def wrap(*args, **kwargs):
# If allow_user_permission is True, make sure the user has the appropriate permissions.
if allow_user_permission and _check_user_permission(required_access_tokens, current_user):
return func(*args, **kwargs)
# Check and obtain API key from DB
try:
key = ApiKey.objects(key=request.headers['ApiKey']).first()
except KeyError:
return {'error': [{'message': "no/invalid ApiKey header provided", 'identifier': "apikey_not_provided"}]}, 403
if key is None:
return {'error': [{'message': "no/invalid ApiKey header provided", 'identifier': "apikey_not_provided"}]}, 403
for access in required_access_tokens:
if access not in key.access:
return {'error': [{'message': "api key doesn't have access to '%s'" % access, 'identifier': "permission#%s" % access}]}, 403
# Check for the AsUser header, apply stuff to context
if 'AsUser' in request.headers or 'AsPlayer' in request.headers:
if 'api.as_user' not in key.access:
return {'error': [{'message': "api key doesn't have access to 'api.as_user', required for using the AsUser and AsPlayer headers", 'identifier': "permission#api.as_user"}]}, 403
if 'AsUser' in request.headers:
username = request.headers['AsUser']
# Obtain user from db
user = User.get_user_by_name(username)
if user is None and asuser_must_be_registered:
return {'error': [{'message': "the user specified in the AsUser header wasn't found", 'identifier': "asuser_not_found"}]}, 403
request.api_user_method = 'as_user'
request.api_user = user
request.api_user_name = username
elif 'AsPlayer' in request.headers:
uuid = request.headers['AsPlayer']
player = MinecraftPlayer.find_player(uuid)
if player is None:
return {'error': [{'message': "player uuid specified in AsPlayer header is not registered in database (has not logged in?)", 'identifier': "player_uuid_not_found"}]}, 403
user = User.get_user_by_uuid(player)
if user is None and asuser_must_be_registered:
return {'error': [{'message': "the uuid specified in the AsPlayer field is not owned by a website user", 'identifier': "asuser_not_found"}]}, 403
request.api_user_method = 'as_player'
request.api_user = user
request.api_user_name = user.name if user is not None else None
request.api_player = player
else:
request.api_user_method = 'key_owner'
request.api_user = key.owner
request.api_user_name = key.owner.name
return func(*args, **kwargs)
def wrap(*args, **kwargs):
# If allow_user_permission is True, make sure the user has the appropriate permissions.
if allow_user_permission and _check_user_permission(
required_access_tokens, current_user):
return func(*args, **kwargs)
# Check and obtain API key from DB
try:
key = ApiKey.objects(key=request.headers['ApiKey']).first()
except KeyError:
return {
'error': [{
'message': "no/invalid ApiKey header provided",
'identifier': "apikey_not_provided"
}]
}, 403
if key is None:
return {
'error': [{
'message': "no/invalid ApiKey header provided",
'identifier': "apikey_not_provided"
}]
}, 403
for access in required_access_tokens:
if access not in key.access:
return {
'error': [{
'message':
"api key doesn't have access to '%s'" % access,
'identifier':
"permission#%s" % access
}]
}, 403
# Check for the AsUser header, apply stuff to context
if 'AsUser' in request.headers or 'AsPlayer' in request.headers:
if 'api.as_user' not in key.access:
return {
'error': [{
'message':
"api key doesn't have access to 'api.as_user', required for using the AsUser and AsPlayer headers",
'identifier': "permission#api.as_user"
}]
}, 403
if 'AsUser' in request.headers:
username = request.headers['AsUser']
# Obtain user from db
user = User.get_user_by_name(username)
if user is None and asuser_must_be_registered:
return {
'error': [{
'message':
"the user specified in the AsUser header wasn't found",
'identifier': "asuser_not_found"
}]
}, 403
request.api_user_method = 'as_user'
request.api_user = user
request.api_user_name = username
elif 'AsPlayer' in request.headers:
uuid = request.headers['AsPlayer']
player = MinecraftPlayer.find_player(uuid)
if player is None:
return {
'error': [{
'message':
"player uuid specified in AsPlayer header is not registered in database (has not logged in?)",
'identifier': "player_uuid_not_found"
}]
}, 403
user = User.get_user_by_uuid(player)
if user is None and asuser_must_be_registered:
return {
'error': [{
'message':
"the uuid specified in the AsPlayer field is not owned by a website user",
'identifier': "asuser_not_found"
}]
}, 403
request.api_user_method = 'as_player'
request.api_user = user
request.api_user_name = user.name if user is not None else None
request.api_player = player
else:
request.api_user_method = 'key_owner'
request.api_user = key.owner
request.api_user_name = key.owner.name
return func(*args, **kwargs)
