diff options
Diffstat (limited to 'src/web')
-rw-r--r-- | src/web/views/__init__.py | 4 | ||||
-rw-r--r-- | src/web/views/api/v3/__init__.py | 3 | ||||
-rw-r--r-- | src/web/views/api/v3/article.py | 9 | ||||
-rw-r--r-- | src/web/views/api/v3/common.py | 16 |
4 files changed, 30 insertions, 2 deletions
diff --git a/src/web/views/__init__.py b/src/web/views/__init__.py index 4af8975b..1ca5c473 100644 --- a/src/web/views/__init__.py +++ b/src/web/views/__init__.py @@ -1,4 +1,4 @@ -from web.views.api import v2 +from web.views.api import v2, v3 from web.views import views, home, session_mgmt from web.views.article import article_bp, articles_bp from web.views.feed import feed_bp, feeds_bp @@ -7,7 +7,7 @@ from web.views.icon import icon_bp from web.views.admin import admin_bp from web.views.user import user_bp, users_bp -__all__ = ['views', 'home', 'session_mgmt', 'v2', +__all__ = ['views', 'home', 'session_mgmt', 'v2', 'v3', 'article_bp', 'articles_bp', 'feed_bp', 'feeds_bp', 'category_bp', 'categories_bp', 'icon_bp', 'admin_bp', 'user_bp', 'users_bp'] diff --git a/src/web/views/api/v3/__init__.py b/src/web/views/api/v3/__init__.py index e69de29b..76aa1f19 100644 --- a/src/web/views/api/v3/__init__.py +++ b/src/web/views/api/v3/__init__.py @@ -0,0 +1,3 @@ +from web.views.api.v3 import article + +__all__ = ['article'] diff --git a/src/web/views/api/v3/article.py b/src/web/views/api/v3/article.py new file mode 100644 index 00000000..2f276170 --- /dev/null +++ b/src/web/views/api/v3/article.py @@ -0,0 +1,9 @@ +from web import models +from bootstrap import application, manager +from web.views.api.v3.common import check_auth + + +blueprint_article = manager.create_api_blueprint(models.Article, + methods=['GET', 'POST', 'PUT', 'DELETE'], + preprocessors=dict(GET_SINGLE=[check_auth])) +application.register_blueprint(blueprint_article) diff --git a/src/web/views/api/v3/common.py b/src/web/views/api/v3/common.py new file mode 100644 index 00000000..f5bd2dea --- /dev/null +++ b/src/web/views/api/v3/common.py @@ -0,0 +1,16 @@ +from flask.ext.login import current_user +from web.controllers import ArticleController + + +def is_authorized_to_modify(user, obj): + return user.id == obj.user_id + + +def check_auth(instance_id=None, **kw): + # Check if the user is authorized to modify the specified + # instance of the model. + contr = ArticleController(current_user.id) + article = contr.get(id=instance_id) + if not is_authorized_to_modify(current_user, article): + raise ProcessingException(description='Not Authorized', + code=401) |