From cfec9b035f865ad7dfcfbee64ae62ae0cb457c2d Mon Sep 17 00:00:00 2001 From: Alexis Lahouze Date: Wed, 9 Dec 2015 22:54:05 +0100 Subject: [PATCH] Add authentication on view methods. --- accountant/api/views/accounts.py | 7 +++++++ accountant/api/views/operations.py | 9 +++++++++ 2 files changed, 16 insertions(+) diff --git a/accountant/api/views/accounts.py b/accountant/api/views/accounts.py index 6ad945b..d3b0508 100644 --- a/accountant/api/views/accounts.py +++ b/accountant/api/views/accounts.py @@ -28,6 +28,8 @@ from ..models.accounts import Account from ..fields import Object +from ..views.users import requires_auth + resource_fields = { 'id': fields.Integer(default=None), @@ -54,6 +56,7 @@ date_parser.add_argument('end', class AccountListResource(Resource): + @requires_auth @marshal_with_field(fields.List(Object(resource_fields))) def get(self): """ @@ -61,6 +64,7 @@ class AccountListResource(Resource): """ return Account.query().all(), 200 + @requires_auth @marshal_with_field(Object(resource_fields)) def post(self): """ @@ -88,6 +92,7 @@ class AccountListResource(Resource): class AccountResource(Resource): + @requires_auth @marshal_with_field(Object(resource_fields)) def get(self, account_id): """ @@ -104,6 +109,7 @@ class AccountResource(Resource): except NoResultFound: return None, 404 + @requires_auth @marshal_with_field(Object(resource_fields)) def delete(self, account_id): # Need to get the object to update it. @@ -116,6 +122,7 @@ class AccountResource(Resource): return None, 204 + @requires_auth @marshal_with_field(Object(resource_fields)) def post(self, account_id): kwargs = parser.parse_args() diff --git a/accountant/api/views/operations.py b/accountant/api/views/operations.py index 63c269b..8f023c8 100644 --- a/accountant/api/views/operations.py +++ b/accountant/api/views/operations.py @@ -26,6 +26,8 @@ from ..models.operations import Operation from ..fields import Object +from ..views.users import requires_auth + resource_fields = { 'id': fields.Integer(default=None), @@ -62,6 +64,7 @@ range_parser.add_argument('end', type=lambda a: dateutil.parser.parse(a)) class OperationListResource(Resource): + @requires_auth @marshal_with_field(fields.List(Object(resource_fields))) def get(self): kwargs = range_parser.parse_args() @@ -73,6 +76,7 @@ class OperationListResource(Resource): Operation.account_id == kwargs['account'] ).all() + @requires_auth @marshal_with_field(Object(resource_fields)) def post(self): kwargs = parser.parse_args() @@ -85,6 +89,7 @@ class OperationListResource(Resource): class OperationResource(Resource): + @requires_auth @marshal_with_field(Object(resource_fields)) def get(self, operation_id): """ @@ -97,6 +102,7 @@ class OperationResource(Resource): return operation + @requires_auth @marshal_with_field(Object(resource_fields)) def post(self, operation_id): kwargs = parser.parse_args() @@ -117,6 +123,7 @@ class OperationResource(Resource): return operation + @requires_auth @marshal_with_field(Object(resource_fields)) def delete(self, operation_id): operation = db.session.query(Operation).get(operation_id) @@ -137,6 +144,7 @@ category_resource_fields = { class CategoriesResource(Resource): + @requires_auth @marshal_with_field(fields.List(Object(category_resource_fields))) def get(self): kwargs = range_parser.parse_args() @@ -154,6 +162,7 @@ ohlc_resource_fields = { class SoldsResource(Resource): + @requires_auth @marshal_with_field(fields.List(Object(ohlc_resource_fields))) def get(self): kwargs = range_parser.parse_args()