Python Eve - User-restricted Resource Access Feature With Item's Id_field As Auth_field

March 09, 2024 Post a Comment

I have a collection of users, that I left it open without authentication for POST so user can create accounts, now I want to restrict the access say for tests collection, the user

Solution 1:

You can do this 1:1 relation using a before insert event hook, if you are using User-Restricted Resource Access as you mention. Because then you will have an auth_field on documents. In my example the auth field is user_id.

Your on_insert_tests hook would be like this

from flask import current_app, abort

defcheck_inserted(documents):
    # get ID for current user
    user_id = current_app.auth.get_request_auth_value()
    # find tests for the current user
    collection = current_app.data.driver.db['tests']
    tests = collection.find({'user_id': user_id})

    if tests.count() > 0:
        abort(409, 'Test already present for this account. Only one allowed.')

So when inserting the second test for the current user, it will abort.

Baca Juga

By the way, I don't see why you are changing the ID field in tests to test_id, instead of using the default _id.

Python Freelancers

Python Eve - User-restricted Resource Access Feature With Item's Id_field As Auth_field

Solution 1:

Post a Comment for "Python Eve - User-restricted Resource Access Feature With Item's Id_field As Auth_field"