diff options
Diffstat (limited to 'muck_poc')
-rwxr-xr-x | muck_poc | 14 |
1 files changed, 14 insertions, 0 deletions
@@ -104,6 +104,9 @@ class MuckAPI: except bottle.HTTPError as e: return e + if not self._access_is_allowed(meta, claims): + return bottle.HTTPError(status=404) + rev = self._get_resource_revision() if meta['rev'] != rev: return bottle.HTTPError(status=400, body='Wrong revision') @@ -120,6 +123,10 @@ class MuckAPI: meta, res = self._get_existing(rid) except bottle.HTTPError as e: return e + + if not self._access_is_allowed(meta, claims): + return bottle.HTTPError(status=404) + return self._create_response(200, 'show', meta, res) def _delete_res(self, claims): @@ -128,6 +135,10 @@ class MuckAPI: meta, res = self._get_existing(rid) except bottle.HTTPError as e: return e + + if not self._access_is_allowed(meta, claims): + return bottle.HTTPError(status=404) + delete = muck.DeleteChange(meta, res) self._store.change(delete) return self._create_response(200, 'delete', meta, res) @@ -167,6 +178,9 @@ class MuckAPI: return ms[rid] + def _access_is_allowed(self, meta, claims): + return claims['sub'] == meta['owner'] + def _create_response(self, status, operation, meta, res): headers = self._meta_headers(meta) return bottle.HTTPResponse( |