diff options
Diffstat (limited to 'muck_poc')
-rwxr-xr-x | muck_poc | 15 |
1 files changed, 9 insertions, 6 deletions
@@ -79,23 +79,25 @@ class MuckAPI: r = muck.Request(method=bottle.request.method) r.add_headers(bottle.request.headers) if self._ac.request_is_allowed(r, req_method, [req_scope]): - return callback() + claims = self._ac.get_claims_from_token(r) + return callback(claims) logging.error('Access denied') return bottle.HTTPError(401) return check_authz - def _create_res(self): + def _create_res(self, claims): res = self._get_json_body() meta = { 'id': self._gen.new_id(), 'rev': self._gen.new_id(), + 'owner': claims.get('sub'), } create = muck.CreateChange(meta, res) self._store.change(create) return self._create_response(201, 'create', meta, res) - def _update_res(self): + def _update_res(self, claims): rid = self._get_resource_id() try: meta, _ = self._get_existing(rid) @@ -112,7 +114,7 @@ class MuckAPI: self._store.change(update) return self._create_response(200, 'change', meta, res) - def _show_res(self): + def _show_res(self, claims): rid = self._get_resource_id() try: meta, res = self._get_existing(rid) @@ -120,7 +122,7 @@ class MuckAPI: return e return self._create_response(200, 'show', meta, res) - def _delete_res(self): + def _delete_res(self, claims): rid = self._get_resource_id() try: meta, res = self._get_existing(rid) @@ -130,7 +132,7 @@ class MuckAPI: self._store.change(delete) return self._create_response(200, 'delete', meta, res) - def _search_res(self): + def _search_res(self, claims): body = self._get_json_body() cond = body.get('cond') ms = self._store.get_memory_store() @@ -174,6 +176,7 @@ class MuckAPI: return { 'Muck-ID': meta['id'], 'Muck-Revision': meta['rev'], + 'Muck-Owner': meta['owner'], } |