From b343dc73e5ea4aaf1314b6b277c3806f15ac0635 Mon Sep 17 00:00:00 2001
From: François Schmidts <francois.schmidts@gmail.com>
Date: Wed, 8 Apr 2015 12:33:40 +0200
Subject: moving feed views related code in views.feed and massive use of
 url_for

---
 pyaggr3g470r/controllers/abstract.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'pyaggr3g470r/controllers')

diff --git a/pyaggr3g470r/controllers/abstract.py b/pyaggr3g470r/controllers/abstract.py
index f1173817..8f0a8e3f 100644
--- a/pyaggr3g470r/controllers/abstract.py
+++ b/pyaggr3g470r/controllers/abstract.py
@@ -56,8 +56,8 @@ class AbstractController(object):
         if not obj:
             raise NotFound({'message': 'No %r (%r)'
                                 % (self._db_cls.__class__.__name__, filters)})
-        if self.user_id is not None \
-                and getattr(obj, self._user_id_key) != self.user_id:
+
+        if not self._has_right_on(obj):
             raise Forbidden({'message': 'No authorized to access %r (%r)'
                                 % (self._db_cls.__class__.__name__, filters)})
         return obj
@@ -84,3 +84,8 @@ class AbstractController(object):
         db.session.delete(obj)
         db.session.commit()
         return obj
+
+    def _has_right_on(self, obj):
+        # user_id == None is like being admin
+        return self.user_id is None \
+                or getattr(obj, self._user_id_key, None) == self.user_id
-- 
cgit 


From 5dfa537113c65a0596589c3683f7dba69323e8a7 Mon Sep 17 00:00:00 2001
From: François Schmidts <francois.schmidts@gmail.com>
Date: Wed, 8 Apr 2015 14:52:14 +0200
Subject: getting things out of the view a little more

---
 pyaggr3g470r/controllers/article.py | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'pyaggr3g470r/controllers')

diff --git a/pyaggr3g470r/controllers/article.py b/pyaggr3g470r/controllers/article.py
index 46ca0988..0ec53a2f 100644
--- a/pyaggr3g470r/controllers/article.py
+++ b/pyaggr3g470r/controllers/article.py
@@ -1,3 +1,6 @@
+from sqlalchemy import func
+
+from bootstrap import db
 import conf
 from .abstract import AbstractController
 from pyaggr3g470r.models import Article
@@ -25,3 +28,9 @@ class ArticleController(AbstractController):
             if self.read(**id_).first():
                 continue
             yield id_
+
+    def get_unread(self):
+        return dict(db.session.query(Article.feed_id, func.count(Article.id))
+                       .filter(Article.readed == False,
+                               Article.user_id == self.user_id)
+                       .group_by(Article.feed_id).all())
-- 
cgit