def on_get(self, req, resp, app_name):
if not req.context['username']:
raise HTTPUnauthorized('You must be a logged in user to view this app\'s key')
with db.guarded_session() as session:
if not req.context['is_admin']:
has_permission = session.execute(
'''SELECT 1
FROM `application_owner`
JOIN `target` on `target`.`id` = `application_owner`.`user_id`
JOIN `application` on `application`.`id` = `application_owner`.`application_id`
WHERE `target`.`name` = :username
AND `application`.`name` = :app_name''',
{'app_name': app_name, 'username': req.context['username']}).scalar()
if not has_permission:
raise HTTPForbidden('You don\'t have permissions to view this app\'s key.')
key = session.execute(
'SELECT `key` FROM `application` WHERE `name` = :app_name LIMIT 1',
{'app_name': app_name}).scalar()
if not key:
raise HTTPBadRequest('Key for this application not found')
session.close()
resp.body = ujson.dumps({'key': key})
评论列表
文章目录
