summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--inventory/api.py16
1 files changed, 12 insertions, 4 deletions
diff --git a/inventory/api.py b/inventory/api.py
index d374ad1..388a698 100644
--- a/inventory/api.py
+++ b/inventory/api.py
@@ -19,6 +19,7 @@ from .schema import NodeSchema
mongo = PyMongo(current_app, tz_aware=True)
mongo.db.nodes.create_index([('fields.value', pymongo.TEXT), ('name', pymongo.TEXT)], name='fields.value_text_name_text')
mongo.db.nodes.create_index([('parent_id', pymongo.ASCENDING)], name='parent_id')
+mongo.db.nodes.create_index([('user_id', pymongo.ASCENDING)], name='user_id')
app = Blueprint('api', __name__)
@@ -74,6 +75,7 @@ def auth_required(f):
# Routes
@app.route('/nodes')
+@auth_required
def root_nodes():
schema = NodeSchema(many=True)
data = schema.dump(mongo.db.nodes.find({'parent_id': None}))
@@ -81,6 +83,7 @@ def root_nodes():
@app.route('/nodes', methods=['POST'])
+@auth_required
def add_node():
data = request.json
if data is None or not isinstance(data, dict):
@@ -88,6 +91,7 @@ def add_node():
schema = NodeSchema()
node = schema.load(data)
node['created_at'] = pytz.utc.localize(datetime.datetime.utcnow())
+ node['user_id'] = g.user['_id']
result = mongo.db.nodes.insert_one(node)
if not result.acknowledged:
abort(500, 'Write operation not acknowledged')
@@ -96,9 +100,10 @@ def add_node():
@app.route('/nodes/<ObjectId:node_id>')
+@auth_required
def node(node_id):
result = mongo.db.nodes.aggregate([
- {'$match': {'_id': node_id}},
+ {'$match': {'_id': node_id, 'user_id': g.user['_id']}},
{
'$graphLookup': {
'from': 'nodes',
@@ -147,6 +152,7 @@ def node(node_id):
@app.route('/nodes/<ObjectId:node_id>', methods=['PUT'])
+@auth_required
def update_node(node_id):
data = request.json
if data is None or not isinstance(data, dict):
@@ -154,26 +160,28 @@ def update_node(node_id):
schema = NodeSchema()
node = schema.load(data)
node['updated_at'] = pytz.utc.localize(datetime.datetime.utcnow())
- result = mongo.db.nodes.update_one({'_id': node_id}, {'$set': node})
+ result = mongo.db.nodes.update_one({'_id': node_id, 'user_id': g.user['_id']}, {'$set': node})
if not result.acknowledged:
abort(500, 'Write operation not acknowledged')
return '', 204
@app.route('/nodes/<ObjectId:node_id>', methods=['DELETE'])
+@auth_required
def delete_node(node_id):
- result = mongo.db.nodes.delete_one({'_id': node_id})
+ result = mongo.db.nodes.delete_one({'_id': node_id, 'user_id': g.user['_id']})
if result.deleted_count == 0:
abort(404, 'No node found')
return jsonify({}), 204
@app.route('/search', methods=['POST'])
+@auth_required
def find_nodes():
if 'q' not in request.form:
abort(400, 'Missing q argument')
schema = NodeSchema(many=True)
- data = schema.dump(mongo.db.nodes.find({'$text': {'$search': request.form['q']}}))
+ data = schema.dump(mongo.db.nodes.find({'$text': {'$search': request.form['q']}, 'user_id': g.user['_id']}))
return jsonify(data)