Home Explore Help
Sign In
bux
/
tracim
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

activate secure mode of the api + remove useless index/ methods for both secured and public api controllers

damien 11 years ago
parent
e18b191f42
commit
07865e2202
1 changed files with 4 additions and 26 deletions
Split View Show Diff Stats
  1. 4 26
      pboard/pboard/controllers/api.py

+ 4 - 26
pboard/pboard/controllers/api.py View File 

@@ -8,7 +8,7 @@ import Image as pil
8 8 
 import tg
9 9 
 from tg import expose, flash, require, url, lurl, request, redirect, tmpl_context
10 10 
 from tg.i18n import ugettext as _, lazy_ugettext as l_
11 
-from tg import predicates
11 
+from tg import predicates as tgp
12 12
13 13
14 14 
 from pboard.lib.base import BaseController
 
@@ -20,12 +20,6 @@ __all__ = ['PODPublicApiController', 'PODApiController']
20 20
21 21 
 class PODPublicApiController(BaseController):
22 22
23 
-    @expose('pboard.templates.index')
24 
-    def index(self):
25 
-        """Let the user know that's visiting a protected controller."""
26 
-        flash(_("Secure Controller here"))
27 
-        return dict(page='index')
28 
-
29 23 
     @expose()
30 24 
     def create_account(self, email=u'', password=u'', retyped_password=u'', **kw):
31 25 
       if email==u'' or password==u'' or retyped_password==u'':
 
@@ -54,15 +48,7 @@ class PODPublicApiController(BaseController):
54 48 
 class PODApiController(BaseController):
55 49 
     """Sample controller-wide authorization"""
56 50
57 
-    # The predicate that must be met for all the actions in this controller:
58 
-    # allow_only = has_permission('manage',
59 
-    #                             msg=l_('Only for people with the "manage" permission'))
60 
-
61 
-    @expose('pboard.templates.index')
62 
-    def index(self):
63 
-        """Let the user know that's visiting a protected controller."""
64 
-        flash(_("Secure Controller here"))
65 
-        return dict(page='index')
51 
+    allow_only = tgp.in_group('user', msg=l_('You need to login in order to access this ressource'))
66 52
67 53 
     @expose()
68 54 
     def create_event(self, parent_id=None, data_label=u'', data_datetime=None, data_content=u'', data_reminder_datetime=None, add_reminder=False, **kw):
 
@@ -210,15 +196,6 @@ class PODApiController(BaseController):
210 196 
       redirect(lurl('/document/%i'%(loNewNode.node_id)))
211 197
212 198 
     @expose()
213 
-    def edit_label(self, node_id, data_label):
214 
-      loCurrentUser   = pld.PODStaticController.getCurrentUser()
215 
-      loApiController = pld.PODUserFilteredApiController(loCurrentUser.user_id)
216 
-
217 
-      loNode = loApiController.getNode(node_id)
218 
-      loNode.data_label = data_label
219 
-      redirect(lurl('/document/%s'%(node_id)))
220 
-
221 
-    @expose()
222 199 
     def edit_status(self, node_id, node_status):
223 200 
       loCurrentUser   = pld.PODStaticController.getCurrentUser()
224 201 
       loApiController = pld.PODUserFilteredApiController(loCurrentUser.user_id)
 
@@ -228,11 +205,12 @@ class PODApiController(BaseController):
228 205 
       redirect(lurl('/document/%s'%(node_id)))
229 206
230 207 
     @expose()
231 
-    def edit_content(self, node_id, data_content, **kw):
208 
+    def edit_label_and_content(self, node_id, data_label, data_content):
232 209 
       loCurrentUser   = pld.PODStaticController.getCurrentUser()
233 210 
       loApiController = pld.PODUserFilteredApiController(loCurrentUser.user_id)
234 211
235 212 
       loNode = loApiController.getNode(node_id)
213 
+      loNode.data_label   = data_label
236 214 
       loNode.data_content = data_content
237 215 
       redirect(lurl('/document/%s'%(node_id)))
238 216