Protect permission, project, role, and speaker resource endpoints with require_auth decorator

resources/permission.py

@@ -1,12 +1,13 @@
 from flask import abort, Blueprint, jsonify, request
+from flask_jwt_extended import jwt_required
 
+from auth import requires_auth
 from custom_types import ApiResponse
 from models.permission import PermissionModel
 from resources.message import (
  CREATED,
  DELETED,
  ERROR_404,
- ERROR_404_LIST,
  ERROR_409,
  MODIFIED,
 )
@@ -19,6 +20,8 @@
 
 
 @permissions.route("/<int:permission_id>")
+@jwt_required()
+@requires_auth("post:permission")
 def get_permission(permission_id: int) -> ApiResponse:
  permission = PermissionModel.find_by_id(permission_id)
 
@@ -39,6 +42,8 @@ def get_permission(permission_id: int) -> ApiResponse:
 
 
 @permissions.route("", methods=["POST"])
+@jwt_required()
+@requires_auth("post:permission")
 def post_permission() -> ApiResponse:
  permission_json = request.get_json()
 
@@ -67,6 +72,8 @@ def post_permission() -> ApiResponse:
 
 
 @permissions.route("/<int:permission_id>", methods=["PUT"])
+@jwt_required()
+@requires_auth("post:permission")
 def put_permission(permission_id: int) -> ApiResponse:
  permission = PermissionModel.find_by_id(permission_id)
 
@@ -107,6 +114,8 @@ def put_permission(permission_id: int) -> ApiResponse:
 
 
 @permissions.route("/<int:permission_id>", methods=["DELETE"])
+@jwt_required()
+@requires_auth("post:permission")
 def delete_permission(permission_id: int) -> ApiResponse:
  permission = PermissionModel.find_by_id(permission_id)
 
@@ -130,12 +139,11 @@ def delete_permission(permission_id: int) -> ApiResponse:
 
 
 @permissions.route("")
+@jwt_required()
+@requires_auth("post:permission")
 def get_permissions() -> ApiResponse:
  permission_list = PermissionModel.find_all()
 
- if not permission_list:
- abort(404, description=ERROR_404_LIST.format("permissions"))
-
  return (
  jsonify({"permissions": permission_list_schema.dump(permission_list)}),
  200,

resources/project.py

@@ -41,6 +41,8 @@ def get_project(project_id: int) -> ApiResponse:
 
 
 @projects.route("", methods=["POST"])
+@jwt_required()
+@requires_auth("post:project")
 def post_project() -> ApiResponse:
  project_json = request.get_json()
 
@@ -69,6 +71,8 @@ def post_project() -> ApiResponse:
 
 
 @projects.route("/<int:project_id>", methods=["PUT"])
+@jwt_required()
+@requires_auth("post:project")
 def put_project(project_id: int) -> ApiResponse:
  project = ProjectModel.find_by_id(project_id)
 
@@ -113,6 +117,8 @@ def put_project(project_id: int) -> ApiResponse:
 
 
 @projects.route("/<int:project_id>", methods=["DELETE"])
+@jwt_required()
+@requires_auth("post:project")
 def delete_project(project_id: int) -> ApiResponse:
  project = ProjectModel.find_by_id(project_id)
 

resources/role.py

@@ -1,12 +1,13 @@
 from flask import abort, Blueprint, jsonify, request
+from flask_jwt_extended import jwt_required
 
+from auth import requires_auth
 from custom_types import ApiResponse
 from models.role import RoleModel
 from resources.message import (
  CREATED,
  DELETED,
  ERROR_404,
- ERROR_404_LIST,
  ERROR_409,
  MODIFIED,
 )
@@ -19,6 +20,8 @@
 
 
 @roles.route("/<int:role_id>")
+@jwt_required()
+@requires_auth("post:role")
 def get_role(role_id: int) -> ApiResponse:
  role = RoleModel.find_by_id(role_id)
 
@@ -39,6 +42,8 @@ def get_role(role_id: int) -> ApiResponse:
 
 
 @roles.route("", methods=["POST"])
+@jwt_required()
+@requires_auth("post:role")
 def post_role() -> ApiResponse:
  role_json = request.get_json()
 
