A client should be able to find out whether it's displaying all or only some events; whether it can modify the events; and whether it should display a “sign in” affordance.
These could be separate flags (this is probably more future-proof), or a single flag. The data could be transmitted as the result of a new API call; extra content that is the /events (and other?) JSON response includes; or HTTP response headers that are returned with every API call.
The intent is to enable olinlibrary/abe-web#92, olinlibrary/abe-web#175, and olinlibrary/abe-web#179.
ABE Auth Design contains a couple of proposals for this. Assume we use proposal A. Then the implementation plan would look something like this:
Add a account_resources.py, modeled after one of the other *_resources.py files.
Add a line to app.py, to add the namespace for account_api
account_resources.py defines an account_model that has the fields: authenticated is boolean; permissions is a list of strings.
The new AccountApi has a single get method, with no arguments (other than self). It returns a JSON object, with authenticated and permissions properties.
You'll need to find out whether the request is coming from an authenticated client. check_auth(request) should do this, where check_auth is imported from abe.auth and request is imported from flask.
auth_tests.py can be modeled on say test_events.py (but it just needs to test get). There's code in test_post_auth in that file that demonstrates how to make a client call that isn't authenticated, followed by one that is authenticated. Once a client is authenticated, it remains that way for the duration of the test method.
A client should be able to find out whether it's displaying all or only some events; whether it can modify the events; and whether it should display a “sign in” affordance.
These could be separate flags (this is probably more future-proof), or a single flag. The data could be transmitted as the result of a new API call; extra content that is the
/events(and other?) JSON response includes; or HTTP response headers that are returned with every API call.The intent is to enable olinlibrary/abe-web#92, olinlibrary/abe-web#175, and olinlibrary/abe-web#179.
ABE Auth Design contains a couple of proposals for this. Assume we use proposal A. Then the implementation plan would look something like this:
account_resources.py, modeled after one of the other*_resources.pyfiles.app.py, to add the namespace foraccount_apiaccount_resources.pydefines anaccount_modelthat has the fields:authenticatedis boolean;permissionsis a list of strings.AccountApihas a singlegetmethod, with no arguments (other thanself). It returns a JSON object, withauthenticatedandpermissionsproperties.check_auth(request)should do this, wherecheck_authis imported fromabe.authandrequestis imported fromflask.auth_tests.pycan be modeled on saytest_events.py(but it just needs to testget). There's code intest_post_authin that file that demonstrates how to make a client call that isn't authenticated, followed by one that is authenticated. Once a client is authenticated, it remains that way for the duration of the test method.