def process_resource(self, req, resp, resource, params):
resource_name = resource.resource_name()
if VIEWS.get(resource_name) is None:
#todo: log request no needs authorization resource_name
return
roles = VIEWS.get(resource_name).get(req.method)
# Method not allowed or OPTIONS
if roles is None:
if req.method != "OPTIONS":
raise HTTPMethodNotAllowed(
description="Method not allowed for this resource",
allowed_methods=[])
return
# Public resource.
if ERoles.anonym in roles:
return
jwt_token = req.headers.get('AUTHORIZATION', None)
if jwt_token is None:
raise HTTPUnauthorized(
description="Please, send a Authorization token.")
payload = decode_jwt_token(jwt_token, "Authorization")
if is_user_token_exist(payload['sub'], jwt_token):
rol = ERoles(payload['rol'])
if rol in roles:
params['token'] = payload # Send JWT token to the Resource.
return
raise HTTPUnauthorized(
description="You can not access this resource.")
raise HTTPUnauthorized(description="This token is no longer valid.")
def delete(self, params, meta, **kwargs):
"""Not Implemented"""
raise HTTPMethodNotAllowed(self.allowed_methods())
def create_bulk(self, params, meta, **kwargs):
"""Not Implemented"""
raise HTTPMethodNotAllowed(self.allowed_methods())
async def on_get(self, req, res):
raise HTTPMethodNotAllowed(['POST'])