From 2e2eee1cc691b91f475d33458a24315b2a313541 Mon Sep 17 00:00:00 2001
From: Cédric Bonhomme <cedric@cedricbonhomme.org>
Date: Tue, 26 Apr 2016 10:00:19 +0200
Subject: Improved the Web services processors.

---
 src/web/views/api/v3/article.py | 30 +++++++++++++-----------------
 src/web/views/api/v3/common.py  | 14 ++++++++++++--
 src/web/views/api/v3/feed.py    | 10 +++++-----
 3 files changed, 30 insertions(+), 24 deletions(-)

(limited to 'src/web/views/api')

diff --git a/src/web/views/api/v3/article.py b/src/web/views/api/v3/article.py
index 49a9842e..657a4af1 100644
--- a/src/web/views/api/v3/article.py
+++ b/src/web/views/api/v3/article.py
@@ -8,34 +8,30 @@ from web.views.api.v3.common import AbstractProcessor
 from web.views.api.v3.common import url_prefix, auth_func
 
 class ArticleProcessor(AbstractProcessor):
+    """Concrete processors for the Article Web service.
+    """
+
     def get_single_preprocessor(self, instance_id=None, **kw):
-        # Check if the user is authorized to modify the specified
-        # instance of the model.
-        contr = ArticleController(current_user.id)
-        article = contr.get(id=instance_id)
-        if not self.is_authorized(current_user, article):
-            raise ProcessingException(description='Not Authorized', code=401)
-
-    def post_put_preprocessor(self, data=None, **kw):
+        article = ArticleController(current_user.id).get(id=instance_id)
+        self.is_authorized(current_user, article)
+
+    def post_preprocessor(self, data=None, **kw):
         data["user_id"] = current_user.id
 
-        fcontr = FeedController()
         try:
-            feed = fcontr.get(id=data["feed_id"])
+            feed = FeedController(current_user.id).get(id=data["feed_id"])
         except NotFound:
             raise ProcessingException(description='No such feed.', code=404)
+        self.is_authorized(current_user, feed)
 
         data["category_id"] = feed.category_id
 
     def delete_preprocessor(self, instance_id=None, **kw):
-        contr = ArticleController()
         try:
-            article = contr.get(id=instance_id)
+            article = ArticleController(current_user.id).get(id=instance_id)
         except NotFound:
             raise ProcessingException(description='No such article.', code=404)
-        if article.user_id != current_user.id:
-            raise ProcessingException(description='Not Authorized', code=401)
-
+        self.is_authorized(current_user, article)
 
 article_processor = ArticleProcessor()
 
@@ -47,9 +43,9 @@ blueprint_article = manager.create_api_blueprint(models.Article,
                             GET_MANY=[auth_func,
                                     article_processor.get_many_preprocessor],
                             POST=[auth_func,
-                                    article_processor.post_put_preprocessor],
+                                    article_processor.post_preprocessor],
                             PUT_SINGLE=[auth_func,
-                                    article_processor.post_put_preprocessor],
+                                    article_processor.put_single_preprocessor],
                             DELETE=[auth_func,
                                     article_processor.delete_preprocessor]))
 application.register_blueprint(blueprint_article)
diff --git a/src/web/views/api/v3/common.py b/src/web/views/api/v3/common.py
index bd20ad38..51e4e6be 100644
--- a/src/web/views/api/v3/common.py
+++ b/src/web/views/api/v3/common.py
@@ -25,9 +25,12 @@ def auth_func(*args, **kw):
         raise ProcessingException(description='Not authenticated!', code=401)
 
 class AbstractProcessor():
+    """Abstract processors for the Web services.
+    """
 
     def is_authorized(self, user, obj):
-        return user.id == obj.user_id
+        if user.id != obj.user_id:
+            raise ProcessingException(description='Not Authorized', code=401)
 
     def get_single_preprocessor(self, instance_id=None, **kw):
         # Check if the user is authorized to modify the specified
@@ -48,7 +51,14 @@ class AbstractProcessor():
 
         search_params["filters"].append(filt)
 
-    def post_put_preprocessor(self, data=None, **kw):
+    def post_preprocessor(self, data=None, **kw):
+        pass
+
+    def put_single_preprocessor(instance_id=None, data=None, **kw):
+        """Accepts two arguments, `instance_id`, the primary key of the
+        instance of the model to patch, and `data`, the dictionary of fields
+        to change on the instance.
+        """
         pass
 
     def delete_preprocessor(self, instance_id=None, **kw):
diff --git a/src/web/views/api/v3/feed.py b/src/web/views/api/v3/feed.py
index a97aa415..bf1d376f 100644
--- a/src/web/views/api/v3/feed.py
+++ b/src/web/views/api/v3/feed.py
@@ -6,14 +6,14 @@ from web.views.api.v3.common import AbstractProcessor
 from web.views.api.v3.common import url_prefix, auth_func
 
 class FeedProcessor(AbstractProcessor):
+    """Concrete processors for the Feed Web service.
+    """
+
     def get_single_preprocessor(self, instance_id=None, **kw):
         # Check if the user is authorized to modify the specified
         # instance of the model.
-        contr = FeedController(current_user.id)
-        feed = contr.get(id=instance_id)
-        if not self.is_authorized(current_user, feed):
-            raise ProcessingException(description='Not Authorized', code=401)
-
+        feed = FeedController(current_user.id).get(id=instance_id)
+        self.is_authorized(current_user, feed)
 
 feed_processor = FeedProcessor()
 
-- 
cgit