From a9133e72d5fc1343a656256cf90f2e42f145d18f Mon Sep 17 00:00:00 2001 From: Anthony Michon Date: Wed, 5 Aug 2015 14:00:51 +0200 Subject: [PATCH] Check prefix path is member route Change-Id: I20c0bb159eef04bc88d208a3d4853d6b190c1dae --- cerberus/api/hooks.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/cerberus/api/hooks.py b/cerberus/api/hooks.py index 7c7d9af..be6e02a 100644 --- a/cerberus/api/hooks.py +++ b/cerberus/api/hooks.py @@ -100,11 +100,17 @@ class AuthorizationHook(hooks.PecanHook): self.member_routes = member_routes super(AuthorizationHook, self).__init__() + def is_path_in_routes(self, path): + for p in self.member_routes: + if path.startswith(p): + return True + return False + def before(self, state): ctx = state.request.context if not ctx.is_admin and not ctx.is_public_api and \ - state.request.path not in self.member_routes: + not self.is_path_in_routes(state.request.path): raise exc.HTTPForbidden()