johnnygear/gear-orders
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

@authorized_sub decorator

Browse source
This commit is contained in:
Johnny Gear 2026-01-30 11:14:41 -06:00
parent 183c2c4c3b
commit 8153b23b2a
1 changed files with 24 additions and 33 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

57
flask/api.py
View file

@ -1,3 +1,4 @@
from functools import wraps
from flask import Blueprint, jsonify, abort, request
from flask_login import current_user
from db.models import database, OrdersPool, Order, OrderAddOn
@ -15,18 +16,26 @@ def subs():
]
)
@api.route('/subs/<username>/sets')
def sub_order_sets(username):
try:
sub = user_get(username)
except:
abort(403)
return
if sub.telegram_username not in [dsu.sub.telegram_username for dsu in domsubusers_list(current_user.db_user)]:
abort(403)
return
def authorized_sub(func):
@wraps(func)
def wrapper(*args, **kwargs):
try:
sub = user_get(request.view_args['username'])
except:
abort(403)
return
if sub.telegram_username not in [dsu.sub.telegram_username for dsu in domsubusers_list(current_user.db_user)]:
abort(403)
return
kwargs['sub'] = sub
return func(*args, **kwargs)
return wrapper
@api.route('/subs/<username>/sets')
@authorized_sub
def sub_order_sets(username, sub):
return jsonify([
{
'id': op.id,
@ -44,17 +53,8 @@ def sub_order_sets(username):
])
@api.route('/subs/<username>/sets/', methods=['POST'])
def sub_order_set_create(username):
try:
sub = user_get(username)
except:
abort(403)
return
if sub.telegram_username not in [dsu.sub.telegram_username for dsu in domsubusers_list(current_user.db_user)]:
abort(403)
return
@authorized_sub
def sub_order_set_create(username, sub):
# Create new
with database.atomic() as transaction:
try:
@ -90,17 +90,8 @@ def sub_order_set_create(username):
return jsonify(new_order_pool.to_dict())
@api.route('/subs/<username>/sets/<set_id>', methods = ['GET', 'POST'])
def sub_order_set(username, set_id):
try:
sub = user_get(username)
except:
abort(403)
return
if sub.telegram_username not in [dsu.sub.telegram_username for dsu in domsubusers_list(current_user.db_user)]:
abort(403)
return
@authorized_sub
def sub_order_set(username, set_id, sub):
op = orders_pool(sub.id, set_id)
if request.method == 'POST':