blob: f5bd2deaf266d0d75218f78c4ffce3c81c7f60d6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
from flask.ext.login import current_user
from web.controllers import ArticleController
def is_authorized_to_modify(user, obj):
return user.id == obj.user_id
def check_auth(instance_id=None, **kw):
# Check if the user is authorized to modify the specified
# instance of the model.
contr = ArticleController(current_user.id)
article = contr.get(id=instance_id)
if not is_authorized_to_modify(current_user, article):
raise ProcessingException(description='Not Authorized',
code=401)
|
