alahouze
/
accountant
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add authentication on view methods.

This commit is contained in:
Alexis Lahouze 2015-12-09 22:54:05 +01:00
parent a49e00c8af
commit cfec9b035f
2 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
accountant/api/views/accounts.py
View File

@ -28,6 +28,8 @@ from ..models.accounts import Account
from ..fields import Object
from ..views.users import requires_auth
resource_fields = {
'id': fields.Integer(default=None),
@ -54,6 +56,7 @@ date_parser.add_argument('end',
class AccountListResource(Resource):
@requires_auth
@marshal_with_field(fields.List(Object(resource_fields)))
def get(self):
"""
@ -61,6 +64,7 @@ class AccountListResource(Resource):
"""
return Account.query().all(), 200
@requires_auth
@marshal_with_field(Object(resource_fields))
def post(self):
"""
@ -88,6 +92,7 @@ class AccountListResource(Resource):
class AccountResource(Resource):
@requires_auth
@marshal_with_field(Object(resource_fields))
def get(self, account_id):
"""
@ -104,6 +109,7 @@ class AccountResource(Resource):
except NoResultFound:
return None, 404
@requires_auth
@marshal_with_field(Object(resource_fields))
def delete(self, account_id):
# Need to get the object to update it.
@ -116,6 +122,7 @@ class AccountResource(Resource):
return None, 204
@requires_auth
@marshal_with_field(Object(resource_fields))
def post(self, account_id):
kwargs = parser.parse_args()

9
accountant/api/views/operations.py
View File

@ -26,6 +26,8 @@ from ..models.operations import Operation
from ..fields import Object
from ..views.users import requires_auth
resource_fields = {
'id': fields.Integer(default=None),
@ -62,6 +64,7 @@ range_parser.add_argument('end', type=lambda a: dateutil.parser.parse(a))
class OperationListResource(Resource):
@requires_auth
@marshal_with_field(fields.List(Object(resource_fields)))
def get(self):
kwargs = range_parser.parse_args()
@ -73,6 +76,7 @@ class OperationListResource(Resource):
Operation.account_id == kwargs['account']
).all()
@requires_auth
@marshal_with_field(Object(resource_fields))
def post(self):
kwargs = parser.parse_args()
@ -85,6 +89,7 @@ class OperationListResource(Resource):
class OperationResource(Resource):
@requires_auth
@marshal_with_field(Object(resource_fields))
def get(self, operation_id):
"""
@ -97,6 +102,7 @@ class OperationResource(Resource):
return operation
@requires_auth
@marshal_with_field(Object(resource_fields))
def post(self, operation_id):
kwargs = parser.parse_args()
@ -117,6 +123,7 @@ class OperationResource(Resource):
return operation
@requires_auth
@marshal_with_field(Object(resource_fields))
def delete(self, operation_id):
operation = db.session.query(Operation).get(operation_id)
@ -137,6 +144,7 @@ category_resource_fields = {
class CategoriesResource(Resource):
@requires_auth
@marshal_with_field(fields.List(Object(category_resource_fields)))
def get(self):
kwargs = range_parser.parse_args()
@ -154,6 +162,7 @@ ohlc_resource_fields = {
class SoldsResource(Resource):
@requires_auth
@marshal_with_field(fields.List(Object(ohlc_resource_fields)))
def get(self):
kwargs = range_parser.parse_args()