Simplify decoration.

Use common responseSupport which adds all expected headers and supports anonymous access, so OPTIONS can be simplified.

Simplify decoration.
Use common responseSupport which adds all expected headers and supports anonymous access, so OPTIONS can be simplified.
9574074f · Łukasz Nowak · a5585d85 · 9574074f
Commit 9574074f authored May 03, 2012 by Łukasz Nowak
Hide whitespace changes
Inline Side-by-side

Showing with 26 additions and 36 deletions

master/product/Vifib/Tool/VifibRestApiV1Tool.py master/product/Vifib/Tool/VifibRestApiV1Tool.py +26 -36

No files found.
--- a/master/product/Vifib/Tool/VifibRestApiV1Tool.py
+++ b/master/product/Vifib/Tool/VifibRestApiV1Tool.py
@@ -39,44 +39,35 @@ import xml_marshaller
 import json
 import transaction
-def jsonResponse(fn):
+def responseSupport(anonymous=False):
-  def wrapper(self, *args, **kwargs):
+  def outer(fn):
-    self.REQUEST.response.setHeader('Content-Type', 'application/json')
+    def wrapper(self, *args, **kwargs):
-    return fn(self, *args, **kwargs)
+      response = self.REQUEST.response
-  wrapper.__doc__ = fn.__doc__
+      response.setHeader('Content-Type', 'application/json')
-  return wrapper
+      response.setHeader('Access-Control-Allow-Headers',
+        self.REQUEST.getHeader('Access-Control-Allow-Headers'))
-def responseSupport(fn):
+      response.setHeader('Access-Control-Allow-Origin', '*')
-  def wrapper(self, *args, **kwargs):
+      response.setHeader('Access-Control-Allow-Methods', 'DELETE, PUT, POST, '
-    response = self.REQUEST.response
+        'GET, OPTIONS')
-    response.setHeader('Access-Control-Allow-Headers',
+      if not anonymous and getSecurityManager().getUser().getId() is None:
-      self.REQUEST.getHeader('Access-Control-Allow-Headers'))
+        # force login
-    response.setHeader('Access-Control-Allow-Origin', '*')
+        response.setStatus(401)
-    response.setHeader('Access-Control-Allow-Methods', 'DELETE, PUT, POST, '
+        response.setHeader('WWW-Authenticate', 'Bearer realm="%s"'%
-      'GET, OPTIONS')
+          self.absolute_url())
-    if getSecurityManager().getUser().getId() is None:
+        response.setHeader('Location', self.getPortalObject()\
-      # force login
+          .portal_preferences.getPreferredRestApiV1TokenServerUrl())
-      response.setStatus(401)
+        return response
-      response.setHeader('WWW-Authenticate', 'Bearer realm="%s"'%
+      return fn(self, *args, **kwargs)
-        self.absolute_url())
+    wrapper.__doc__ = fn.__doc__
-      response.setHeader('Location', self.getPortalObject()\
+    return wrapper
-        .portal_preferences.getPreferredRestApiV1TokenServerUrl())
+  return outer
-      return response
-    return fn(self, *args, **kwargs)
-  wrapper.__doc__ = fn.__doc__
-  return wrapper
 class GenericPublisher(Implicit):
+  @responseSupport(True)
  def OPTIONS(self, *args, **kwargs):
    """HTTP OPTIONS implementation"""
-    response = self.REQUEST.response
+    self.REQUEST.response.setStatus(204)
-    response.setHeader('Access-Control-Allow-Headers',
+    return self.REQUEST.response
-      self.REQUEST.get('Access-Control-Allow-Headers'))
-    response.setHeader('Access-Control-Allow-Origin', '*')
-    response.setHeader('Access-Control-Allow-Methods', 'DELETE, PUT, POST, '
-      'GET, OPTIONS')
-    response.setStatus(200)
-    return response
  def __before_publishing_traverse__(self, self2, request):
    path = request['TraversalRequestNameStack']
@@ -88,7 +79,6 @@ class GenericPublisher(Implicit):
 class InstancePublisher(GenericPublisher):
  """Instance publisher"""
-  @jsonResponse
  def __request(self):
    response = self.REQUEST.response
    self.REQUEST.stdin.seek(0)
@@ -152,7 +142,7 @@ class InstancePublisher(GenericPublisher):
    response.setBody(json.dumps({'status':'processing'}))
    return response
-  @responseSupport
+  @responseSupport()
  def __call__(self):
    """Instance GET/POST support"""
    if self.REQUEST['REQUEST_METHOD'] == 'POST':