Add authentication on view methods.
This commit is contained in:
parent
a49e00c8af
commit
cfec9b035f
@ -28,6 +28,8 @@ from ..models.accounts import Account
|
||||
|
||||
from ..fields import Object
|
||||
|
||||
from ..views.users import requires_auth
|
||||
|
||||
|
||||
resource_fields = {
|
||||
'id': fields.Integer(default=None),
|
||||
@ -54,6 +56,7 @@ date_parser.add_argument('end',
|
||||
|
||||
|
||||
class AccountListResource(Resource):
|
||||
@requires_auth
|
||||
@marshal_with_field(fields.List(Object(resource_fields)))
|
||||
def get(self):
|
||||
"""
|
||||
@ -61,6 +64,7 @@ class AccountListResource(Resource):
|
||||
"""
|
||||
return Account.query().all(), 200
|
||||
|
||||
@requires_auth
|
||||
@marshal_with_field(Object(resource_fields))
|
||||
def post(self):
|
||||
"""
|
||||
@ -88,6 +92,7 @@ class AccountListResource(Resource):
|
||||
|
||||
|
||||
class AccountResource(Resource):
|
||||
@requires_auth
|
||||
@marshal_with_field(Object(resource_fields))
|
||||
def get(self, account_id):
|
||||
"""
|
||||
@ -104,6 +109,7 @@ class AccountResource(Resource):
|
||||
except NoResultFound:
|
||||
return None, 404
|
||||
|
||||
@requires_auth
|
||||
@marshal_with_field(Object(resource_fields))
|
||||
def delete(self, account_id):
|
||||
# Need to get the object to update it.
|
||||
@ -116,6 +122,7 @@ class AccountResource(Resource):
|
||||
|
||||
return None, 204
|
||||
|
||||
@requires_auth
|
||||
@marshal_with_field(Object(resource_fields))
|
||||
def post(self, account_id):
|
||||
kwargs = parser.parse_args()
|
||||
|
@ -26,6 +26,8 @@ from ..models.operations import Operation
|
||||
|
||||
from ..fields import Object
|
||||
|
||||
from ..views.users import requires_auth
|
||||
|
||||
|
||||
resource_fields = {
|
||||
'id': fields.Integer(default=None),
|
||||
@ -62,6 +64,7 @@ range_parser.add_argument('end', type=lambda a: dateutil.parser.parse(a))
|
||||
|
||||
|
||||
class OperationListResource(Resource):
|
||||
@requires_auth
|
||||
@marshal_with_field(fields.List(Object(resource_fields)))
|
||||
def get(self):
|
||||
kwargs = range_parser.parse_args()
|
||||
@ -73,6 +76,7 @@ class OperationListResource(Resource):
|
||||
Operation.account_id == kwargs['account']
|
||||
).all()
|
||||
|
||||
@requires_auth
|
||||
@marshal_with_field(Object(resource_fields))
|
||||
def post(self):
|
||||
kwargs = parser.parse_args()
|
||||
@ -85,6 +89,7 @@ class OperationListResource(Resource):
|
||||
|
||||
|
||||
class OperationResource(Resource):
|
||||
@requires_auth
|
||||
@marshal_with_field(Object(resource_fields))
|
||||
def get(self, operation_id):
|
||||
"""
|
||||
@ -97,6 +102,7 @@ class OperationResource(Resource):
|
||||
|
||||
return operation
|
||||
|
||||
@requires_auth
|
||||
@marshal_with_field(Object(resource_fields))
|
||||
def post(self, operation_id):
|
||||
kwargs = parser.parse_args()
|
||||
@ -117,6 +123,7 @@ class OperationResource(Resource):
|
||||
|
||||
return operation
|
||||
|
||||
@requires_auth
|
||||
@marshal_with_field(Object(resource_fields))
|
||||
def delete(self, operation_id):
|
||||
operation = db.session.query(Operation).get(operation_id)
|
||||
@ -137,6 +144,7 @@ category_resource_fields = {
|
||||
|
||||
|
||||
class CategoriesResource(Resource):
|
||||
@requires_auth
|
||||
@marshal_with_field(fields.List(Object(category_resource_fields)))
|
||||
def get(self):
|
||||
kwargs = range_parser.parse_args()
|
||||
@ -154,6 +162,7 @@ ohlc_resource_fields = {
|
||||
|
||||
|
||||
class SoldsResource(Resource):
|
||||
@requires_auth
|
||||
@marshal_with_field(fields.List(Object(ohlc_resource_fields)))
|
||||
def get(self):
|
||||
kwargs = range_parser.parse_args()
|
||||
|
Loading…
Reference in New Issue
Block a user