def get_items(slugs):
if slugs:
items_list = slugs.split(',')
elif request.is_json:
items_list = request.get_json()
# Check if there are items from ugc collection and test their access control
ugc_items = []
for item in items_list:
if item.startswith('ugc'):
ugc_items.append(item)
user_oid = current_user.is_authenticated and current_user.id
items = fetch_items(items_list)
if len(items) == 1 and 'error_code' in items[0]:
error = items[0]
abort(error['error_code'], error['msg'])
else:
# Cast items to list
if type(items) != list:
items = [items]
# Check that each of the ugc_items is accessible by the logged in user
for ugc_item_id in [i[4:] for i in ugc_items]:
for item in items:
if item['_id'] == ugc_item_id and item.has_key('owner') and item['owner'] != unicode(user_oid):
abort(403, 'You are not authorized to access item ugc.{}'.format(str(item['_id'])))
return humanify(items)
评论列表
文章目录
