diff --git a/k4ever/api2/decorators.py b/k4ever/api2/decorators.py index f4ee01a..b729f20 100644 --- a/k4ever/api2/decorators.py +++ b/k4ever/api2/decorators.py @@ -8,11 +8,12 @@ def manglePluginPerms(apiFunc): When the user which called the apifunc is a plugin this function goes through the following steps: + - searches the user it should change to - checks if this user allowed the plugin to "speak for him" - change the request so it looks like the user called himself - add an plugin_user entry containing the previous request user - + This decorator is intended to be used with django piston, so on error it will return the appropriate rc.* values. """ @@ -36,7 +37,7 @@ def manglePluginPerms(apiFunc): # FIXME: Could throw exception when we have no plugin for the # user - where should we report this? plugin = Plugin.objects.get(user=request.user) - + # 1. find user! user = None try: @@ -64,7 +65,7 @@ def manglePluginPerms(apiFunc): def requirePlugin(apiFunc): """Check if user is a plugin. - + Checks if the user is a member of the "Plugin" Group. Returns a rc.FORBIDDEN if not. """ diff --git a/k4ever/docs/django/api.rst b/k4ever/docs/django/api.rst index 07a81f1..4af5b29 100644 --- a/k4ever/docs/django/api.rst +++ b/k4ever/docs/django/api.rst @@ -22,11 +22,6 @@ can be turned off. Plugins -------------- - - how does authentication work - - what is the plugin authentication - - when does a plugin need an user? - - how to change user names - k4evers API also has a *plugin*-concept. :class:`Plugins ` can be allowed by users to buy items on their behalf. To do this the user has to allow the plugin via the webinterface. A :class:`PluginPermission @@ -202,3 +197,4 @@ As one might see, ``curl`` is quite nice for accessing the API. ``curl`` also su curl --basic http://testplugin:maunz@server/api/buyable/account/balance/?user=frundy # as plugin buy 10 times item with id 3 curl --basic -X POST --data "amount=10" http://testplugin:maunz@server/api/buyable/item/3/?user=frundy +