impl FromRequest for ApiToken
and use it for the posts API
This commit is contained in:
+20
-8
@@ -7,19 +7,31 @@ use serde_qs;
|
||||
use plume_api::posts::PostEndpoint;
|
||||
use plume_models::{
|
||||
Connection,
|
||||
api_tokens::ApiToken,
|
||||
db_conn::DbConn,
|
||||
posts::Post,
|
||||
};
|
||||
|
||||
#[get("/posts/<id>")]
|
||||
fn get(id: i32, conn: DbConn) -> Json<serde_json::Value> {
|
||||
let post = <Post as Provider<Connection>>::get(&*conn, id).ok();
|
||||
Json(json!(post))
|
||||
fn get(id: i32, conn: DbConn, token: ApiToken) -> Json<serde_json::Value> {
|
||||
if token.can_read("posts") {
|
||||
let post = <Post as Provider<Connection>>::get(&*conn, id).ok();
|
||||
Json(json!(post))
|
||||
} else {
|
||||
Json(json!({
|
||||
"error": "Unauthorized"
|
||||
}))
|
||||
}
|
||||
}
|
||||
|
||||
#[get("/posts")]
|
||||
fn list(conn: DbConn, uri: &Origin) -> Json<serde_json::Value> {
|
||||
let query: PostEndpoint = serde_qs::from_str(uri.query().unwrap_or("")).expect("api::list: invalid query error");
|
||||
let post = <Post as Provider<Connection>>::list(&*conn, query);
|
||||
Json(json!(post))
|
||||
}
|
||||
fn list(conn: DbConn, uri: &Origin, token: ApiToken) -> Json<serde_json::Value> {
|
||||
if token.can_read("posts") {
|
||||
let query: PostEndpoint = serde_qs::from_str(uri.query().unwrap_or("")).expect("api::list: invalid query error");
|
||||
let post = <Post as Provider<Connection>>::list(&*conn, query);
|
||||
Json(json!(post))
|
||||
} else {
|
||||
Json(json!({
|
||||
"error": "Unauthorized"
|
||||
}))
|
||||
}}
|
||||
|
||||
Reference in New Issue
Block a user