def get(self, marker=None, limit=None, target_type=None, target_id=None, user_id=None, sort_field='id', sort_dir='asc'): """Retrieve a list of subscriptions for the authorized user. Example:: curl https://my.example.org/api/v1/subscriptions \\ -H 'Authorization: Bearer MY_ACCESS_TOKEN' :param marker: The resource id where the page should begin. :param limit: The number of subscriptions to retrieve. :param target_type: The type of resource to search by. :param target_id: The unique ID of the resource to search by. :param user_id: The unique ID of the user to search by. :param sort_field: The name of the field to sort on. :param sort_dir: Sort direction for results (asc, desc). """ # Boundary check on limit. if limit is not None: limit = max(0, limit) # Sanity check on user_id current_user = user_api.user_get(request.current_user_id) if user_id != request.current_user_id \ and not current_user.is_superuser: user_id = request.current_user_id # Resolve the marker record. marker_sub = subscription_api.subscription_get(marker) subscriptions = subscription_api.subscription_get_all( marker=marker_sub, limit=limit, target_type=target_type, target_id=target_id, user_id=user_id, sort_field=sort_field, sort_dir=sort_dir) subscription_count = subscription_api.subscription_get_count( target_type=target_type, target_id=target_id, user_id=user_id) # Apply the query response headers. if limit: response.headers['X-Limit'] = str(limit) response.headers['X-Total'] = str(subscription_count) if marker_sub: response.headers['X-Marker'] = str(marker_sub.id) return [Subscription.from_db_model(s) for s in subscriptions]
def get_one(self, subscription_id): """Retrieve a specific subscription record. :param subscription_id: The unique id of this subscription. """ subscription = subscription_api.subscription_get(subscription_id) current_user = user_api.user_get(request.current_user_id) if subscription.user_id != request.current_user_id \ and not current_user.is_superuser: abort(403, _("You do not have access to this record.")) return Subscription.from_db_model(subscription)
def delete(self, subscription_id): """Delete a specific subscription. :param subscription_id: The unique id of the subscription to delete. """ subscription = subscription_api.subscription_get(subscription_id) # Sanity check on user_id current_user = user_api.user_get(request.current_user_id) if subscription.user_id != request.current_user_id \ and not current_user.is_superuser: abort(403, _("You can only remove your own subscriptions.")) subscription_api.subscription_delete(subscription_id)
def get_one(self, subscription_id): """Retrieve a specific subscription record. Example:: curl https://my.example.org/api/v1/subscriptions/4 \\ -H 'Authorization: Bearer MY_ACCESS_TOKEN' :param subscription_id: The unique id of this subscription. """ subscription = subscription_api.subscription_get(subscription_id) current_user = user_api.user_get(request.current_user_id) if subscription.user_id != request.current_user_id \ and not current_user.is_superuser: abort(403, _("You do not have access to this record.")) return Subscription.from_db_model(subscription)
def delete(self, subscription_id): """Delete a specific subscription. Example:: curl https://my.example.org/api/v1/subscriptions/10 -X DELETE \\ -H 'Authorization: Bearer MY_ACCESS_TOKEN' :param subscription_id: The unique id of the subscription to delete. """ subscription = subscription_api.subscription_get(subscription_id) # Sanity check on user_id current_user = user_api.user_get(request.current_user_id) if subscription.user_id != request.current_user_id \ and not current_user.is_superuser: abort(403, _("You can only remove your own subscriptions.")) subscription_api.subscription_delete(subscription_id)