class Base: def __init__(self, client): self.model = Token(client) def on_get(self, req, resp): if authorize_as(req.auth, 'developer'): resp.body = dumps(self.model.all()) else: raise HTTPUnauthorized('unauthorized', 'unauthorized') def on_post(self, req, resp): if authorize_as(req.auth, 'developer'): body = loads(req.stream.read().decode('utf-8')) created = self.model.create(body) resp.status = HTTP_201 resp.body = dumps({'id': created.inserted_id}) else: raise HTTPUnauthorized('unauthorized', 'unauthorized')