Make Authorization optional for read routes

Only require it when reading draft articles.
This commit is contained in:
Baptiste Gelez
2018-10-30 10:11:53 +01:00
parent c341179150
commit e26a150164
3 changed files with 43 additions and 20 deletions
+2 -2
View File
@@ -33,7 +33,7 @@ impl Scope for plume_models::posts::Post {
}
}
pub struct Authorization<A, S> (PhantomData<(A, S)>);
pub struct Authorization<A, S> (pub ApiToken, PhantomData<(A, S)>);
impl<'a, 'r, A, S> FromRequest<'a, 'r> for Authorization<A, S>
where A: Action,
@@ -45,7 +45,7 @@ where A: Action,
request.guard::<ApiToken>()
.map_failure(|_| (Status::Unauthorized, ()))
.and_then(|token| if token.can(A::to_str(), S::to_str()) {
Outcome::Success(Authorization(PhantomData))
Outcome::Success(Authorization(token, PhantomData))
} else {
Outcome::Failure((Status::Unauthorized, ()))
})
+4 -4
View File
@@ -13,14 +13,14 @@ use plume_models::{
use api::authorization::*;
#[get("/posts/<id>")]
fn get(id: i32, conn: DbConn, _auth: Authorization<Read, Post>) -> Json<serde_json::Value> {
let post = <Post as Provider<Connection>>::get(&*conn, id).ok();
fn get(id: i32, conn: DbConn, auth: Option<Authorization<Read, Post>>) -> Json<serde_json::Value> {
let post = <Post as Provider<(&Connection, Option<i32>)>>::get(&(&*conn, auth.map(|a| a.0.user_id)), id).ok();
Json(json!(post))
}
#[get("/posts")]
fn list(conn: DbConn, uri: &Origin, _auth: Authorization<Read, Post>) -> Json<serde_json::Value> {
fn list(conn: DbConn, uri: &Origin, auth: Option<Authorization<Read, Post>>) -> Json<serde_json::Value> {
let query: PostEndpoint = serde_qs::from_str(uri.query().unwrap_or("")).expect("api::list: invalid query error");
let post = <Post as Provider<Connection>>::list(&*conn, query);
let post = <Post as Provider<(&Connection, Option<i32>)>>::list(&(&*conn, auth.map(|a| a.0.user_id)), query);
Json(json!(post))
}