From d723e681e437a4d3598ca718a30ff1b755df704b Mon Sep 17 00:00:00 2001 From: Jon Bergli Heier Date: Mon, 23 Nov 2020 17:49:49 +0100 Subject: Add authentication support --- inventory/api.py | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/inventory/api.py b/inventory/api.py index d374ad1..388a698 100644 --- a/inventory/api.py +++ b/inventory/api.py @@ -19,6 +19,7 @@ from .schema import NodeSchema mongo = PyMongo(current_app, tz_aware=True) mongo.db.nodes.create_index([('fields.value', pymongo.TEXT), ('name', pymongo.TEXT)], name='fields.value_text_name_text') mongo.db.nodes.create_index([('parent_id', pymongo.ASCENDING)], name='parent_id') +mongo.db.nodes.create_index([('user_id', pymongo.ASCENDING)], name='user_id') app = Blueprint('api', __name__) @@ -74,6 +75,7 @@ def auth_required(f): # Routes @app.route('/nodes') +@auth_required def root_nodes(): schema = NodeSchema(many=True) data = schema.dump(mongo.db.nodes.find({'parent_id': None})) @@ -81,6 +83,7 @@ def root_nodes(): @app.route('/nodes', methods=['POST']) +@auth_required def add_node(): data = request.json if data is None or not isinstance(data, dict): @@ -88,6 +91,7 @@ def add_node(): schema = NodeSchema() node = schema.load(data) node['created_at'] = pytz.utc.localize(datetime.datetime.utcnow()) + node['user_id'] = g.user['_id'] result = mongo.db.nodes.insert_one(node) if not result.acknowledged: abort(500, 'Write operation not acknowledged') @@ -96,9 +100,10 @@ def add_node(): @app.route('/nodes/') +@auth_required def node(node_id): result = mongo.db.nodes.aggregate([ - {'$match': {'_id': node_id}}, + {'$match': {'_id': node_id, 'user_id': g.user['_id']}}, { '$graphLookup': { 'from': 'nodes', @@ -147,6 +152,7 @@ def node(node_id): @app.route('/nodes/', methods=['PUT']) +@auth_required def update_node(node_id): data = request.json if data is None or not isinstance(data, dict): @@ -154,26 +160,28 @@ def update_node(node_id): schema = NodeSchema() node = schema.load(data) node['updated_at'] = pytz.utc.localize(datetime.datetime.utcnow()) - result = mongo.db.nodes.update_one({'_id': node_id}, {'$set': node}) + result = mongo.db.nodes.update_one({'_id': node_id, 'user_id': g.user['_id']}, {'$set': node}) if not result.acknowledged: abort(500, 'Write operation not acknowledged') return '', 204 @app.route('/nodes/', methods=['DELETE']) +@auth_required def delete_node(node_id): - result = mongo.db.nodes.delete_one({'_id': node_id}) + result = mongo.db.nodes.delete_one({'_id': node_id, 'user_id': g.user['_id']}) if result.deleted_count == 0: abort(404, 'No node found') return jsonify({}), 204 @app.route('/search', methods=['POST']) +@auth_required def find_nodes(): if 'q' not in request.form: abort(400, 'Missing q argument') schema = NodeSchema(many=True) - data = schema.dump(mongo.db.nodes.find({'$text': {'$search': request.form['q']}})) + data = schema.dump(mongo.db.nodes.find({'$text': {'$search': request.form['q']}, 'user_id': g.user['_id']})) return jsonify(data) -- cgit v1.2.3