impl FromRequest for ApiToken

and use it for the posts API
This commit is contained in:
Baptiste Gelez
2018-10-22 15:09:47 +01:00
parent 663ec52fea
commit 9a13d804c5
2 changed files with 68 additions and 8 deletions
+20 -8
View File
@@ -7,19 +7,31 @@ use serde_qs;
use plume_api::posts::PostEndpoint;
use plume_models::{
Connection,
api_tokens::ApiToken,
db_conn::DbConn,
posts::Post,
};
#[get("/posts/<id>")]
fn get(id: i32, conn: DbConn) -> Json<serde_json::Value> {
let post = <Post as Provider<Connection>>::get(&*conn, id).ok();
Json(json!(post))
fn get(id: i32, conn: DbConn, token: ApiToken) -> Json<serde_json::Value> {
if token.can_read("posts") {
let post = <Post as Provider<Connection>>::get(&*conn, id).ok();
Json(json!(post))
} else {
Json(json!({
"error": "Unauthorized"
}))
}
}
#[get("/posts")]
fn list(conn: DbConn, uri: &Origin) -> Json<serde_json::Value> {
let query: PostEndpoint = serde_qs::from_str(uri.query().unwrap_or("")).expect("api::list: invalid query error");
let post = <Post as Provider<Connection>>::list(&*conn, query);
Json(json!(post))
}
fn list(conn: DbConn, uri: &Origin, token: ApiToken) -> Json<serde_json::Value> {
if token.can_read("posts") {
let query: PostEndpoint = serde_qs::from_str(uri.query().unwrap_or("")).expect("api::list: invalid query error");
let post = <Post as Provider<Connection>>::list(&*conn, query);
Json(json!(post))
} else {
Json(json!({
"error": "Unauthorized"
}))
}}