def _token_can_access(self): # we need to "fish" the event here because at this point _check_params # hasn't run yet event = Event.get_or_404(int(request.view_args['confId']), is_deleted=False) if not self.SERVICE_ALLOWED or not request.bearer_token: return False event_token = editing_settings.get(event, 'service_token') if request.bearer_token != event_token: raise Unauthorized('Invalid bearer token') return True
def _process_args(self): data = request.json self.object = None if 'categId' in data: self.object = Category.get_or_404(data['categId']) elif 'contribId' in data: self.object = Contribution.get_or_404(data['contribId']) elif 'sessionId' in data: self.object = Session.get_or_404(data['sessionId']) elif 'eventId' in data: self.object = Event.get_or_404(data['eventId']) if self.object is None: raise BadRequest