Add authentication on view methods.

This commit is contained in:
Alexis Lahouze 2015-12-09 22:54:05 +01:00
parent a49e00c8af
commit cfec9b035f
2 changed files with 16 additions and 0 deletions

View File

@ -28,6 +28,8 @@ from ..models.accounts import Account
from ..fields import Object from ..fields import Object
from ..views.users import requires_auth
resource_fields = { resource_fields = {
'id': fields.Integer(default=None), 'id': fields.Integer(default=None),
@ -54,6 +56,7 @@ date_parser.add_argument('end',
class AccountListResource(Resource): class AccountListResource(Resource):
@requires_auth
@marshal_with_field(fields.List(Object(resource_fields))) @marshal_with_field(fields.List(Object(resource_fields)))
def get(self): def get(self):
""" """
@ -61,6 +64,7 @@ class AccountListResource(Resource):
""" """
return Account.query().all(), 200 return Account.query().all(), 200
@requires_auth
@marshal_with_field(Object(resource_fields)) @marshal_with_field(Object(resource_fields))
def post(self): def post(self):
""" """
@ -88,6 +92,7 @@ class AccountListResource(Resource):
class AccountResource(Resource): class AccountResource(Resource):
@requires_auth
@marshal_with_field(Object(resource_fields)) @marshal_with_field(Object(resource_fields))
def get(self, account_id): def get(self, account_id):
""" """
@ -104,6 +109,7 @@ class AccountResource(Resource):
except NoResultFound: except NoResultFound:
return None, 404 return None, 404
@requires_auth
@marshal_with_field(Object(resource_fields)) @marshal_with_field(Object(resource_fields))
def delete(self, account_id): def delete(self, account_id):
# Need to get the object to update it. # Need to get the object to update it.
@ -116,6 +122,7 @@ class AccountResource(Resource):
return None, 204 return None, 204
@requires_auth
@marshal_with_field(Object(resource_fields)) @marshal_with_field(Object(resource_fields))
def post(self, account_id): def post(self, account_id):
kwargs = parser.parse_args() kwargs = parser.parse_args()

View File

@ -26,6 +26,8 @@ from ..models.operations import Operation
from ..fields import Object from ..fields import Object
from ..views.users import requires_auth
resource_fields = { resource_fields = {
'id': fields.Integer(default=None), 'id': fields.Integer(default=None),
@ -62,6 +64,7 @@ range_parser.add_argument('end', type=lambda a: dateutil.parser.parse(a))
class OperationListResource(Resource): class OperationListResource(Resource):
@requires_auth
@marshal_with_field(fields.List(Object(resource_fields))) @marshal_with_field(fields.List(Object(resource_fields)))
def get(self): def get(self):
kwargs = range_parser.parse_args() kwargs = range_parser.parse_args()
@ -73,6 +76,7 @@ class OperationListResource(Resource):
Operation.account_id == kwargs['account'] Operation.account_id == kwargs['account']
).all() ).all()
@requires_auth
@marshal_with_field(Object(resource_fields)) @marshal_with_field(Object(resource_fields))
def post(self): def post(self):
kwargs = parser.parse_args() kwargs = parser.parse_args()
@ -85,6 +89,7 @@ class OperationListResource(Resource):
class OperationResource(Resource): class OperationResource(Resource):
@requires_auth
@marshal_with_field(Object(resource_fields)) @marshal_with_field(Object(resource_fields))
def get(self, operation_id): def get(self, operation_id):
""" """
@ -97,6 +102,7 @@ class OperationResource(Resource):
return operation return operation
@requires_auth
@marshal_with_field(Object(resource_fields)) @marshal_with_field(Object(resource_fields))
def post(self, operation_id): def post(self, operation_id):
kwargs = parser.parse_args() kwargs = parser.parse_args()
@ -117,6 +123,7 @@ class OperationResource(Resource):
return operation return operation
@requires_auth
@marshal_with_field(Object(resource_fields)) @marshal_with_field(Object(resource_fields))
def delete(self, operation_id): def delete(self, operation_id):
operation = db.session.query(Operation).get(operation_id) operation = db.session.query(Operation).get(operation_id)
@ -137,6 +144,7 @@ category_resource_fields = {
class CategoriesResource(Resource): class CategoriesResource(Resource):
@requires_auth
@marshal_with_field(fields.List(Object(category_resource_fields))) @marshal_with_field(fields.List(Object(category_resource_fields)))
def get(self): def get(self):
kwargs = range_parser.parse_args() kwargs = range_parser.parse_args()
@ -154,6 +162,7 @@ ohlc_resource_fields = {
class SoldsResource(Resource): class SoldsResource(Resource):
@requires_auth
@marshal_with_field(fields.List(Object(ohlc_resource_fields))) @marshal_with_field(fields.List(Object(ohlc_resource_fields)))
def get(self): def get(self):
kwargs = range_parser.parse_args() kwargs = range_parser.parse_args()