From 2e2eee1cc691b91f475d33458a24315b2a313541 Mon Sep 17 00:00:00 2001
From: Cédric Bonhomme <cedric@cedricbonhomme.org>
Date: Tue, 26 Apr 2016 10:00:19 +0200
Subject: Improved the Web services processors.

---
 src/web/views/api/v3/article.py | 30 +++++++++++++-----------------
 1 file changed, 13 insertions(+), 17 deletions(-)

(limited to 'src/web/views/api/v3/article.py')

diff --git a/src/web/views/api/v3/article.py b/src/web/views/api/v3/article.py
index 49a9842e..657a4af1 100644
--- a/src/web/views/api/v3/article.py
+++ b/src/web/views/api/v3/article.py
@@ -8,34 +8,30 @@ from web.views.api.v3.common import AbstractProcessor
 from web.views.api.v3.common import url_prefix, auth_func
 
 class ArticleProcessor(AbstractProcessor):
+    """Concrete processors for the Article Web service.
+    """
+
     def get_single_preprocessor(self, instance_id=None, **kw):
-        # Check if the user is authorized to modify the specified
-        # instance of the model.
-        contr = ArticleController(current_user.id)
-        article = contr.get(id=instance_id)
-        if not self.is_authorized(current_user, article):
-            raise ProcessingException(description='Not Authorized', code=401)
-
-    def post_put_preprocessor(self, data=None, **kw):
+        article = ArticleController(current_user.id).get(id=instance_id)
+        self.is_authorized(current_user, article)
+
+    def post_preprocessor(self, data=None, **kw):
         data["user_id"] = current_user.id
 
-        fcontr = FeedController()
         try:
-            feed = fcontr.get(id=data["feed_id"])
+            feed = FeedController(current_user.id).get(id=data["feed_id"])
         except NotFound:
             raise ProcessingException(description='No such feed.', code=404)
+        self.is_authorized(current_user, feed)
 
         data["category_id"] = feed.category_id
 
     def delete_preprocessor(self, instance_id=None, **kw):
-        contr = ArticleController()
         try:
-            article = contr.get(id=instance_id)
+            article = ArticleController(current_user.id).get(id=instance_id)
         except NotFound:
             raise ProcessingException(description='No such article.', code=404)
-        if article.user_id != current_user.id:
-            raise ProcessingException(description='Not Authorized', code=401)
-
+        self.is_authorized(current_user, article)
 
 article_processor = ArticleProcessor()
 
@@ -47,9 +43,9 @@ blueprint_article = manager.create_api_blueprint(models.Article,
                             GET_MANY=[auth_func,
                                     article_processor.get_many_preprocessor],
                             POST=[auth_func,
-                                    article_processor.post_put_preprocessor],
+                                    article_processor.post_preprocessor],
                             PUT_SINGLE=[auth_func,
-                                    article_processor.post_put_preprocessor],
+                                    article_processor.put_single_preprocessor],
                             DELETE=[auth_func,
                                     article_processor.delete_preprocessor]))
 application.register_blueprint(blueprint_article)
-- 
cgit