Listing messages with different From header

lvasiliev / smstools-http-api

HTTP API for smstools3

MIT License

22 stars 15 forks source link

Listing messages with different From header #3

Closed mordae closed 8 years ago

mordae commented 8 years ago

Hi, I had to remove this check in our fork because:

Incoming messages have From field indicating sender's phone number.
Our auditing application needs to see all messages to stash them in a DB.
All messages are listed, but only some can be accessed.

What is your use-case?

lvasiliev commented 8 years ago

I thought that in this case the incoming messages won't be available. I think, for your case need to create new ADMIN_ACCOUNTS variable:

if result['From'] == auth.username() or auth.username() in current_app.config['ADMIN_ACCOUNTS']:
    return jsonify(result)
else:
    return forbidden(None)

In our use case, we provide access to smstools api and users from our company can send sms (monitoring, CI, etc). But we don't want if messages are read by other users.

lvasiliev commented 8 years ago

Why don't you write sms data to the database from smstools api? It's easier.

mordae commented 8 years ago

Perhaps, but smstools-http-api is a nice fit for our library system already and the auditing app is nicely decoupled from it.

lvasiliev commented 8 years ago

Now I add options ADMIN_ACCOUNTS for fix this issue.