resource impl
This commit is contained in:
@@ -1 +1,18 @@
|
||||
#api/__init__.py
|
||||
#api/__init__.py
|
||||
|
||||
from functools import wraps
|
||||
from flask import jsonify, session
|
||||
|
||||
|
||||
def require_auth(roles=[]):
|
||||
def decorator(func):
|
||||
@wraps(func)
|
||||
def wrapper(*args, **kwargs):
|
||||
user = session.get('user')
|
||||
if not user:
|
||||
return jsonify({"error": "Unauthorized"}), 401
|
||||
if user.get('role') not in roles:
|
||||
return jsonify({"error": "Forbidden, permission denied"}), 403
|
||||
return func(*args, **kwargs)
|
||||
return wrapper
|
||||
return decorator
|
||||
@@ -1,6 +1,7 @@
|
||||
#api/auth.py
|
||||
from flask import Blueprint, session, redirect, url_for, jsonify
|
||||
from authlib.integrations.flask_client import OAuth
|
||||
from contexts.RequestContext import RequestContext
|
||||
import env_provider
|
||||
import logging
|
||||
logger = logging.getLogger(__name__)
|
||||
@@ -29,7 +30,8 @@ def authorize():
|
||||
return jsonify({"message": "login successful", "user": user_info})
|
||||
except Exception as e:
|
||||
logger.error(f"Authorization failed: {str(e)}")
|
||||
return jsonify({"error": "Authorization failed"}), 401
|
||||
errno = RequestContext.get_error_id()
|
||||
return jsonify({"error": f"Authorization failed - {errno}"}), 401
|
||||
@auth_bp.route('/logout', methods=['GET'])
|
||||
def logout():
|
||||
u = session.pop('user', None)
|
||||
|
||||
@@ -1,5 +1,8 @@
|
||||
#api/markdown.py
|
||||
from flask import Blueprint, request, jsonify
|
||||
|
||||
from api import require_auth
|
||||
from contexts.RequestContext import RequestContext
|
||||
from db import get_db
|
||||
from db.models.Markdown import Markdown
|
||||
import logging
|
||||
@@ -16,6 +19,7 @@ def get_markdown(markdown_id):
|
||||
return jsonify(markdown.to_dict())
|
||||
|
||||
@markdown_bp.route('/', methods=['POST'])
|
||||
@require_auth(roles=['admin', 'creator'])
|
||||
def create_markdown():
|
||||
data = request.json
|
||||
title = data.get('title')
|
||||
@@ -31,10 +35,12 @@ def create_markdown():
|
||||
return jsonify(new_markdown.to_dict()), 201
|
||||
except Exception as e:
|
||||
logger.error(f"failed to create markdown: {e}")
|
||||
errno = RequestContext.get_error_id()
|
||||
db.rollback()
|
||||
return jsonify({"error": "create failed"}), 500
|
||||
return jsonify({"error": f"create failed - {errno}"}), 500
|
||||
|
||||
@markdown_bp.route('/<int:markdown_id>', methods=['PUT'])
|
||||
@require_auth(roles=['admin', 'creator'])
|
||||
def update_markdown(markdown_id):
|
||||
with get_db() as db:
|
||||
markdown = db.query(Markdown).get(markdown_id)
|
||||
@@ -48,11 +54,14 @@ def update_markdown(markdown_id):
|
||||
return jsonify(markdown.to_dict()), 200
|
||||
|
||||
@markdown_bp.route('/<int:markdown_id>', methods=['DELETE'])
|
||||
@require_auth(roles=['admin'])
|
||||
def delete_markdown(markdown_id):
|
||||
with get_db() as db:
|
||||
markdown = db.query(Markdown).get(markdown_id)
|
||||
if markdown is None:
|
||||
return jsonify({"error": "file not found"}), 404
|
||||
logger.error(f"failed to delete markdown: {markdown_id}")
|
||||
errno = RequestContext.get_error_id()
|
||||
return jsonify({"error": f"file not found - {errno}"}), 404
|
||||
db.delete(markdown)
|
||||
db.commit()
|
||||
return jsonify({"message": "deleted"}), 200
|
||||
53
api/resource.py
Normal file
53
api/resource.py
Normal file
@@ -0,0 +1,53 @@
|
||||
#api/resource.py
|
||||
from flask import Blueprint, jsonify, request
|
||||
|
||||
from contexts.RequestContext import RequestContext
|
||||
from db import get_db
|
||||
from db.models.Resource import Resource
|
||||
from api import require_auth
|
||||
import logging
|
||||
resource_bp = Blueprint('resource', __name__, url_prefix='/api/resource')
|
||||
logger = logging.getLogger(__name__)
|
||||
@resource_bp.route('/<identifier>', methods=['GET'])
|
||||
def get_resource(identifier):
|
||||
with get_db() as db:
|
||||
resource = db.query(Resource).get(identifier)
|
||||
if resource is None:
|
||||
logger.error(f"resource not found: {identifier}")
|
||||
errno = RequestContext.get_error_id()
|
||||
return jsonify({"error": f"resource not found - {errno}"}), 404
|
||||
return jsonify(resource.to_dict()), 200
|
||||
|
||||
@resource_bp.route('/', methods=['POST'])
|
||||
@require_auth(roles=["admin", "creator"])
|
||||
def create_resource():
|
||||
data = request.get_json()
|
||||
identifier = data.get('id')
|
||||
content = data.get('content')
|
||||
data_type = data.get('data_type')
|
||||
if not identifier or not content or not data_type:
|
||||
return jsonify({"error": "missing required fields"}), 400
|
||||
resource_entry = Resource(id=identifier, content=content, data_type=data_type)
|
||||
with get_db() as db:
|
||||
try:
|
||||
db.add(resource_entry)
|
||||
db.commit()
|
||||
return jsonify(resource_entry.to_dict()), 201
|
||||
except Exception as e:
|
||||
db.rollback()
|
||||
logger.error(f"Failed to create resource: {e}")
|
||||
errno = RequestContext.get_error_id()
|
||||
return jsonify({"error": f"failed to create resource - {errno}"}), 500
|
||||
|
||||
@resource_bp.route('/<identifier>', methods=['DELETE'])
|
||||
@require_auth(roles=["admin"])
|
||||
def delete_resource(identifier):
|
||||
with get_db() as db:
|
||||
resource = db.query(Resource).get(identifier)
|
||||
if not resource:
|
||||
logger.error(f"resource not found: {identifier}")
|
||||
errno = RequestContext.get_error_id()
|
||||
return jsonify({"error": f"Resource not found - {errno}"}), 404
|
||||
db.delete(resource)
|
||||
db.commit()
|
||||
return jsonify({"message": "Resource deleted"}), 200
|
||||
Reference in New Issue
Block a user