def wrapper(**kwargs):
try:
request_args = request.get_json() or {}
except werkzeug.exceptions.BadRequest as e:
# This could happen if the body is empty
raise errors.BadRequest(e.description)
if request.method == "GET":
request_args = request.args.to_dict()
parsed_args, args_errors = schema.load(request_args)
if args_errors:
raise errors.BadRequest(args_errors)
kwargs["args"] = parsed_args
return f(**kwargs)
def delete_item(category, item, user):
# The category of the item should match the given category
if item.category != category:
raise errors.BadRequest()
item.delete()
return jsonify({}), 204
def wrapper(*args, **kwargs):
user = kwargs.get("user")
item = kwargs.get("item")
if not (user and item):
raise errors.BadRequest()
if user.id != item.user.id:
raise errors.Forbidden()
return f(*args, **kwargs)
def wrapper(**kwargs):
if "Authorization" not in request.headers:
raise errors.BadRequest()
access_token = request.headers["Authorization"][
len(AUTH_HEADER_VALUE_PREFIX):]
access_token_decoded = decode(access_token)
if access_token_decoded is None:
raise errors.Unauthorized(INVALID_TOKEN_MESSAGE)
user_id = access_token_decoded.get("user_id")
nonce = access_token_decoded.get("nonce")
user = User.get_by_id(user_id)
if user is None or user.access_token_nonce != nonce:
raise errors.Unauthorized(INVALID_TOKEN_MESSAGE)
kwargs["user"] = user
return f(**kwargs)
def get_item(category, item):
# The category of the item should match the given category
if item.category != category:
raise errors.BadRequest()
return ItemSchema().jsonify(item)