|
a/Allura/allura/controllers/rest.py |
|
b/Allura/allura/controllers/rest.py |
|
... |
|
... |
| 18 |
'Based on request.params, authenticate the request'
|
18 |
'Based on request.params, authenticate the request'
|
| 19 |
if 'api_key' not in request.params: return M.User.anonymous()
|
19 |
if 'api_key' not in request.params: return M.User.anonymous()
|
| 20 |
api_key = request.params.get('api_key')
|
20 |
api_key = request.params.get('api_key')
|
| 21 |
api_token = M.ApiToken.query.get(api_key=api_key)
|
21 |
api_token = M.ApiToken.query.get(api_key=api_key)
|
| 22 |
if api_token is not None and api_token.authenticate_request(request.path, request.params):
|
22 |
if api_token is not None and api_token.authenticate_request(request.path, request.params):
|
| 23 |
return api_token.user
|
23 |
return api_token
|
| 24 |
else:
|
24 |
else:
|
| 25 |
raise exc.HTTPForbidden
|
25 |
raise exc.HTTPForbidden
|
| 26 |
|
26 |
|
| 27 |
@expose()
|
27 |
@expose()
|
| 28 |
def _lookup(self, name, *remainder):
|
28 |
def _lookup(self, name, *remainder):
|
| 29 |
c.user = self._authenticate_request()
|
29 |
api_token = self._authenticate_request()
|
|
|
30 |
c.api_token = api_token
|
|
|
31 |
c.user = api_token.user
|
| 30 |
neighborhood = M.Neighborhood.query.get(url_prefix = '/' + name + '/')
|
32 |
neighborhood = M.Neighborhood.query.get(url_prefix = '/' + name + '/')
|
| 31 |
if not neighborhood: raise exc.HTTPNotFound, name
|
33 |
if not neighborhood: raise exc.HTTPNotFound, name
|
| 32 |
return NeighborhoodRestController(neighborhood), remainder
|
34 |
return NeighborhoodRestController(neighborhood), remainder
|
| 33 |
|
35 |
|
| 34 |
class NeighborhoodRestController(object):
|
36 |
class NeighborhoodRestController(object):
|