From 9574074f9cbd1b4194c50ef2d882062a81f767f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Nowak?= <luke@nexedi.com> Date: Thu, 3 May 2012 10:43:35 +0200 Subject: [PATCH] Simplify decoration. Use common responseSupport which adds all expected headers and supports anonymous access, so OPTIONS can be simplified. --- .../product/Vifib/Tool/VifibRestApiV1Tool.py | 62 ++++++++----------- 1 file changed, 26 insertions(+), 36 deletions(-) diff --git a/master/product/Vifib/Tool/VifibRestApiV1Tool.py b/master/product/Vifib/Tool/VifibRestApiV1Tool.py index 61cc862fa..cd08bf600 100644 --- a/master/product/Vifib/Tool/VifibRestApiV1Tool.py +++ b/master/product/Vifib/Tool/VifibRestApiV1Tool.py @@ -39,44 +39,35 @@ import xml_marshaller import json import transaction -def jsonResponse(fn): - def wrapper(self, *args, **kwargs): - self.REQUEST.response.setHeader('Content-Type', 'application/json') - return fn(self, *args, **kwargs) - wrapper.__doc__ = fn.__doc__ - return wrapper - -def responseSupport(fn): - def wrapper(self, *args, **kwargs): - response = self.REQUEST.response - response.setHeader('Access-Control-Allow-Headers', - self.REQUEST.getHeader('Access-Control-Allow-Headers')) - response.setHeader('Access-Control-Allow-Origin', '*') - response.setHeader('Access-Control-Allow-Methods', 'DELETE, PUT, POST, ' - 'GET, OPTIONS') - if getSecurityManager().getUser().getId() is None: - # force login - response.setStatus(401) - response.setHeader('WWW-Authenticate', 'Bearer realm="%s"'% - self.absolute_url()) - response.setHeader('Location', self.getPortalObject()\ - .portal_preferences.getPreferredRestApiV1TokenServerUrl()) - return response - return fn(self, *args, **kwargs) - wrapper.__doc__ = fn.__doc__ - return wrapper +def responseSupport(anonymous=False): + def outer(fn): + def wrapper(self, *args, **kwargs): + response = self.REQUEST.response + response.setHeader('Content-Type', 'application/json') + response.setHeader('Access-Control-Allow-Headers', + self.REQUEST.getHeader('Access-Control-Allow-Headers')) + response.setHeader('Access-Control-Allow-Origin', '*') + response.setHeader('Access-Control-Allow-Methods', 'DELETE, PUT, POST, ' + 'GET, OPTIONS') + if not anonymous and getSecurityManager().getUser().getId() is None: + # force login + response.setStatus(401) + response.setHeader('WWW-Authenticate', 'Bearer realm="%s"'% + self.absolute_url()) + response.setHeader('Location', self.getPortalObject()\ + .portal_preferences.getPreferredRestApiV1TokenServerUrl()) + return response + return fn(self, *args, **kwargs) + wrapper.__doc__ = fn.__doc__ + return wrapper + return outer class GenericPublisher(Implicit): + @responseSupport(True) def OPTIONS(self, *args, **kwargs): """HTTP OPTIONS implementation""" - response = self.REQUEST.response - response.setHeader('Access-Control-Allow-Headers', - self.REQUEST.get('Access-Control-Allow-Headers')) - response.setHeader('Access-Control-Allow-Origin', '*') - response.setHeader('Access-Control-Allow-Methods', 'DELETE, PUT, POST, ' - 'GET, OPTIONS') - response.setStatus(200) - return response + self.REQUEST.response.setStatus(204) + return self.REQUEST.response def __before_publishing_traverse__(self, self2, request): path = request['TraversalRequestNameStack'] @@ -88,7 +79,6 @@ class GenericPublisher(Implicit): class InstancePublisher(GenericPublisher): """Instance publisher""" - @jsonResponse def __request(self): response = self.REQUEST.response self.REQUEST.stdin.seek(0) @@ -152,7 +142,7 @@ class InstancePublisher(GenericPublisher): response.setBody(json.dumps({'status':'processing'})) return response - @responseSupport + @responseSupport() def __call__(self): """Instance GET/POST support""" if self.REQUEST['REQUEST_METHOD'] == 'POST': -- 2.30.9