Merge "403 status code added"

2014-06-26 16:42:01 +00:00 · 2014-06-26 16:42:01 +00:00 · f0ed6e02a0
commit f0ed6e02a0
parent 7c3ec8bc05 1e02102e5b
1 changed files with 4 additions and 0 deletions
--- a/storyboard/api/auth/authorization_checks.py
+++ b/storyboard/api/auth/authorization_checks.py
@ -13,6 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+from pecan import abort
 from pecan import request

 from storyboard.api.auth.token_storage import storage
@ -55,4 +56,7 @@ def superuser():
    token_info = token_storage.get_access_token_info(token)
    user = user_api.user_get(token_info.user_id)

+    if not user.is_superuser:
+        abort(403, "This action is limited to superusers only.")
+
    return user.is_superuser