From 2e2eee1cc691b91f475d33458a24315b2a313541 Mon Sep 17 00:00:00 2001
From: Cédric Bonhomme <cedric@cedricbonhomme.org>
Date: Tue, 26 Apr 2016 10:00:19 +0200
Subject: Improved the Web services processors.

---
 src/web/views/api/v3/common.py | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

(limited to 'src/web/views/api/v3/common.py')

diff --git a/src/web/views/api/v3/common.py b/src/web/views/api/v3/common.py
index bd20ad38..51e4e6be 100644
--- a/src/web/views/api/v3/common.py
+++ b/src/web/views/api/v3/common.py
@@ -25,9 +25,12 @@ def auth_func(*args, **kw):
         raise ProcessingException(description='Not authenticated!', code=401)
 
 class AbstractProcessor():
+    """Abstract processors for the Web services.
+    """
 
     def is_authorized(self, user, obj):
-        return user.id == obj.user_id
+        if user.id != obj.user_id:
+            raise ProcessingException(description='Not Authorized', code=401)
 
     def get_single_preprocessor(self, instance_id=None, **kw):
         # Check if the user is authorized to modify the specified
@@ -48,7 +51,14 @@ class AbstractProcessor():
 
         search_params["filters"].append(filt)
 
-    def post_put_preprocessor(self, data=None, **kw):
+    def post_preprocessor(self, data=None, **kw):
+        pass
+
+    def put_single_preprocessor(instance_id=None, data=None, **kw):
+        """Accepts two arguments, `instance_id`, the primary key of the
+        instance of the model to patch, and `data`, the dictionary of fields
+        to change on the instance.
+        """
         pass
 
     def delete_preprocessor(self, instance_id=None, **kw):
-- 
cgit