From 8f4418c2b0b1027032594bf8d02e68bcc0ad6316 Mon Sep 17 00:00:00 2001 From: Cédric Bonhomme Date: Tue, 19 Apr 2016 22:10:52 +0200 Subject: Added a blueprint for the Flask-Restless feed api. --- src/web/views/api/v3/article.py | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) (limited to 'src/web/views/api/v3/article.py') diff --git a/src/web/views/api/v3/article.py b/src/web/views/api/v3/article.py index ebd15d24..1f6e757a 100644 --- a/src/web/views/api/v3/article.py +++ b/src/web/views/api/v3/article.py @@ -1,14 +1,29 @@ +from flask.ext.login import current_user from web import models from bootstrap import application, manager +from web.controllers import ArticleController +from web.views.api.v3.common import AbstractProcessor from web.views.api.v3.common import url_prefix, auth_func -from web.views.api.v3.common import get_single_preprocessor, get_many_preprocessor +class ArticleProcessor(AbstractProcessor): + def get_single_preprocessor(self, instance_id=None, **kw): + # Check if the user is authorized to modify the specified + # instance of the model. + contr = ArticleController(current_user.id) + article = contr.get(id=instance_id) + if not self.is_authorized_to_modify(current_user, article): + raise ProcessingException(description='Not Authorized', code=401) + + +article_processor = ArticleProcessor() blueprint_article = manager.create_api_blueprint(models.Article, url_prefix=url_prefix, methods=['GET', 'POST', 'PUT', 'DELETE'], - preprocessors=dict(GET_SINGLE=[auth_func, get_single_preprocessor], - GET_MANY=[auth_func, get_many_preprocessor], + preprocessors=dict(GET_SINGLE=[auth_func, + article_processor.get_single_preprocessor], + GET_MANY=[auth_func, + article_processor.get_many_preprocessor], PUT_SINGLE=[auth_func], POST=[auth_func], DELETE=[auth_func])) -- cgit