++ b/src/web/views/api/v3/__init__.py
@@ -0,0 +1,3 @@
+from web.views.api.v3 import article
+
+__all__ = ['article']
diff --git a/src/web/views/api/v3/article.py b/src/web/views/api/v3/article.py
new file mode 100644
index 00000000..2f276170
--- /dev/null
+++ b/src/web/views/api/v3/article.py
@@ -0,0 +1,9 @@
+from web import models
+from bootstrap import application, manager
+from web.views.api.v3.common import check_auth
+
+
+blueprint_article = manager.create_api_blueprint(models.Article,
+ methods=['GET', 'POST', 'PUT', 'DELETE'],
+ preprocessors=dict(GET_SINGLE=[check_auth]))
+application.register_blueprint(blueprint_article)
diff --git a/src/web/views/api/v3/common.py b/src/web/views/api/v3/common.py
new file mode 100644
index 00000000..f5bd2dea
--- /dev/null
+++ b/src/web/views/api/v3/common.py
@@ -0,0 +1,16 @@
+from flask.ext.login import current_user
+from web.controllers import ArticleController
+
+
+def is_authorized_to_modify(user, obj):
+ return user.id == obj.user_id
+
+
+def check_auth(instance_id=None, **kw):
+ # Check if the user is authorized to modify the specified
+ # instance of the model.
+ contr = ArticleController(current_user.id)
+ article = contr.get(id=instance_id)
+ if not is_authorized_to_modify(current_user, article):
+ raise ProcessingException(description='Not Authorized',
+ code=401)
bgstack15