fix: [API ACL] read_only user role

pull/559/head
Terrtia 2021-02-23 14:07:57 +01:00
parent e28326a6cf
commit 04bd78934d
No known key found for this signature in database
GPG Key ID: 1E1B1F50D84613D0
1 changed files with 16 additions and 16 deletions

View File

@ -188,14 +188,14 @@ def one():
# #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
@restApi.route("api/v1/get/item", methods=['POST']) @restApi.route("api/v1/get/item", methods=['POST'])
@token_required('user') @token_required('read_only')
def get_item_id(): def get_item_id():
data = request.get_json() data = request.get_json()
res = Item.get_item(data) res = Item.get_item(data)
return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1] return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1]
@restApi.route("api/v1/get/item/default", methods=['POST']) @restApi.route("api/v1/get/item/default", methods=['POST'])
@token_required('user') @token_required('read_only')
def get_item_id_basic(): def get_item_id_basic():
data = request.get_json() data = request.get_json()
@ -218,7 +218,7 @@ def get_item_id_basic():
# #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
@restApi.route("api/v1/get/item/tag", methods=['POST']) @restApi.route("api/v1/get/item/tag", methods=['POST'])
@token_required('user') @token_required('read_only')
def get_item_tag(): def get_item_tag():
data = request.get_json() data = request.get_json()
@ -299,7 +299,7 @@ def delete_item_tags():
# #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
@restApi.route("api/v1/get/item/content", methods=['POST']) @restApi.route("api/v1/get/item/content", methods=['POST'])
@token_required('user') @token_required('read_only')
def get_item_content(): def get_item_content():
data = request.get_json() data = request.get_json()
@ -314,7 +314,7 @@ def get_item_content():
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
@restApi.route("api/v1/get/tag/metadata", methods=['POST']) @restApi.route("api/v1/get/tag/metadata", methods=['POST'])
@token_required('user') @token_required('read_only')
def get_tag_metadata(): def get_tag_metadata():
data = request.get_json() data = request.get_json()
tag = data.get('tag', None) tag = data.get('tag', None)
@ -324,7 +324,7 @@ def get_tag_metadata():
return Response(json.dumps(metadata, indent=2, sort_keys=True), mimetype='application/json'), 200 return Response(json.dumps(metadata, indent=2, sort_keys=True), mimetype='application/json'), 200
@restApi.route("api/v1/get/tag/all", methods=['GET']) @restApi.route("api/v1/get/tag/all", methods=['GET'])
@token_required('user') @token_required('read_only')
def get_all_tags(): def get_all_tags():
res = {'tags': Tag.get_all_tags()} res = {'tags': Tag.get_all_tags()}
return Response(json.dumps(res, indent=2, sort_keys=True), mimetype='application/json'), 200 return Response(json.dumps(res, indent=2, sort_keys=True), mimetype='application/json'), 200
@ -351,7 +351,7 @@ def delete_tracker_term():
return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1] return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1]
@restApi.route("api/v1/get/tracker/item", methods=['POST']) @restApi.route("api/v1/get/tracker/item", methods=['POST'])
@token_required('user') @token_required('read_only')
def get_tracker_term_item(): def get_tracker_term_item():
data = request.get_json() data = request.get_json()
user_token = get_auth_from_header() user_token = get_auth_from_header()
@ -364,7 +364,7 @@ def get_tracker_term_item():
# # # # # # # # # # # # CRYPTOCURRENCY # # # # # # # # # # # # # # # # # # # # # # # # # # CRYPTOCURRENCY # # # # # # # # # # # # # #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
@restApi.route("api/v1/get/cryptocurrency/bitcoin/metadata", methods=['POST']) @restApi.route("api/v1/get/cryptocurrency/bitcoin/metadata", methods=['POST'])
@token_required('user') @token_required('read_only')
def get_cryptocurrency_bitcoin_metadata(): def get_cryptocurrency_bitcoin_metadata():
data = request.get_json() data = request.get_json()
crypto_address = data.get('bitcoin', None) crypto_address = data.get('bitcoin', None)
@ -373,7 +373,7 @@ def get_cryptocurrency_bitcoin_metadata():
