Make Authorization optional for read routes
Only require it when reading draft articles.
This commit is contained in:
@@ -33,7 +33,7 @@ impl Scope for plume_models::posts::Post {
|
||||
}
|
||||
}
|
||||
|
||||
pub struct Authorization<A, S> (PhantomData<(A, S)>);
|
||||
pub struct Authorization<A, S> (pub ApiToken, PhantomData<(A, S)>);
|
||||
|
||||
impl<'a, 'r, A, S> FromRequest<'a, 'r> for Authorization<A, S>
|
||||
where A: Action,
|
||||
@@ -45,7 +45,7 @@ where A: Action,
|
||||
request.guard::<ApiToken>()
|
||||
.map_failure(|_| (Status::Unauthorized, ()))
|
||||
.and_then(|token| if token.can(A::to_str(), S::to_str()) {
|
||||
Outcome::Success(Authorization(PhantomData))
|
||||
Outcome::Success(Authorization(token, PhantomData))
|
||||
} else {
|
||||
Outcome::Failure((Status::Unauthorized, ()))
|
||||
})
|
||||
|
||||
+4
-4
@@ -13,14 +13,14 @@ use plume_models::{
|
||||
use api::authorization::*;
|
||||
|
||||
#[get("/posts/<id>")]
|
||||
fn get(id: i32, conn: DbConn, _auth: Authorization<Read, Post>) -> Json<serde_json::Value> {
|
||||
let post = <Post as Provider<Connection>>::get(&*conn, id).ok();
|
||||
fn get(id: i32, conn: DbConn, auth: Option<Authorization<Read, Post>>) -> Json<serde_json::Value> {
|
||||
let post = <Post as Provider<(&Connection, Option<i32>)>>::get(&(&*conn, auth.map(|a| a.0.user_id)), id).ok();
|
||||
Json(json!(post))
|
||||
}
|
||||
|
||||
#[get("/posts")]
|
||||
fn list(conn: DbConn, uri: &Origin, _auth: Authorization<Read, Post>) -> Json<serde_json::Value> {
|
||||
fn list(conn: DbConn, uri: &Origin, auth: Option<Authorization<Read, Post>>) -> Json<serde_json::Value> {
|
||||
let query: PostEndpoint = serde_qs::from_str(uri.query().unwrap_or("")).expect("api::list: invalid query error");
|
||||
let post = <Post as Provider<Connection>>::list(&*conn, query);
|
||||
let post = <Post as Provider<(&Connection, Option<i32>)>>::list(&(&*conn, auth.map(|a| a.0.user_id)), query);
|
||||
Json(json!(post))
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user