@@ -67,6 +72,8 @@ def post_role() -> ApiResponse:
 
 
 @roles.route("/<int:role_id>", methods=["PUT"])
+@jwt_required()
+@requires_auth("post:role")
 def put_role(role_id: int) -> ApiResponse:
  role = RoleModel.find_by_id(role_id)
 
@@ -105,6 +112,8 @@ def put_role(role_id: int) -> ApiResponse:
 
 
 @roles.route("/<int:role_id>", methods=["DELETE"])
+@jwt_required()
+@requires_auth("post:role")
 def delete_role(role_id: int) -> ApiResponse:
  role = RoleModel.find_by_id(role_id)
 
@@ -128,12 +137,11 @@ def delete_role(role_id: int) -> ApiResponse:
 
 
 @roles.route("")
+@jwt_required()
+@requires_auth("post:role")
 def get_roles() -> ApiResponse:
  role_list = RoleModel.find_all()
 
- if not role_list:
- abort(404, description=ERROR_404_LIST.format("roles"))
-
  return (
  jsonify({"roles": role_list_schema.dump(role_list)}),
  200,

resources/speaker.py

@@ -1,13 +1,14 @@
 from flask import abort, Blueprint, jsonify, request
+from flask_jwt_extended import jwt_required
 
+from auth import requires_auth
 from custom_types import ApiResponse
 from models.speaker import SpeakerModel
 from resources.message import (
  CREATED,
  DELETED,
  ERROR_404,
  ERROR_404_LIST,
- ERROR_409,
  MODIFIED,
 )
 from schemas.speaker import SpeakerSchema
@@ -19,6 +20,8 @@
 
 
 @speakers.route("/<int:speaker_id>")
+@jwt_required()
+@requires_auth("get:member")
 def get_speaker(speaker_id: int) -> ApiResponse:
  speaker = SpeakerModel.find_by_id(speaker_id)
 
@@ -39,6 +42,8 @@ def get_speaker(speaker_id: int) -> ApiResponse:
 
 
 @speakers.route("", methods=["POST"])
+@jwt_required()
+@requires_auth("post:speaker")
 def post_speaker() -> ApiResponse:
  speaker_json = request.get_json()
 
@@ -57,6 +62,8 @@ def post_speaker() -> ApiResponse:
 
 
 @speakers.route("/<int:speaker_id>", methods=["PUT"])
+@jwt_required()
+@requires_auth("post:speaker")
 def put_speaker(speaker_id: int) -> ApiResponse:
  speaker = SpeakerModel.find_by_id(speaker_id)
 
@@ -89,6 +96,8 @@ def put_speaker(speaker_id: int) -> ApiResponse:
 
 
 @speakers.route("/<int:speaker_id>", methods=["DELETE"])
+@jwt_required()
+@requires_auth("post:speaker")
 def delete_speaker(speaker_id: int) -> ApiResponse:
  speaker = SpeakerModel.find_by_id(speaker_id)
 
@@ -112,6 +121,8 @@ def delete_speaker(speaker_id: int) -> ApiResponse:
 
 
 @speakers.route("")
+@jwt_required()
+@requires_auth("get:member")
 def get_speakers() -> ApiResponse:
  speaker_list = SpeakerModel.find_all()
 

tests/model_test_data.py

@@ -82,14 +82,16 @@
 
 TEST_PERMISSION_4 = {"permission_name": "activate:member"}
 
-TEST_PERMISSION_5 = {"permission_name": "get:permission"}
+TEST_PERMISSION_5 = {"permission_name": "post:permission"}
 
 TEST_PERMISSION_6 = {"permission_name": "post:project"}
 
-TEST_PERMISSION_7 = {"permission_name": "get:role"}
+TEST_PERMISSION_7 = {"permission_name": "post:role"}
 
 TEST_PERMISSION_8 = {"permission_name": "post:speaker"}
 
+TEST_PERMISSION_9 = {"permission_name": "post:token"}
+
 TEST_PERMISSION_400 = {}
 
 TEST_PROJECT_1 = {