return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1] return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1]
@restApi.route("api/v1/get/cryptocurrency/bitcoin/item", methods=['POST']) @restApi.route("api/v1/get/cryptocurrency/bitcoin/item", methods=['POST'])
@token_required('user') @token_required('read_only')
def get_cryptocurrency_bitcoin_item(): def get_cryptocurrency_bitcoin_item():
data = request.get_json() data = request.get_json()
bitcoin_address = data.get('bitcoin', None) bitcoin_address = data.get('bitcoin', None)
@ -385,7 +385,7 @@ def get_cryptocurrency_bitcoin_item():
# # # # # # # # # # # # # # # PGP # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # PGP # # # # # # # # # # # # # # # # #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
@restApi.route("api/v1/get/pgp/key/metadata", methods=['POST']) @restApi.route("api/v1/get/pgp/key/metadata", methods=['POST'])
@token_required('user') @token_required('read_only')
def get_pgp_key_metadata(): def get_pgp_key_metadata():
data = request.get_json() data = request.get_json()
pgp_field = data.get('key', None) pgp_field = data.get('key', None)
@ -394,7 +394,7 @@ def get_pgp_key_metadata():
return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1] return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1]
@restApi.route("api/v1/get/pgp/mail/metadata", methods=['POST']) @restApi.route("api/v1/get/pgp/mail/metadata", methods=['POST'])
@token_required('user') @token_required('read_only')
def get_pgp_mail_metadata(): def get_pgp_mail_metadata():
data = request.get_json() data = request.get_json()
pgp_field = data.get('mail', None) pgp_field = data.get('mail', None)
@ -403,7 +403,7 @@ def get_pgp_mail_metadata():
return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1] return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1]
@restApi.route("api/v1/get/pgp/name/metadata", methods=['POST']) @restApi.route("api/v1/get/pgp/name/metadata", methods=['POST'])
@token_required('user') @token_required('read_only')
def get_pgp_name_metadata(): def get_pgp_name_metadata():
data = request.get_json() data = request.get_json()
pgp_field = data.get('name', None) pgp_field = data.get('name', None)
@ -412,7 +412,7 @@ def get_pgp_name_metadata():
return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1] return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1]
@restApi.route("api/v1/get/pgp/key/item", methods=['POST']) @restApi.route("api/v1/get/pgp/key/item", methods=['POST'])
@token_required('user') @token_required('read_only')
def get_pgp_key_item(): def get_pgp_key_item():
data = request.get_json() data = request.get_json()
pgp_field = data.get('key', None) pgp_field = data.get('key', None)
@ -421,7 +421,7 @@ def get_pgp_key_item():
return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1] return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1]
@restApi.route("api/v1/get/pgp/mail/item", methods=['POST']) @restApi.route("api/v1/get/pgp/mail/item", methods=['POST'])
@token_required('user') @token_required('read_only')
def get_pgp_mail_item(): def get_pgp_mail_item():
data = request.get_json() data = request.get_json()
pgp_mail = data.get('mail', None) pgp_mail = data.get('mail', None)
@ -430,7 +430,7 @@ def get_pgp_mail_item():
return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1] return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1]
@restApi.route("api/v1/get/pgp/name/item", methods=['POST']) @restApi.route("api/v1/get/pgp/name/item", methods=['POST'])
@token_required('user') @token_required('read_only')
def get_pgp_name_item(): def get_pgp_name_item():
data = request.get_json() data = request.get_json()
pgp_name = data.get('name', None) pgp_name = data.get('name', None)
@ -609,7 +609,7 @@ def import_json_item():
# #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
@restApi.route("api/v1/ping", methods=['GET']) @restApi.route("api/v1/ping", methods=['GET'])
@token_required('user') @token_required('read_only')
def v1_ping(): def v1_ping():
return Response(json.dumps({'status': 'pong'}), mimetype='application/json'), 200 return Response(json.dumps({'status': 'pong'}), mimetype='application/json'), 200