文档不明确,有时会使用 GET_MANY 和其他 GET_COLLECTION。我需要做一个预处理器来授权。GET_SINGLE 确实有效(返回 401:禁止),但 GET_MANY 或 GET_COLLECTION 无效(返回 200:ok)。
@
auth_token_required@ roles_accepted('admin', 'supervisor')
def auth_func( * args, * * kw):
print('@Juan: calling auth_func...')
pass
@ auth_token_required@ roles_accepted('adminxxx', 'supervisor')
def get_many(search_params = None, * * kw):
print('@Juan: calling get_many...')
pass
preprocessors = {
'GET_SINGLE': [auth_func],
'GET_MANY': [get_many]
}
api_manager = APIManager(app, flask_sqlalchemy_db = db)
api_manager.create_api(Person,
methods = ['GET', 'POST', 'DELETE', 'PUT'],
preprocessors = preprocessors)