在 Python EVE 中自定义对资源端点的授权
Customizing Authorization on resource endpoints in Python EVE
我在 Python 前夕实施了我的网络服务。我有几个端点,如人员、地址等。
端点模式定义如下:-
RESOURCE_METHODS = ['GET', 'POST', 'DELETE']
ITEM_METHODS = ['GET', 'PATCH', 'PUT', 'DELETE']
people = {
'item_title': 'person',
'cache_control': 'max-age=10,must-revalidate',
'cache_expires': 10,
'resource_methods': ['GET', 'POST'],
'schema': dbtableSchema.schema_people,
'public_methods': ['POST']
}
org = {
'item_title': 'org',
'cache_control': 'max-age=10,must-revalidate',
'cache_expires': 10,
'resource_methods': ['GET', 'POST'],
'schema': dbtableSchema.schema_people_org
}
puburl = {
'item_title': 'puburl',
'cache_control': 'max-age=10,must-revalidate',
'cache_expires': 10,
'resource_methods': ['GET', 'POST'],
'schema': dbtableSchema.schema_people_pub_url
}
address = {
'item_title': 'address',
'cache_control': 'max-age=10,must-revalidate',
'cache_expires': 10,
'resource_methods': ['GET', 'POST'],
'schema': dbtableSchema.schema_people_address
}
contactnumber = {
'item_title': 'contactnumber',
'cache_control': 'max-age=10,must-revalidate',
'cache_expires': 10,
'resource_methods': ['GET', 'POST'],
'schema': dbtableSchema.schema_people_contact_number
}
template = {
'item_title': 'template',
'cache_control': 'max-age=10,must-revalidate',
'cache_expires': 10,
'resource_methods': ['GET', 'POST'],
'schema': dbtableSchema.schema_template
}
usersharedcontacts = {
'item_title': 'usersharedcontacts',
'cache_control': 'max-age=10,must-revalidate',
'cache_expires': 10,
'resource_methods': ['GET', 'POST'],
'schema': dbtableSchema.schema_people_with_user_shared_contacts
}
cardholder = {
'item_title': 'cardholder',
'cache_control': 'max-age=10,must-revalidate',
'cache_expires': 10,
'resource_methods': ['GET', 'POST'],
'schema': dbtableSchema.schema_people_card_holder
}
DOMAIN = {
'people': people,
'org': org,
'puburl': puburl,
'address': address,
'contactnumber': contactnumber,
'template': template,
'usersharedcontacts': usersharedcontacts,
'cardholder': cardholder
}
我已经实现了身份验证,使 POST 对 people 端点的调用是免费的,即可以在不需要任何身份验证的情况下创建用户配置文件,并且 people table 在数据库中将被填充。
我现在想确保一旦用户通过身份验证,他/她就不能修改其他用户的信息。 Python EVE 中有没有办法处理这个问题。
[EDIT]:- There was some bug in my code , @Niccola's Solution worked properly ..
您可能想要使用 User Restricted Resource Access 功能。引用文档:
When this feature is enabled, each stored document is associated with the account that created it. This allows the API to transparently serve only account-created documents on all kinds of requests: read, edit, delete and of course create. User authentication needs to be enabled for this to work properly.
我在 Python 前夕实施了我的网络服务。我有几个端点,如人员、地址等。
端点模式定义如下:-
RESOURCE_METHODS = ['GET', 'POST', 'DELETE']
ITEM_METHODS = ['GET', 'PATCH', 'PUT', 'DELETE']
people = {
'item_title': 'person',
'cache_control': 'max-age=10,must-revalidate',
'cache_expires': 10,
'resource_methods': ['GET', 'POST'],
'schema': dbtableSchema.schema_people,
'public_methods': ['POST']
}
org = {
'item_title': 'org',
'cache_control': 'max-age=10,must-revalidate',
'cache_expires': 10,
'resource_methods': ['GET', 'POST'],
'schema': dbtableSchema.schema_people_org
}
puburl = {
'item_title': 'puburl',
'cache_control': 'max-age=10,must-revalidate',
'cache_expires': 10,
'resource_methods': ['GET', 'POST'],
'schema': dbtableSchema.schema_people_pub_url
}
address = {
'item_title': 'address',
'cache_control': 'max-age=10,must-revalidate',
'cache_expires': 10,
'resource_methods': ['GET', 'POST'],
'schema': dbtableSchema.schema_people_address
}
contactnumber = {
'item_title': 'contactnumber',
'cache_control': 'max-age=10,must-revalidate',
'cache_expires': 10,
'resource_methods': ['GET', 'POST'],
'schema': dbtableSchema.schema_people_contact_number
}
template = {
'item_title': 'template',
'cache_control': 'max-age=10,must-revalidate',
'cache_expires': 10,
'resource_methods': ['GET', 'POST'],
'schema': dbtableSchema.schema_template
}
usersharedcontacts = {
'item_title': 'usersharedcontacts',
'cache_control': 'max-age=10,must-revalidate',
'cache_expires': 10,
'resource_methods': ['GET', 'POST'],
'schema': dbtableSchema.schema_people_with_user_shared_contacts
}
cardholder = {
'item_title': 'cardholder',
'cache_control': 'max-age=10,must-revalidate',
'cache_expires': 10,
'resource_methods': ['GET', 'POST'],
'schema': dbtableSchema.schema_people_card_holder
}
DOMAIN = {
'people': people,
'org': org,
'puburl': puburl,
'address': address,
'contactnumber': contactnumber,
'template': template,
'usersharedcontacts': usersharedcontacts,
'cardholder': cardholder
}
我已经实现了身份验证,使 POST 对 people 端点的调用是免费的,即可以在不需要任何身份验证的情况下创建用户配置文件,并且 people table 在数据库中将被填充。
我现在想确保一旦用户通过身份验证,他/她就不能修改其他用户的信息。 Python EVE 中有没有办法处理这个问题。
[EDIT]:- There was some bug in my code , @Niccola's Solution worked properly ..
您可能想要使用 User Restricted Resource Access 功能。引用文档:
When this feature is enabled, each stored document is associated with the account that created it. This allows the API to transparently serve only account-created documents on all kinds of requests: read, edit, delete and of course create. User authentication needs to be enabled for this to work properly.