diff --git a/app/api/__init__.py b/app/api/__init__.py index cf1a4ed..12968e6 100644 --- a/app/api/__init__.py +++ b/app/api/__init__.py @@ -32,10 +32,11 @@ class ProtectedResource(Resource): def add_resources(): - from .resources.account import AccountResource + from .resources.account import AccountResource, AccountListResource from .resources.token import TokenResource - api.add_resource(AccountResource, '/v1/accounts') + api.add_resource(AccountResource, '/v1/accounts/') + api.add_resource(AccountListResource, '/v1/accounts') api.add_resource(TokenResource, '/v1/token') diff --git a/app/api/resources/account.py b/app/api/resources/account.py index 6441a66..c4f769a 100644 --- a/app/api/resources/account.py +++ b/app/api/resources/account.py @@ -1,20 +1,30 @@ from flask_restful import Resource, abort +from flask import g from webargs import fields from webargs.flaskparser import use_args from flasgger import swag_from import app.accounts as accounts -from app.api import protected +from app.api import ProtectedResource, protected + +user_args = { + 'user': fields.Nested({ + 'username': fields.Str(required=True), + 'email': fields.Email(required=True), + 'password': fields.Str(required=True) + }, required=True, location='json') +} -class AccountResource(Resource): - user_args = { - 'user': fields.Nested({ - 'username': fields.Str(required=True), - 'email': fields.Email(required=True), - 'password': fields.Str(required=True) - }, required=True, location='json') - } +class AccountResource(ProtectedResource): + @swag_from('swagger/get_account_spec.yaml') + def get(self, account_id): + if g.current_account.id == account_id: + return g.current_account, 200 + abort(403, message='You can only get your own account', status='error') + + +class AccountListResource(Resource): @use_args(user_args) @swag_from('swagger/create_account_spec.yaml') def post(self, args): @@ -30,6 +40,5 @@ class AccountResource(Resource): abort(422, message='Account already exists', status='error') @protected - @swag_from('swagger/get_account_spec.yaml') def get(self): return '', 200