def view_annotation(id, format=None): ann = Annotation.fetch(id) if ann is None: return abort(404) if g.authorize(ann, 'read', g.user): if ann['consumer'] == 'annotateit': user = User.fetch(ann['user']) else: user = None return {'annotation': ann, 'user': user} abort(401)
def update_annotation(id): annotation = Annotation.fetch(id) if not annotation: return jsonify("Annotation not found! No update performed.", status=404) failure = _check_action(annotation, "update", g.user, g.consumer) if failure: return failure if request.json: updated = _filter_input(request.json, UPDATE_FILTER_FIELDS) updated["id"] = id # use id from URL, regardless of what arrives in JSON payload if "permissions" in updated and updated["permissions"] != annotation.get("permissions", {}): if not g.authorize(annotation, "admin", g.user.username, g.consumer.key): return _failed_authz_response("permissions update") annotation.update(updated) annotation.save() return jsonify(annotation)
def _check_action(annotation, action, message=''): if not g.authorize(annotation, action, g.user): return _failed_authz_response(message)
def _check_action(annotation, action, message=''): print("[store.py, check_action], annotation:" + str(annotation)) print("[store.py, check_action], action:" + str(action)) if not g.authorize(annotation, action, g.user): return _failed_authz_response(message)
def _check_action(annotation, action, user, consumer): if not user or not consumer or not g.authorize(annotation, action, user.username, consumer.key): return _failed_authz_response() if user and not g.auth.verify_request(request): return _failed_auth_response()
def _check_action(annotation, action, message=''): consumer, user = g.auth.request_credentials(request) if not g.authorize(annotation, action, user, consumer): return _failed_authz_response(message)