def _token_can_access(self):
# we need to "fish" the event here because at this point _check_params
# hasn't run yet
event = Event.get_or_404(int(request.view_args['confId']),
is_deleted=False)
if not self.SERVICE_ALLOWED or not request.bearer_token:
return False
event_token = editing_settings.get(event, 'service_token')
if request.bearer_token != event_token:
raise Unauthorized('Invalid bearer token')
return True
def _process_args(self):
data = request.json
self.object = None
if 'categId' in data:
self.object = Category.get_or_404(data['categId'])
elif 'contribId' in data:
self.object = Contribution.get_or_404(data['contribId'])
elif 'sessionId' in data:
self.object = Session.get_or_404(data['sessionId'])
elif 'eventId' in data:
self.object = Event.get_or_404(data['eventId'])
if self.object is None:
raise BadRequest
