def wrap(*args, **kwargs): # If allow_user_permission is True, make sure the user has the appropriate permissions. if allow_user_permission and _check_user_permission(required_access_tokens, current_user): return func(*args, **kwargs) # Check and obtain API key from DB try: key = ApiKey.objects(key=request.headers['ApiKey']).first() except KeyError: return {'error': [{'message': "no/invalid ApiKey header provided", 'identifier': "apikey_not_provided"}]}, 403 if key is None: return {'error': [{'message': "no/invalid ApiKey header provided", 'identifier': "apikey_not_provided"}]}, 403 for access in required_access_tokens: if access not in key.access: return {'error': [{'message': "api key doesn't have access to '%s'" % access, 'identifier': "permission#%s" % access}]}, 403 # Check for the AsUser header, apply stuff to context if 'AsUser' in request.headers or 'AsPlayer' in request.headers: if 'api.as_user' not in key.access: return {'error': [{'message': "api key doesn't have access to 'api.as_user', required for using the AsUser and AsPlayer headers", 'identifier': "permission#api.as_user"}]}, 403 if 'AsUser' in request.headers: username = request.headers['AsUser'] # Obtain user from db user = User.get_user_by_name(username) if user is None and asuser_must_be_registered: return {'error': [{'message': "the user specified in the AsUser header wasn't found", 'identifier': "asuser_not_found"}]}, 403 request.api_user_method = 'as_user' request.api_user = user request.api_user_name = username elif 'AsPlayer' in request.headers: uuid = request.headers['AsPlayer'] player = MinecraftPlayer.find_player(uuid) if player is None: return {'error': [{'message': "player uuid specified in AsPlayer header is not registered in database (has not logged in?)", 'identifier': "player_uuid_not_found"}]}, 403 user = User.get_user_by_uuid(player) if user is None and asuser_must_be_registered: return {'error': [{'message': "the uuid specified in the AsPlayer field is not owned by a website user", 'identifier': "asuser_not_found"}]}, 403 request.api_user_method = 'as_player' request.api_user = user request.api_user_name = user.name if user is not None else None request.api_player = player else: request.api_user_method = 'key_owner' request.api_user = key.owner request.api_user_name = key.owner.name return func(*args, **kwargs)
def wrap(*args, **kwargs): # If allow_user_permission is True, make sure the user has the appropriate permissions. if allow_user_permission and _check_user_permission( required_access_tokens, current_user): return func(*args, **kwargs) # Check and obtain API key from DB try: key = ApiKey.objects(key=request.headers['ApiKey']).first() except KeyError: return { 'error': [{ 'message': "no/invalid ApiKey header provided", 'identifier': "apikey_not_provided" }] }, 403 if key is None: return { 'error': [{ 'message': "no/invalid ApiKey header provided", 'identifier': "apikey_not_provided" }] }, 403 for access in required_access_tokens: if access not in key.access: return { 'error': [{ 'message': "api key doesn't have access to '%s'" % access, 'identifier': "permission#%s" % access }] }, 403 # Check for the AsUser header, apply stuff to context if 'AsUser' in request.headers or 'AsPlayer' in request.headers: if 'api.as_user' not in key.access: return { 'error': [{ 'message': "api key doesn't have access to 'api.as_user', required for using the AsUser and AsPlayer headers", 'identifier': "permission#api.as_user" }] }, 403 if 'AsUser' in request.headers: username = request.headers['AsUser'] # Obtain user from db user = User.get_user_by_name(username) if user is None and asuser_must_be_registered: return { 'error': [{ 'message': "the user specified in the AsUser header wasn't found", 'identifier': "asuser_not_found" }] }, 403 request.api_user_method = 'as_user' request.api_user = user request.api_user_name = username elif 'AsPlayer' in request.headers: uuid = request.headers['AsPlayer'] player = MinecraftPlayer.find_player(uuid) if player is None: return { 'error': [{ 'message': "player uuid specified in AsPlayer header is not registered in database (has not logged in?)", 'identifier': "player_uuid_not_found" }] }, 403 user = User.get_user_by_uuid(player) if user is None and asuser_must_be_registered: return { 'error': [{ 'message': "the uuid specified in the AsPlayer field is not owned by a website user", 'identifier': "asuser_not_found" }] }, 403 request.api_user_method = 'as_player' request.api_user = user request.api_user_name = user.name if user is not None else None request.api_player = player else: request.api_user_method = 'key_owner' request.api_user = key.owner request.api_user_name = key.owner.name return func(*args, **kwargs)