From c556f75bb700d460f6ddf46daf110ffbba49e42e Mon Sep 17 00:00:00 2001 From: Cédric Bonhomme Date: Thu, 7 Apr 2016 13:46:35 +0200 Subject: Fixed a bug for non-administor users. --- src/web/models/article.py | 10 ++++++++++ src/web/models/feed.py | 10 ++++++++++ src/web/models/right_mixin.py | 8 ++++---- src/web/models/user.py | 8 ++++++++ 4 files changed, 32 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/web/models/article.py b/src/web/models/article.py index d3c0bed2..0ab35b20 100644 --- a/src/web/models/article.py +++ b/src/web/models/article.py @@ -49,6 +49,16 @@ class Article(db.Model, RightMixin): feed_id = db.Column(db.Integer(), db.ForeignKey('feed.id')) category_id = db.Column(db.Integer(), db.ForeignKey('category.id')) + # api whitelists + @staticmethod + def _fields_base_write(): + return {'readed', 'like', 'feed_id', 'category_id'} + + @staticmethod + def _fields_base_read(): + return {'id', 'entry_id', 'link', 'title', 'content', 'date', + 'retrieved_date', 'user_id'} + def previous_article(self): """ Returns the previous article (older). diff --git a/src/web/models/feed.py b/src/web/models/feed.py index ba9255e9..cc734c41 100644 --- a/src/web/models/feed.py +++ b/src/web/models/feed.py @@ -62,5 +62,15 @@ class Feed(db.Model, RightMixin): cascade='all,delete-orphan', order_by=desc("date")) + # api whitelists + @staticmethod + def _fields_base_write(): + return {'title', 'description', 'link', 'site_link', 'enabled', + 'filters', 'last_error', 'error_count', 'category_id'} + + @staticmethod + def _fields_base_read(): + return {'id', 'user_id', 'icon_url', 'last_retrieved'} + def __repr__(self): return '' % (self.title) diff --git a/src/web/models/right_mixin.py b/src/web/models/right_mixin.py index c4d92008..6b2f1b67 100644 --- a/src/web/models/right_mixin.py +++ b/src/web/models/right_mixin.py @@ -2,19 +2,19 @@ class RightMixin: @staticmethod def _fields_base_write(): - return {} + return set() @staticmethod def _fields_base_read(): - return {'id'} + return set(['id']) @staticmethod def _fields_api_write(): - return {} + return set([]) @staticmethod def _fields_api_read(): - return {'id'} + return set(['id']) @classmethod def fields_base_write(cls): diff --git a/src/web/models/user.py b/src/web/models/user.py index 4174cb0f..8ad9440b 100644 --- a/src/web/models/user.py +++ b/src/web/models/user.py @@ -56,6 +56,14 @@ class User(db.Model, UserMixin, RightMixin): is_admin = db.Column(db.Boolean(), default=False) is_api = db.Column(db.Boolean(), default=False) + @staticmethod + def _fields_base_write(): + return {'login', 'password', 'email'} + + @staticmethod + def _fields_base_read(): + return {'date_created', 'last_connection'} + @staticmethod def make_valid_nickname(nickname): return re.sub('[^a-zA-Z0-9_\.]', '', nickname) -- cgit